What the Tech? FTK Features That Might Surprise You
Whether you are new to FTK or you've been using it for years, you might be surprised by some of the features in this very powerful tool. In this webinar, you will learn:

• When to leverage live search, index search and filtered file system search—

o With Live search you can search non-alphanumeric characters as well as perform pattern searches such as regular expressions and hex values:

Text—a search using the exact typed text with no operands.

Hexidecimal (Hex)—Use this to search for repeating instances of data in Hex-format and to save it to an XML file for re-use.

Pattern (Regex)— search through large quantities of text information for repeating strings of data such as telephone numbers, SSN, etc.

o Index searches are instantaneous and compare search terms to an index file containing discrete words or number strings found in the allocated and unallocated space in the case evidence. We’ll talk about index processing, which is a very important step in the process as well as:

dtSearch tool—quickly search gigabytes of information using operators.

TR1 expressions—search for advanced combinations of characters with results appearing in the filter view.

o Filtered file system—when using AD Enterprise, users can include filters such as file content, use regular expressions and advanced options like auto drill down.

• How to analyze volatile data from servers and endpoints—use AD Enterprise to analyze RAM by indexing the content and searching using keywords, operators, expressions or a combination of all.

• Real life case studies and examples from recent investigations.

This webinar is full of valuable and helpful information to help you reduce your cases sizes, concentrate on relevant artifacts and ultimately find the evidence.

Oct 28, 2020 10:00 AM in Central Time (US and Canada)

Michael Lappin
Vice President, Technical Engineering - NAM @AccessData
Tim Stommel
Sr. Instructor @AccessData