Preamble

This KB contains the steps to configure the URL that is used to point FTKC and FTKPlus to the KFF server. We need to configure the key in the ADG.WebLabSelfHost.exe.conf. These are the same steps required for older installations of QUIN-C and QView.

Just pay attention of the version used, in the example of the full file path below it is the 7.5 version

eg.

C:\Program Files\AccessData\Forensic Tools\7.5\bin\ADG.WeblabSelfHost.exe.config

Prerequisites

A KFF server should have already been installed, if the server is installed remotely (i.e. on a different Server than that running FTKC) the server would need to have been installed with the Enabled for Remote Use check box being checked during the KFF installation. Failure to have it installed correctly would set the RPC bind for the Cassandra database on that machine to localhost and not allow remote connections to the KFF server.

KFF Hash Sets should also have been installed, although it not a requirement, helps to confirm that it is working.

Current Know Limitations

At the time of writing there are still some limitations with the Manage KFF in FTKC

1) You are currently unable to associate any Hash Sets to the Default Group. The Default group is locked in the Database to prevent the group from being deleted, the code needs to correctly interpret this flag and still allow users to associate or disassociate hash sets form the default group.

2) Selecting the trash can next to a hash set in the KFF Groups will result in the hash set being deleted from the Cassandra Database and not disassociate the hash set as one would think.

Steps for FTKC and FTKPlus

1) Make a copy of the FTKC (Exterro Service) configuration file ADG.WeblabSelfHost.exe.config located in the bin directory to a backup location, this is required should you need to rollback, or should any errors occur while performing the updates.

2) Locate the KFFServerURL key entry and change the URL to point to the KFF server IP Address or FQDN. The default value is localhost, meaning that KFF is installed on the local machine that is also running the Exterro webservice for FTKC. If it is running on the same server no action will be required.

Default value

 

eg (NetBIOS name in Example is KFF-ALL-NIST)

 

3) Once the change has been made, save the ADG.WeblabSelfHost.exe.config file and exit.

4) Restart the "AccessData Exterro Self Host Service" in the Windows Services, wait for the service to show as "Running" before proceeding.

5) Log into FTKC select the Administration/Configuration icon (Gear Cog next to the User name) as below

https://s3.amazonaws.com/cdn.freshdesk.com/data/helpdesk/attachments/production/69009875373/original/setting.JPG?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAS6FNSMY2XLZULJPI%2F20210926%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20210926T163633Z&X-Amz-Expires=300&X-Amz-SignedHeaders=host&X-Amz-Signature=60b396b58f54971939c9b52c5addd32e36d5d362c4d80258c8e8af54e8b17e2a

6) Select "System Management" button just below the user name on the Administration page. Then you should see the "Hash Sets" and "KFF Groups". If there are preconfigured or installed Hash Sets they will be visible if configuration is correct

eg. Hash Sets that have been loaded on this KFF Instance

https://s3.amazonaws.com/cdn.freshdesk.com/data/helpdesk/attachments/production/69009875374/original/hash_sets.JPG?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAS6FNSMY2XLZULJPI%2F20210926%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20210926T163633Z&X-Amz-Expires=300&X-Amz-SignedHeaders=host&X-Amz-Signature=47dad436feebfc6a32afdb4cf734bbab67a100bc5ef2147be443a589a6e8fc8a

7) Select the KFF Groups should you wish to View or Create new Hash Groups. Hash Groups are what is visible in the drop down in Processing Option when checking the KFF check box in either FTKC or FTKPlus. If you create a new group in the window you will need to associate the hash set or sets to the group. to associate expand the Hash group by clicking on the + Symbol as can be seen in the example below

eg. configured groups.

https://s3.amazonaws.com/cdn.freshdesk.com/data/helpdesk/attachments/production/69009875375/original/hash_Groups.JPG?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAS6FNSMY2XLZULJPI%2F20210926%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20210926T163633Z&X-Amz-Expires=300&X-Amz-SignedHeaders=host&X-Amz-Signature=bd0279cf90ae09c74aa4ad8ab96eca5fca5ac139c9183773cc9fb768f932f84e

8)You can now select the Associate button as seen in the example below

eg

https://s3.amazonaws.com/cdn.freshdesk.com/data/helpdesk/attachments/production/69009875376/original/Associate.JPG?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAS6FNSMY2XLZULJPI%2F20210926%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20210926T163633Z&X-Amz-Expires=300&X-Amz-SignedHeaders=host&X-Amz-Signature=f7eb3fc25986c198bb5580a7216b2a805a59e7d694170e4ae6ab54d418c9ac0f

9) Select one or multiple hash sets and then click on associate

https://s3.amazonaws.com/cdn.freshdesk.com/data/helpdesk/attachments/production/69009875377/original/associate-2.JPG?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAS6FNSMY2XLZULJPI%2F20210926%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20210926T163633Z&X-Amz-Expires=300&X-Amz-SignedHeaders=host&X-Amz-Signature=d61592c5cf4742e1e3a2ba30b14e32392a351a16d8fa19c612e789751f908a6d

10) An example of the drop down showing Groups in FTKC processing options

https://s3.amazonaws.com/cdn.freshdesk.com/data/helpdesk/attachments/production/69009875378/original/FTKC_Example.JPG?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAS6FNSMY2XLZULJPI%2F20210926%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20210926T163633Z&X-Amz-Expires=300&X-Amz-SignedHeaders=host&X-Amz-Signature=e6eb2ad53004f64d5efa59c48301ef25403faa2fe745ea791f994d209f11f9ab

11) Similarly an Example for FTKPlus as it uses the same key as that configured for FTKPlus

https://s3.amazonaws.com/cdn.freshdesk.com/data/helpdesk/attachments/production/69009875379/original/FTKPlus.JPG?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAS6FNSMY2XLZULJPI%2F20210926%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20210926T163633Z&X-Amz-Expires=300&X-Amz-SignedHeaders=host&X-Amz-Signature=ab4662d4b903f5a7f28b06ceb1b6dbfdec8499ccde925c09265b9096ed3baac0