Windows Forensic Toolchest™ (WFT) Features 2.X 3.X
Provides Structured And Repeatable Live Forensic Response, Incident Response, Or Audit X X
Generation Of Both Raw Text And HTML Reports X X
User-Editable Config File Controls Execution X X
Ability To Run Locally, Via CD/DVD, Or Thumb Drive X X
Configurable Toolpath X X
Macros Which Expand Dynamically Based On Run-Time Values X X
Detailed Run-Time Logging X X
Verification Of All Executed Tools X X
Detailed Hashing Of Output X X
Support For MD5 Hash X X
Support For SHA1 Hash   X
Ability To Verify WFT Config Files X X
Automatic Updating Of WFT Hash Values For Tools X X
WFT's Interactive Mode Provides Command-Line Alternative   X
Off-Line Report Generation Saves Time During Collection   X
Ability To Run SysInternals Tools Without ‘-accepteula’   X
Color Output Highlights Important Info   X
Automatic OS & Drive Detection   X
Ability To Run Commands Based On Run-Time OS   X
Ability To Fetch 3rd-Party Tools   X
Ability To Download Latest WFT   X