|
WINDOWS FORENSIC TOOLCHEST™ (WFT) FEATURES
| Windows Forensic Toolchest™ (WFT) Features |
2.X |
3.X |
| Provides Structured And Repeatable Live Forensic Response, Incident Response, Or Audit |
 |
|
| Generation Of Both Raw Text And HTML Reports |
|
|
| User-Editable Config File Controls Execution |
|
|
| Ability To Run Locally, Via CD/DVD, Or Thumb Drive |
|
|
| Configurable Toolpath |
|
|
| Macros Which Expand Dynamically Based On Run-Time Values |
|
|
| Detailed Run-Time Logging |
|
|
| Verification Of All Executed Tools |
|
|
| Detailed Hashing Of Output |
|
|
| Support For MD5 Hash |
|
|
| Support For SHA1 Hash |
|
|
| Ability To Verify WFT Config Files |
|
|
| Automatic Updating Of WFT Hash Values For Tools |
|
|
| WFT's Interactive Mode Provides Command-Line Alternative |
|
|
| Off-Line Report Generation Saves Time During Collection |
|
|
| Ability To Run SysInternals Tools Without ‘-accepteula’ |
|
|
| Color Output Highlights Important Info |
|
|
| Automatic OS & Drive Detection |
|
|
| Ability To Run Commands Based On Run-Time OS |
|
|
| Ability To Fetch 3rd-Party Tools |
|
|
| Ability To Download Latest WFT |
|
|
|
