AccessData Enterprise

AccessData® Enterprise takes network-enabled digital investigations to the next level. Built on our industry-standard, court-accepted Forensic Toolkit® technology, AD Enterprise delivers state-of-the-art incident response and deep dive analysis of both volatile and static data. An intuitive incident response console, secure batch remediation, unsurpassed searching and filtering, and comprehensive logging and reporting are just a few of the reasons AD Enterprise is the investigative tool of choice among government agencies and Fortune 500 companies.

The ability to forensically analyze multiple computers across your enterprise simultaneously is critical when performing root cause analysis and internal investigations. Furthermore, proactive use of this technology allows you to detect threats that have circumvented the typical signature-based tools, such as antivirus, intrusion detection and other alerting systems.

Detect, Analyze and Remediate Malware, Advanced Persistent Threats and Zero-Day Events

Proactively or reactively scan thousands of computers identify rogue processes (even those that are hidden) and anomalous activity. Analyze the compromise to understand how it operates, conduct a network-wide compromise assessment to identify all affected nodes AND remediate all compromised computers from a central location.

Detect and Stealthily Investigate Fraud, Data Theft and Other Employee Misconduct

AD Enterprise gives you visibility into all activity on your employee computers, network shares and peripheral devices. Investigative tasks will continue to be performed, whether suspect employees are logged into your network or not…. whether they are online or not… and information will be sent back to you every time they go online.

Facilitate Regulatory Compliance

Visibility into desktops, laptops, peripheral devices and network shares allows you to maintain compliance with regulations, such as Sarbanes-Oxley, PCI requirements, HIPAA, FISMA, and internal policies.

Detect and Quickly Respond to Unapproved Application Use

Scan thousands of machines for unapproved processes, and if policies allow, IT personnel with the proper credentials can simply right-click to kill a specific process or schedule a batch remediation to quickly remediate thousands of computers running unapproved or unknown applications.

The Most Comprehensive and Effecient Enterprise-class Computer Forensics Software

• AD Enterprise delivers the same extensive analysis capabilities of FTK 4.
  • Apple® OS machines
  • Memory/volatile data – including memory string searching
  • Support for 700+ image, archive and file types
  • Broad encryption support, including identification of encrypted PDFs
  • And more…
• Distributed processing allows you to forensically process massive amounts of data in hours instead of days.
• The industry’s first one-click acquisition of hard drives, RAM and volatile data.
• Automated Batch Acquisition of devices and RAM to streamline large, multi-node evidence collections.
• Thorough data capture includes individual files, deleted files, unallocated space and logical volumes.
• Easy-to-use data processing wizard that automatically categorizes, indexes and exposes data.
• Market-leading decryption, password recovery and cracking technology.

A Secure, FIPS 140-2 Certified Solution

• To ensure that inter-component communication is secure, and that only authorized entities can communicate with the Agent, industry-standard x509 certificates and a FIPS 140-2 certified SSL encryption engine are leveraged.
• Control access by defining on a user basis which type of investigative operation can be performed and on which nodes.
• Track all administrative operations.
• Keep detailed logs, on a user basis, of investigative operations.

Powerful Incident Response Software, Including Deep Analysis of All Live Processes

• Analyze volatile memory on both 32-bit and 64-bit Windows operating systems.
• Advanced agent-side search and analysis of live memory on Windows machines.
• Correlate static forensic data and volatile incident response data within the same interface.
• Incident response console enables rapid review and analysis of key volatile data elements across machines and across time.
• Integrated analysis and forensic collection of network shares.
• GUI-integrated, secure remediation.
  • Right-click process kill during.
  • Batch Remediation allows you to remediate threats on multiple machines at the same time, which is critical in combatting fast-proliferating threats.

Ease of Use, Stability and Process-oriented Workflow

• Active directory and ePO integration.
• Web-based management server enforces granular role-based cyber security.
• Rich, wizard-driven reporting on static and volatile data.
• Agent Resource and Bandwidth Throttling: low is super stealth and high is for speed.
• Users are not confined to proprietary technology: AD Enterprise supports EnCase evidence files, AD evidence files, DD and more.
• No scripting required. All functionality is in the GUI.
• Database backend allows you to handle massive data sets, delivering case management, metadata storage and robust data manipulation capabilities.
• True Auto Save/Recovery functionality
• Modular Intelligent Agent — no need to uninstall and reinstall when you upgrade functionality.