Group, a leading provider of integrated digital forensics and
e-discovery software, today announced the release of AD Enterprise 7.1,
a new version of its software for managing internal forensic
investigations and post-breach analysis that contains first-to-market
integration with cybersecurity platforms to automate the early stages of
“When your company’s data has been breached, it is critical to maximize
the speed of your incident response and conduct rapid preservation of
electronic evidence, all while minimizing the impact on business
operations,” said Tod Ewasko, vice president of technical engineering at
AccessData. “The new version of AD Enterprise automates the previously
time-intensive manual process of launching the investigative workflow.
This is the first forensic investigation management software product to
offer an API that integrates seamlessly with a company’s cybersecurity
platform of choice to kick off a post-breach investigation from the
first moments after an intrusion has been detected.”
The API, which is available as an add-on option, enables a secure
connection between a client’s cyber platform (e.g., Demisto, Phantom,
etc.) and AD Enterprise. If the cybersecurity software detects an
attack, it sends an alert that is received by AD Enterprise, which
initiates a collection job at a designated endpoint. This saves precious
time in the initial stages of the incident response by preserving data
relating to the root cause of the breach.
“The new AccessData release contains a critical API option that will
allow our team to integrate our SIEM platform with our forensic
platform,” said Scott Sattler, forensic consultant from SecureLabs.net.
“This capability enables us to perform automated response to events
detected with SIEM platforms, such as Arcsight or Splunk. This feature
will save about 40 minutes of analyst time per incident. The API
integration with our SIEM is an important force-multiplier for our
existing staff by leveraging the power of automation.”
Other new features built into AD Enterprise 7.1 include parsing support
for APFS (Apple File System), added encryption support for Dell Data
Centric and Full Disk Encryption, Python scripting enhancements and nine
new parsers for mobile data analysis.
Enterprise is the only solution in the marketplace that can perform
comprehensive end-to-end post-breach forensic investigations within a
single tool by collecting all sorts of complex data types directly at
the endpoint, performing memory analysis and executing targeted
collections on any file attribute,” said Ewasko.
For more information about the AD Enterprise 7.1 enhancements, please
FTK and AD Lab
AccessData also rolled out new versions of its FTK and AD Lab software
products, the company’s digital forensics tools for law enforcement
agencies and public sector investigative teams. FTK
(Forensic Toolkit®) is a court-cited digital investigations software
tool built to help customers find relevant evidence faster, dramatically
increase analysis speed and reduce backlogs. AD
Lab is a large-scale investigations and processing engine that
enables computer forensics labs of all sizes to provide their teams with
collaborative analysis, centralized case management and web-based
review, thereby dramatically streamlining the investigative process.
FTK 7.1 and AD Lab 7.1 both include new features for image recognition
and facial recognition, which allow investigators to train the software
to find objects within images. So instead of looking through each image
or a large panel of thumbnail images, the software can now rely on
machine learning to surface specific individuals.
“The new versions of FTK and AD Lab leverage the power of machine
learning technology and image recognition software to more quickly find
similar images across various data sets, which saves substantial time
during an investigation,” said Ewasko. “Moreover, enhanced mobile
analysis capabilities added to both products means that investigators
don’t need to waste time toggling between tools. Now all mobile data
analysis can be performed in a single trusted solution.”
Other new features developed for FTK 7.1 and AD Lab 7.1 include full API
support that enables users to integrate the tools with other software
systems (e.g., case management, e-discovery, etc.) and allows for easier
transfer of data in the JSON format, as well as new load file templates.
For more information about the FTK 7.1 and AD Lab 7.1 enhancements,
please click here.
Whether it’s for investigation, litigation or compliance, AccessData®
offers industry-leading solutions that put the power of forensics in
your hands. For more than 30 years, AccessData has worked with more than
130,000 customers in law enforcement, government agencies, corporations
and law firms around the world, providing both stand-alone and
enterprise-class solutions that can synergistically work together. The
company is backed by Sorenson Capital, a leading private equity firm
focused on high-growth portfolios. For more information on AccessData,
please go to www.accessdata.com.