AccessData Releases New Version of AD Enterprise with Enhanced Post-Breach Analysis Capabilities

Tuesday, May 8, 2018 - 11:34

AccessData Group, a leading provider of integrated digital forensics and e-discovery software, announced the release of AD Enterprise 6.5, a new version of its robust software tool for managing internal forensic investigations and post-breach analysis.

“AccessData has taken the time to really understand their clients’ challenges and build enhancements into the product that will address those specific concerns. Having such a robust feature set in a single solution will significantly improve our post-breach analysis efforts and speed our investigations.”

The new release features enhancements to the software product’s existing post-breach analysis capabilities, including more thorough “memory analysis” searches for malware, targeted data preview and collection of all complex data types directly at the user endpoint, and improvements to the user interface that streamline investigations.

AD Enterprise 6.5 provides even deeper visibility into data so organizations can investigate the causes and potential implications of a data breach, then act swiftly to conduct their post-breach analysis and execute crucial response actions,” said Tod Ewasko, Director of Product Management at AccessData. “This is the only solution in the marketplace that can perform comprehensive end-to-end post-breach forensic investigations within a single tool by collecting all sorts of complex data types directly at the endpoint. Unlike other solutions, no third-party software or complex scripting languages are needed in conjunction with AD Enterprise to manage the network investigation and post-breach analysis.”

AD Enterprise is one of the industry’s leading software platforms for managing large-scale forensic investigations. The product gives deep visibility into data residing on enterprise networks and employee devices so that IT executives and information security professionals can work with digital forensics experts to investigate possible employee wrongdoing, fact-check a whistleblower’s claims, respond to government inquiries or conduct post-breach analysis.

Highlights of AD Enterprise 6.5 include:

  • Live memory analysis — Enhanced searching capabilities enable users to conduct more thorough “memory analysis” in the aftermath of a breach, identifying possible malware that has been left behind on the network, which improves the speed of the response and reduces chain of custody risk during the investigation.
  • Targeted preview and collection — A remote agent deployed by the software product enables the preview of live data at the endpoint, anywhere across the enterprise, so investigators can then determine what data should be collected. This saves time as well as storage costs, since only data critical to the case needs to be pulled back and ingested into the tool for analysis.
  • Tasking collaboration among investigators — Built-in collaboration features enable investigators to communicate with each other and across departments to share notes, tasks, and escalate incidents, directly within the product.
  • Parsing additions — The addition of several new parsers helps investigators analyze even more data types. A few of the new parsers include Windows registry activity, several SSH Parsers, Net Logon events, and parsers for Android™ including Google™ Hangouts, Kik, contacts from address books, calendars, SMS and call logs.

AccessData has been previewing the latest features with its clients throughout the development process to ensure the new enhancements will address their post-breach analysis needs.

“I have been impressed with the responsive development culture of AccessData, particularly with the recent release of AD Enterprise 6.5,” said Thomas Jenkins, senior incident response engineer with a Fortune 500® utility company. “AccessData has taken the time to really understand their clients’ challenges and build enhancements into the product that will address those specific concerns. Having such a robust feature set in a single solution will significantly improve our post-breach analysis efforts and speed our investigations.”

For more information about AD Enterprise 6.5, please go to https://accessdata.com/products-services/ad-enterprise.