AccessData announced the release of Forensic Toolkit (FTK) 3.1, which delivers several new enhancements.

First, FTK now provides Optical Character Recognition (OCR) out of the box. This means that forensic examiners are now able to index and search the text found in graphics files, such as PDFs and TIFFs, greatly enhancing their ability to zero in on critical evidence. Traditionally, a forensic examiner would have to use a separate OCR tool to pull text out of graphics files found on seized hard drives, then dump the text files that were generated by the OCR product back into the computer forensics tool, in order to be able to index the content and search it.

Second, FTK now enables the native encryption, decryption and processing of encrypted forensic evidence archives, such as AD1, E0 and S01. Prior to this feature, examiners had to manually encrypt and decrypt the evidence as a secondary process or purchase special hardware. This often meant that evidence was never encrypted as part of a standard process, increasing risk during transport and storage. Now, examiners can quickly and easily as part of an integrated process encrypt, decrypt and process evidence without the use of additional software or hardware. Other new features found in FTK 3.1 include the following:

Evidence Groups: Examiners can now create evidence groups, associating various pieces of evidence together, then perform targeted viewing, filtering and searching, based on those groups.

Filter Manager: Forensic examiners can now easily create, apply, and manage filters. Filters allow examiners to search and view data based on very specific criteria. FTK allows examiners to easily combine more than 300 attributes to create inclusion and exclusion filters that are as complex as a forensic examiner needs them to be.

Custom File Categories: Users can customize how evidence items are automatically categorized within FTK. For example, examiners who do a lot of media examinations can define which file types should be part of which categories. Once data is processed, it is automatically put into the categories the user has defined.

Soft Dongles: Examiners now have the option to use new software-based token licensing instead of requiring hardware dongles.