TABLE OF CONTENTS






Administrating FTK Central

Administration Portal

Administration Portal allows you to manage Users, User Groups, Permissions and Roles. Additionally, you can configure the System Settings such as the Site Server, agents, mail servers, certificates, and also monitor application health metrics.

 



Tip:  To filter the grid efficiently, you can simply enter a keyword into the search box  located at the top of any grid and click the search button or press enter.


 

 

User Management

Every user using FTK Central must log in with a user account. Each account has a username and password. Administrators create this user accounts for users and provide appropriate permissions. You can manage users and their groups, permissions, monitor their activity on the application from this page.

 

Elements of User Management

Users

User Groups

Assigning Roles

Case-Level Permission

 


 

 

Users 

A user is any person who logs in and performs tasks in the FTK Central. You can assign users different with permissions based on the tasks that you want them to perform. The permissions that a user has affects the items that they see and the tasks that they can perform in the application. You assign permissions to a user by configuring roles and then associating users, or groups of users, to those roles.

Adding Users

To add a user:

  1. From the home page, click Settings from the top-right corner.
  • The Administration page is displayed.

    2. Click Add User.

  • The Create User page is displayed.

3. Enter the First Name of the user.

4. Enter the Last Name of the user.

5. Provide a User Name.

6. Provide a Password.




Warning: The below provided are the Password complexity requirements:
  • Should contain at least 8 characters.
  • Should contain at least 1 uppercase letter.
  • Should contain at least 1 number.
  • Should contain at least 1 special character.

 

7. Repeat the same in Confirm Password.

8. Enter the Email address of the user.

 

9. Select the roles to be associated for the user from Role Mapping.

10. Select the cases to be associated for the user from Case Mapping.

11. Select the groups for the user to which the user has to be associated from the Users Group Mapping.

12. Click Add User.




Importing Users from Active Directory


Warning: You have to configure Active Directory before proceeding to this section.

 

To import users from an Active Directory:

  1. From the home page, click Settings from the top-right corner.
  2. Click Import from AD.
  • The Import Users From Active Directory page is displayed.

3. Select the required Active Directory from the drop-down.

4. Enable the checkbox against the users to be imported.

5. Click OK.




Notes:  
  • The imported users from Active Directory will be indicated with AD Users  against it on the Manage Users page.
 
  • When Active Directory users are deleted, FTK Central will deactivate the corresponding users’ account in the application upon resynchronization.


 


 

Activating/Deactivating Users

FTK Central allows you to change the status of users to Inactive thereby making them unable to use the application. By default, all users are created in Active status, however you can change the status to Active or Inactive whenever required. 

To activate/deactivate a user:

  1. From the home page, click Settings from the top-right corner.
  2. Click Edit against the user to be edited.

 

  • The Update User page is displayed.

3. Toggle to set the user as Active or Inactive.

4. Click Update.


 

Editing Users

To edit a user:

  1. From the home page, click Settings from the top-right corner.
  2. Click Edit icon against the user to be edited.

  • The Update User page is displayed.

    3. Make the necessary changes.



Warning: You can edit the Username only for the non-admin users and cannot be edited for the admin users.

 

    4. Click Update.


 


Deleting Users

To delete a user:

  1. From the home page, click Settings from the top-right corner.
  2. Click Delete icon against the user to be deleted.

 

  • The Please confirm pop-up is displayed.

    3. Click Yes.




User Groups Management

User Groups allow you to consolidate the set of users who perform the same tasks. Categorizing users into groups makes it easier to assign and manage case permissions for users. Grouping helps you assign permissions to a set of users reviewing the same case at once. You can group users of different roles into one User Group.



Creating User Groups

To create a user group:

  1. From the home page, click Settings from the top-right corner.
  2. Navigate to the User Groups tab.

 

    3. Click Create Group.

  • The Create Group page is displayed.

4. Provide a name for the group in Group Name.

5. Provide a Description for the group.

    6. Select the roles required for the group from Roles Assigned.

Note:  You can read what is a Role and how is it helpful from the Roles section, later in the document.

 

7. Select the users required for the group from Users Assigned.

8. Select the network share paths for the group from Network Share Paths.


Warning:  Assigning a user to specific Network Share Paths will allow them to navigate and use those paths within the application or ultimately limiting their access to them.


    9. Select the cases (case) to be associated for the group from Cases Assigned.

 

Warning: Assigning a user to specific cases will prevent the user accessing other cases. 


 

    10. Click Create Group.

 

Editing User Groups

To edit a user group:

1. From the home page, click Settings from the top-right corner.

2. Navigate to the User Groups tab.

 

3. Click on the user group to be edited. 

4. Click Edit.

 

5. Make the necessary changes.

6. Click Update Group.


 

 

Deleting User Groups

To delete a user group:

  1. From the home page, click Settings from the top-right corner.
  2. Navigate to the User Groups tab.

 

    3. Click Delete  against the user group to be deleted.

  • The Please confirm pop-up is displayed.

    4. Click Yes.


 

 

Assigning Roles

A Role is a combination of various permissions required for a user to perform the actions intended. You can assign different permissions to different roles, based on the tasks that you want them to perform. The permissions determine what a user sees and the actions the user performs on the application. Moreover, the cases and options that the users of a particular role see on the application is determined by the permissions enabled for the user/user group. 

FTK Central provides the following three default Roles:

  • Administrator - To manage the whole application. Users in this role will be provided with all the permissions to manage the application.
  • Power User - To aid in managing the application. Users in this role will be provided with permissions to create, edit, manage users, and user groups.
  • Users - To only reviews files in a case. This role grants the user permissions for create/edit cases and files in it.

 

Note:  Only the users with ‘System Management’ permission will be able to access the System Management Settings.

 

However, you can create any number of additional role types with combination of the any of the following permissions as required by your organization:

Permission GroupDefinition

General Management

User Management

Create, delete and edit users.

Create Custodians

Create custodians.

Delete Custodians

Delete custodians

Manage Data Sources

Create, delete and edit data sources.

Activity Log Access

View activity log within FTK Central.

Manage Templates

Edit role templates.

Assign Users to a Case

Required with User Management permission and vice versa to assign users to a case.

Database Management

Add additional databases.

Case/Project Admin

Case/Project Admin

Full rights to all functionality on a case-level basis.

Case

Create/Edit Case

Create and edit cases.

Delete Case

Delete cases.

View Case Jobs

View case jobs in the job status menu.

Manage Case Custodians

Add and remove custodians within Case Summary.

Manage Evidence

Add and remove evidence within Case Summary.

Backup/Restore Cases

Backup cases from the case list context menu.

Restore Cases from Backup/Restore

Restore cases from the case list context menu.

Create Case Dashboards

Create and edit case dashboards.

Assign Users to a Case

Assign users to a case during case creation.

Exports

Create Export

Create exports using the export wizard.

Delete Export

Delete created exports.

Export Item Grid

Export records within the grid.

Search & Review

View Files List

View the review grid.

View Natives

View files in the viewer in native format.

View Text

View files in the viewer as text.

View Coding Panel

View coding panel within review.

Edit Documents

Edit documents within review.

Manage Tags

Create and rename tags within the Tags menu.

Delete Tags

Delete tags within the Tags menu.

Manage Tag Permissions

Assign permissions for tag values.

View Tags

View tags within the Tags menu.

Assign Tags

Assign tags to a document.

View Privileged Documents

View flagged privileged documents.

View Ignored Documents

View flagged ignored documents.

Flag Document as Privileged

Flag documents as privileged within the context menu.

Flag Document as Ignored

Flag documents as ignorable within the context menu.

Manage Review Sets

Create and edit review sets within Batch Administration.

Delete Review Sets

Delete batches within review sets within Batch Administration.

View Review Sets

View review sets and batches within Batch Administration.

Run Searches

Run searches in review mode.

Save Searches

Save searches that a user assigned with this permission makes.

Bulk Imaging

Bulk image documents using the context menu.

Download Files

Download files within review mode.

View Annotations

View annotations in native, image and text view within review mode.

Add Annotations

Add annotations within review mode but cannot view them unless assigned view permissions.

Delete Annotations

Delete annotations within review mode.

View Document History

View document history in the object attributes menu within review mode.

Manage Profiles

Create and edit profiles.

Litigation Hold

Approve Lit Holds

Approve configured litigation holds.

Manage Lit Holds

Manage litigation holds, including creating, viewing and deleting Litigation Holds.

View Lit Holds

View Litigation Holds.

Reports

View Data Report

View and create Processing Report types in the Reports wizard.

View Audit Report

View and create Event Report types in the Reports wizard.

Evidence Collection

Approve Collection Jobs

Approve collection jobs form the collections tab.

Create Collection Jobs

Create collection jobs from the Collections tab.

Delete Collection Jobs

Delete collections from the Collections tab.

Execute Collection Jobs

Execute collection jobs from the Collections tab.

Initiate Processing

Process files form a collection job.

FTK Connect

Add/Edit Automations

Create and edit automations in FTK Connect.

Delete Automations

Delete any automation created in FTK Connect.

Creating Roles

To create a role: 

  1. From the home page, click Settings from the top-right corner.
  2. Navigate to the Roles Permissions Mapping tab.

 

3. Click Create Role.

  • The Create Role page is displayed.

4. Provide a name for the role in Role Name.

5. Provide a Description for the role.

6. Enable the required permissions.

7. Navigate to Assign Users/User Groups.

8. Select the required Users and User groups.

  • The selected users and user groups will be displayed in the right-pane.

9. Click Create Role.

 

Assigning Users/Users Groups

You can assign a role to multiple users and user groups at once using this option.

To assign roles for users and user groups:

  1. From the home page, click Settings from the top-right corner.
  2. Navigate to the Roles Permissions Mapping tab.
  3. Select the required roles for which the users or user groups is to be assigned.
  4. Click Assign User/User Groups.
  • The Assign Users/User Groups page is displayed. 

5. Select the required users or user groups.

6. Click Assign Associations.


 

 

Editing Roles

To edit a role:

  1. From the home page, click Settings from the top-right corner.
  2. Navigate to the Roles Permissions Mapping tab.
  3. Click Edit icon against the role name to be edited.
  • The Assign Permissions tab of the Edit Role page is displayed.

4. Make the necessary changes.

5. Click Update Role.


 

 

Deleting Roles

To delete a role:

  1. From the home page, click Settings from the top-right corner.
  2. Navigate to the Roles Permissions Mapping tab.
  3. Click Delete icon against the role to be deleted.
  • The Please confirm pop-up is displayed.

4. Click Yes.


 

 

Viewing and Assigning Case-Level Permissions

To view the case-level permission (context menu) and assign roles:

  1. From the home page, click Case List.

 

2. Click the Context menu  against the required case.

3. Click Assign Case Roles.

  • The Assign Case Role prompt is displayed.

 

4. Click on the Assign Case Roles button  against the required user/group name.

  • The Additional roles for User/Groups prompt is displayed.

 

5. Check the applicable roles and click Save.



Note:  Roles that are disabled for selection are already assigned to a user at a global-level.

 

 

System Management

System management within the Administration Portal allows you to configure numerous options ranging from general application configuration, Site Server Console, email servers, agents, certificates, credentials, default options, health metrics, etc. These are global settings that affect the entire system.

 

Note:  Only the users with ‘System Management’ permission will be able to access the System Management Settings.

 


 

 

Elements of System Management

Configurations

Manage Certificates

Manage Credentials

Case Defaults

Site Server Console

 

System Log

 

Activity Log

 

Job Management

 


 

 

Configurations

Active Directory Configuration

This section allows you to configure Active Directory to synchronize and import users. After performing an initial sync, you can sync on a recurring schedule. You can also select to import one or more types of objects, such as Users and Groups. When the Active Directory is synchronized, users are imported and synchronization only occurs from Active directory to the application. It is to be noted that the changes are not synced only from the active directory to the application and not vice versa. 

You can also configure the system to send an email notification when a value in Active Directory is changed and synced. This can be helpful when you have a custodian in a Litigation Hold and the status of that user changes. For example, they may move locations or may no longer be employed. You configure the email notifications as part of the Active Directory sync setting. The notification email contains a time stamp, the name of the user that the change occurred for, the properties that changed, and the old and new values of the changed properties

When a user is deleted in active directory, the person is not deleted in FTK Central. Instead, the person is flagged as Deleted from Active Directory and still appears as a custodian. Data that is associated with the custodian is not impacted in any way.

Supported Methods:

  • Forms (Active Directory authentication) - Presents a login screen for users to provide their Active Directory credentials. Active Directory username should be in the format "domain\user".
  • IWA (Active Directory authentication) - Passes the credentials that the browser is running with (typically the credentials used to log into the machine).

 

To configure an active directory:

  1. From the home page, click Settings from the top-right corner.
  2. Navigate to the System Management tab.
  • The Active Directory Configuration page is displayed.

3. Provide the required details



Notes:  
  • When importing Groups, users within these groups will inherit any permissions associated to the imported group. However, these can be overridden by assigning a role or permission directly to a user. 
  • The Global Catalog option should be disabled while importing groups.


 

 

Primary Details

Fields

Description

Server

Enter the server name of a domain controller in the enterprise.

Use Global Catalog

Select to use the global catalog.

Port

Enter the connection port number used by Active Directory.

Note: The default port number is 389.

If you want to support synch with an entire Active Directory forest, set the port as 3268. Otherwise, the synch only collects information from one domain instead of the entire forest.

Note: The default ports for communicating with Active Directory are:

  • LDAP: 389
  • Secure LDAP(SSL): 636
  • Global Catalog: 3268
  • Secure Global Catalog(SSL): 3269

Base DN

Enter the starting point in the Active Directory hierarchy at which the search for users and groups begins. The Base DN (Distinguished Name) describes where to load users and groups.

For example, in the following base DN

dc=domain,dc=com

you would replace domain and com with the appropriate domain name to search for objects such as users, computers, contacts, groups, and file volumes.

User DN

Enter the distinguished name of the user that connects to the directory server.

For example, tjones or <domain>\tjones

Password

Enter the password that corresponds to the User DN account. This is the same password used when connecting to the directory server.

Active Directory Authentication

Select to enable authentication against Active Directory on login.

AD Sync Objects

You can select which types of objects to include or not include: Users, Groups, Computers, or Shares. All objects are selected by default. If you want to exclude objects from being synced, de-select those objects. This can be helpful to easily add new users only.

AD Sync Recurrence

Configure a daily recurrence by selecting or entering the time of day to start the sync. If a sync is in progress when the interval occurs, the interval is skipped to allow the current sync to complete.

Test Configuration

Click to test the current configuration to ensure proper communication exists with the Active Directory server.

AD Synchronization

Set to inactive by default.

 

4. Click Save and Next.


 

Active Directory Details

5. Select the Custodian Fields to be mapped from the fields on the active directory.

 

Fields

Description

First Name

The first name of the person. 

Middle Name 

The middle initial of the person

Last Name

The last name of the person. 

Username 

The computer username of the person. 

Email

The email address of the person. This will be retrieved from the Active Directory.

Domain 

The network domain to which the person belongs.

Notes Username

The username of the person as it appears in their Lotus Notes Directory.

A Lotus Notes username is typically formatted as Firstname Lastname/Organization as in the following example:

  • Pat Ng/ICM

 

 

6. Click Save and Next.

 


Notification Settings

You can select which Active Directory fields you want to be notified about when changes occur and which application users to send an email to. The notification email contains a time stamp, the name of the user that the change occurred for, the properties that changed, and the old and new values of the changed properties.

  1. Select the Active Directories to be Notified.
  2. Select the users to be notified.
  3. Click Save and Next.


 

Sync Configuration

  1. Click Sync Active Directory.

 

Create Notifications

You can configure event notifications for certain system events. You select which type of event for which you want a notification and the users to whom the notification is sent. 


To create a job notification:

  1. From the home page, click Settings button  from the top-right corner.
  • The Administration page is displayed.

2. Navigate to the System Management tab.

3. Click Create Notifications from the left pane of Configuration section.

4. Select Create Event Notifications.

 

 

5. Check the required job types.

6. Click Map Users.

7. Select the required users whose actions within the application should be notified.


Note:  You can click on Add More Email IDs to assign email addresses that may not pertain to a user account. These email addresses will be notified when a user event has taken place.

 

 

8. Click Save.

Note:  You can click on the Edit  or Delete  icon to edit or delete the event notifications respectively.

 



Email Server

You can configure the Email Notification Server so that you create and send notification emails.

To create an email server:

  1. From the home page, click Settings from the top-right corner.
  2. Navigate to the System Management tab.
  3. Click Email Server
  • The Email Server page is displayed.

4. Enter the SMTP Server Configuration, i.e., the address of the SMTP mail server (for example, smtpserver.domain.com or server1) on which you have a valid account. 

 

Warning:  You must have an SMTP-compliant email system, such as a POP3 mail server to receive notification messages from the application.

 

5. Enter the SMTP Port number.

Note:  Port 25 is the standard non-SSL SMTP port. However, if a connection is not established with default port 25, contact the email server administrator to get the correct port number.


6. Enable the SMTP SSL checkbox to encrypt the communication.

7. Provide the Username, i.e., the email address of the sender account.

8. Provide the Password of the sender account

9. Enter the same in the Confirm Password field.

10. Click Save.




Manage Certificates

Management of certificates can be done within the configuration page. These certificates will encrypt the data.

 

EFS Certificates

EFS is a file system driver that provides file system-level encryption in most Microsoft Windows operating systems. Files are transparently encrypted on NTFS file systems to protect confidential data from attackers with physical access to the computer. To decrypt the EFS files so that the system can process them, you will need to configure an EFS certificate. 


To manage EFS certificate:

  1. From the home page, click Settings from the top-right corner.
  2. Navigate to the System Management tab.
  3. Click Manage Certificates
  • The Manage Certificates page is displayed.

4. Click Select and upload the .pfx certificate file.

5. Provide a name for the certificate in File Name.

6. Enter the password that is necessary to access the .pfx file in Password.

7. Click Save Certificates.


 

Notes Certificates

This allows you to manage certificates used for encrypting Lotus Notes files.

To manage Lotus Notes certificate:

  1. From the home page, click Settings from the top-right corner.
  2. Navigate to the System Management tab.
  3. Click Manage Certificates
  4. Navigate to Notes Certificates.

 

5. Click Select and upload the file.

6. Provide a name for the certificate in File Name.

7. Enter the certificate Password, if applicable.

8. Click Save Certificates.


 

 

AD1 Certificates

Allows you to manage certificates used for encrypting AD1 files.

To manage AD1 certificate:

  1. From the home page, click Settings from the top-right corner.
  2. Navigate to the System Management tab.
  3. Click Manage Certificates
  4. Navigate to AD1 Certificates.

 

5. Click Select and upload the file.

6. Provide a name for the certificate in File Name.

7. Enter the certificate Password, if applicable.

8. Click Save Certificates.


 

 

Manage Credentials

You can define the credentials used by the system to install the Agent on a target computer, as well as configuring share credentials and redirected acquisitions.

 

Redirected Acquisition

You can use Redirected Acquisition to direct the results of a full disk (logical or physical) collection from an agent(s) to the configured collection data path.

To manage the redirected acquisition credentials:

  1. From the home page, click Settings from the top-right corner.
  2. Navigate to the System Management tab.
  3. Click Manage Credentials.
  • The Manage Credentials Configuration page is displayed.

4. Enter the Domain name.

5. Provide the Username.

6. Provide the Password.

7. Enter the same in Confirm Password field.

8. Click Save.


 

Share Credentials 

You can define the credentials used by the system to access network shares that are configured as Data Sources.

To define share credentials:

  1. From the home page, click Settings from the top-right corner.
  2. Navigate to the System Management tab.
  3. Click Manage Credentials.
  4. Navigate to Share Credentials.

 

5. Enter the Domain name.

6. Provide the Username.

7. Provide the Password.

8. Enter the same in Confirm Password field.

9. Click Save.


 

 

Agent Credentials

You can define the credentials used by the system to install the Agent on a target computer. These credentials must be populated for agent deployments via FTK Central.

To define agent credentials:

  1. From the home page, click Settings from the top-right corner.
  2. Navigate to the System Management tab.
  3. Click Manage Credentials. 
  4. Navigate to Agent Credentials.

 

5. Enter the Domain name.

6. Enter the Agent Port.

7. Provide the Username.

8. Provide the Password.

9. Enter the same in Confirm Password field.

10. Click Save.


 

 

Office 365 Credentials

You can define the URLs to allow collections from Office 365 GCC environments such as Exchange, OneDrive, Teams and SharePoint. You can also choose the API method to be Graph API or Export API.

Note:  When the required URLs are configured, they will only allow GCC high collections. Users must remove GCC URLs and replace them with non-GCC URLs to allow collections from non-GCC environments.
 
GCC URLs
Azure AD Authentication URL: https://login.microsoftonline.us
Microsoft Graph URL: https://graph.microsoft.us
 
Non-GCC URLs
Azure AD Authentication URL: https://login.microsoftonline.com
Microsoft Graph URL: https://graph.microsoft.com


 
 

To define Office 365 credentials:

  1. From the home page, click Settings from the top-right corner.
  2. Navigate to the System Management tab.
  3. Click Manage Credentials. 
  4. Navigate to Office 365 Credentials.
  5. Enter the Azure AD Authentication URL.

6. Enter the Microsoft Sharepoint Domain.

7. Choose the API Method.

  1. Graph API - Selecting this will collect data using the Graph API method.
  2. Export API (SCC) – Selecting this will collect data using the PowerShell script.

  1. Enter the Refresh Token.
  2. Enter the Admin User Account.
  3. Enter the Microsoft Teams Redirect URL.
  4. Enter the Microsoft Client ID (Teams & OneDrive).
  5. Enter the Microsoft Client Secret (Teams & OneDrive).
  6. Enter the Microsoft Sharepoint Username.
  7. Enter the Microsoft Sharepoint Password.
  8. Enter the Tenant Active Directory Name.


 

 8. Choose the O365 Export Scope.

  1. Indexed Only - All items, excluding the one that have unrecognized format are encrypted, or not indexed for other reasons.
  2. Unindexed only - Only the items that have an unrecognized format are encrypted, or not indexed for other reasons.
  3. Both Indexed and Unindexed - All the items, including the one that have unrecognized format are encrypted, or not indexed for other reasons.

9. Select the Office 365 Environment type.

  1. Standard - Select this to collect data for Standard Method where the URL of O365 will end with .com.
  2. GCC High - Select this to Collect data specific to GCC where the URL ends with .us.

10. Click Save.


 

 

Case Defaults

Configuring Case Defaults allows you to enter default directories for case, job data, evidence and export paths as well as other significant options. 

General
  1. From the home page, click Settings from the top-right corner.
  2. Navigate to System Management tab.
  3. Click Case Defaults

 


4. Click Browse and choose the path/setting for the following fields.

  • Default Case Path – The selected path will appear during case creation. This directory will be pre-defined whenever creating a new case. If no default path is configured, the user creating the case must provide this information.
  • Default Job Data Path – The selected path will appear during case creation. The selected path will appear during case creation. This directory will be pre-defined whenever creating a new case. If no default path is configured, the user creating the case must provide this information.
  • Default Evidence Path – The selected path will appear during case creation. The selected path will appear during case creation. This directory will be pre-defined whenever creating a new case. If no default path is configured, the user creating the case must provide this information.
  • Default Export Path – The selected path will appear during case creation. The selected path will appear during case creation. This directory will be pre-defined whenever creating a new case. If no default path is configured, the user creating the case must provide this information.
  • Default Processing Profile – The selected processing profile will appear during case creation. This can be changed during case creation if required. 
  • Default Load File Path – The selected load file path will be applicable during case creation, where the load file import option is selected.
  • System Time Zone – The selected time zone will appear as a default during case creation.
  • Default date format – The selected date format will be used to display the dates in the application. 
  • Media Categorization – The selected media category will be set as the default region when categorizing data using VIC/CAID. This list will not be populated unless a KFF server is present and a case has objects which match the KFF alerts. 

5. Click Save.


 

 

Creating Redaction Reasons

Redaction Reasons can be used by organizations/teams to clearly identify content of importance without revealing the specifics. These redaction reasons appear when you redact areas of a document.

Refer the Using the Image Panel section for more details.

Creating a redaction reason:

  1. From the home page, click Settings from the top-right corner.
  2. Navigate to the System Management tab.
  3. Click Case Defaults > Redaction Reasons.
  4. Click Add Redaction Reason.
  5. Enter a Column Set Name.
  6. Assign Case using the drop-down list.


Note:  By default, if a case is not assigned, it will be assigned to all cases.


        7. Click Submit.

Note:  You can edit or delete a saved redaction reason by clicking on the Edit button  or Delete button  respectively.

 

 


Creating Custom Column Sets

Custom columns are global columns. In other words, once a custom column is created, it is available for use in all Cases and can be edited in the Administration section on a case-by-case basis. The newly created column is automatically displayed in the Case List with the other default columns. 

If a custom column is deleted, it is removed from any previously created case(s) that may have populated the column with data.

To create a custom column set:

  1. From the home page, click Settings from the top-right corner.
  2. Navigate to the System Management tab.
  3. Click Case Defaults > Custom Column Sets.
  4. Click Add Column Set.
  • The Add Custom Column Set prompt is displayed.

5. Enter a Column Set Name.

6. Select the required case from the Assign Case drop-down field.

7. Select the required columns from the Available panel.


Tip:  You can click and drag the required columns to rearrange them. 

 

 

8. Click Submit.

 

Tip:  You can select the created custom column set by navigating to Case > Enter Review > List View > click the Columns drop-down list.


Note:  You can edit or delete a saved custom column set by click on the Edit  or Delete  button respectively.




 

Creating Custom Case Properties

Case properties relate to the fields that appear for each evidence item being ingested. These fields can be customized for specific requirements. 

  1. From the home page, click Settings from the top-right corner.
  2. Navigate to the System Management tab.
  3. Click Case Defaults > Custom Case Properties.
  4. Upon checking the Process Evidence option, you will be navigated to a new section.
  5. Click Custom Case Properties.
  6. Click Add Property.
  7. Enter a Name and Description.
  8. Check the Required box to ensure this field is filled in during ingesting of evidence. If a value is not selected for a pick list, a choice will be selected automatically. 
  9. Select the Type
    • Date
    • PickList – Items should be listed one per line.
    • Text
  10. Click Create.



Database Servers

Configuring additional database servers allows for cases to be evenly distributed (round robin). Users must have one database configured as a master server in order for this functionality to operate.


Note:  Please ensure you have followed the Multi-Database Setup KB article before attempting the steps below.

 

 

Adding Database Server

Adding a database server:

  1. From the home page, click Settings from the top-right corner.
  2. Navigate to the System Management tab.
  3. Click Database Servers.
  4. Navigate to the Add Database Server section. 

 

5. Enter the DatabaseServerHostName or IP address.

6. Enter the Port (Default: 1433).

7. Enter the Admin (sa) Credentials or click Windows Authentication.


Note:  If you are using the Windows Authentication option, the user must be a domain-level service account with local administrator permissions to all servers.

 

8. Click Save.


Tip:  To stop cases being assigned to a specific database, users can simply click the toggle icon in the Actions column. This will not stop access to the cases stored on this database, it will only remove it from the active database pool for new cases.


 

 

Network Share Paths

Configuring Network Share paths allows you to enter paths which users should have access to. This can include areas such as evidence stores, export paths and other resource stores. When configured administrators can associate a network share path to a user within the User Management section; edit User Groups. Application administrators will have access to all network shares whereas standard users will not have access to any directories unless specified within User Management. 


 

 

Paths to Consider:

The paths listed below should be considered when assigning Network Share Paths to users.

Module

Tab/Page 

Path

Case List

Primary Details

Case Folder Path

Job Data Path

Load Files

File Path, Image Path

Process Evidence

Evidence Path

Data Sources

Network Shares

Path

Collection

Collection Options

Results Path

System Management

Configuration

Default Case Path

Default Job Data Path

Default Evidence Path

Default Export Path

Default Load File Path

FTK Connect

Create - Workflow Steps

Watch Folder- Location

Export - Location

Search and Tag - Location

Case List - Enter Review

Export

Path

Additional Analysis

Registry Reports Path

Export-Media-Categories

Export Path

Export-Semantics21

Export Path

Create Report - Audit log

Report Path

Cases

Backup

Case Backup Directory

Restore case

Restore Directory

Collection

Agent Remediation → send file

Source File Path

Agent Remediation → Execute, Delete

Target File Path

Threat Scan

Select Files, Folders

 


Adding Network Share Paths
  1. From the home page, click Settings from the top-right corner.
  2. Navigate to the System Management tab.
  3. Click Network Share Path.
  4. Click the + button to create a new network share path field. 
  5. Enter a UNC path to a desired destination. 
    • An example of share paths that can be added are:
      1. Case Folder
      2. Job Data Folder
      3. Evidence Folder
      4. Export Folder
  6. Click Save.


Note:  To delete an existing/new Network Share path, click the delete  button.



 

 

Site Server Console

The Site Server Console lets you monitor all active site servers, monitor the jobs they are running along with the status of the servers. Moreover, you will be able to control throttling on Agents or Site Servers using Network Traffic Controls and set Phone Home Settings.

Note:  The Site Server requires PostgreSQL to be installed.

Button

Description

Refresh job list.

Delete job.

Cancel job.

View site server status.

View site server configuration.

View phone home settings.

Replace agent installers.

View site server health metrics.

Site server toggle.

 

Status

You can view statistics about your Site Servers using the Status tab of the Site Server Console.

To view the status of the site servers:

  1. From the home page, click on Settings from the top-right corner.
  2. Navigate to System Management tab from right pane.
  3. Navigate to Site Server Console tab.
  4. Click on the Status button .
  • The Status details page is displayed.

 

Status

Description

Name 

Friendly name of the site server.

Site Server Type

Root, Public, Private, Private Protected.

Site Server Status

Online/Offline.

Domain

Where the site server resides.

Machine CPU Usage

Current CPU usage on site server.

Process CPU Usage

Current CPU usage by the site server.

Version

Version of the site server.

Page Memory

Page memory amount.

Page Memory Available

Currently available page memory.

Physical Memory

Physical memory amount.

Physical Memory Available

Currently available physical memory.

Virtual Memory

Virtual memory amount.

Virtual Memory Available

Currently available virtual memory.

Agent Throttle Inbound/Outbound

Agent Throttling.

Site Server Agent Throttle Inbound/Outbound

Site Server to Agent throttling.

Drives

Drives available on the site server.

Thread Pool Stat

Overview of incoming/outgoing threads.

Interface

Hostname and port of the site server.

Replication Stat

If there is a parent site server present.

 

Note:  You can choose the required site server from the drop-down.


 

 

Configuration

To configure the site servers:

  1. From the home page, click on Settings from the top-right corner. 
  2. Navigate to System Management tab from right pane.
  3. Navigate to Site Server Console tab.
  4. Click on the Configuration button .
  • The Configuration prompt is displayed.

5. Click Edit.

6. Set the inbound and outbound limits for the agent’s connection.


7. Make the necessary changes.

8. Click Save Changes.


  

Phone Home Settings

Phone Home allows you to configure interval checking between the agent and site server.

To configure home phoning settings:

  1. From the home page, click on Settings from the top-right corner.
  2. Navigate to System Management tab from right pane.
  3. Navigate to Site Server Console tab.
  4. Click on the Phone Home Settings button .

 

  • The Phone Home Settings page is displayed.

4. Select the minutes for Connect Every field.

5. Select the time to Retry.

6. Select the time in seconds to Wait between retries.

7. Enable the Refresh metrics on startup checkbox to refresh any endpoint metrics during App startup.

8. Click Save Changes.



Agent Installer

To select the agent installer location:

  1. From the home page, click on Settings from the top-right corner.
  2. Navigate to System Management tab from right pane.
  3. Navigate to Site Server Console tab.
  4. Click on the Agent Installers button .

 

  • The Agent Installers page is displayed.

5. Choose the Agent Installer Location.

6. Provide the Agent Path.

7. This can be within the “Agent” folder in the site server results directory.

 

32-Bit installer location \x32\ AccessData Agent.msi

64-Bit installer location \x64\ AccessData Agent (64-bit).msi

 

8. Click Replace Agent File. 

 

 

Health Metrics

To view the health metrics:

  1. From the home page, click on Settings from the top-right corner. 
  2. Navigate to System Management tab from right pane.
  3. Navigate to Site Server Console tab.
  4. Click Health Metrics

 

  • The Health Metrics page is displayed.


 

Jobs

To view jobs:

  1. From the home page, click on Settings from the top-right corner. 
  2. Navigate to System Management tab from right pane.
  3. Navigate to Site Server Console tab.
  4. All jobs (All States) will be listed in the Jobs Grid.


Tip:  Clicking the Plus  beside a job will expand the tasks to show which Site Server has sent the job as well as the targeted endpoint.


 

 

System Log

Almost all major internal events occurring in the system are recorded in the System Log. This can be used in conjunction with the activity log to monitor the work and status of your system.

The following are examples of the types of events that are recorded:

  • Completion of evidence processing for an individual case
  • Exports started and finished
  • Starting of internal services
  • Job failures
  • System errors
  • Errors accessing computers and shares

You can filter the log information that is displayed based on the following different types of criteria:

  • Date and time of the log message
  • Log type such as an error, information, or warning
  • Log message contents
  • Which component caused the log entry
  • Which method caused the log entry
  • Username
  • Computer name


 

Viewing System Log

To view the system logs:

  1. From the home page, click Settings from the top-right corner.
  2. Navigate to System Management tab from right pane.
  3. Navigate to System Log tab.

 


Note:  You can click Export as CSV and download the log in .csv format.


 

 

Activity Log

When certain internal activities occur in the system, it is recorded in the Activity log. The Activity Log can help you detect and investigate attempted and successful unauthorized activity in the application and to troubleshoot problems. This can be used in conjunction with the System Log to monitor the work and status of your system.

The following are examples of the types of activities that are recorded:

  • A user logged out
  • A user is forced to log out due to inactivity
  • Processing started on the case
  • A case is opened

You can filter the log information that is displayed based on the following different types of criteria:

  • Category
  • Activity Date
  • Activity
  • Username


 

 

Viewing Activity Log

To view the activity logs:

  1. From the home page, click Settings from the top-right corner.
  2. Navigate to System Management tab from right pane.
  3. Navigate to Activity Log tab.

 


Note:  You can click Export as CSV and download the log in .csv format.

 


Job Management

To map the jobs to a specific server:

Note: To use Job Management, you must have followed the KB article FTK Central 7.5.1+ - Job Management within a distributed environment.
  1. From the home page, click on the Settings button  from the top-right corner.
  • The Administration page is displayed.

2. Navigate to the System Management tab.

3. Select the Jobs section.

4. Select a server from the drop-down list.

5. Check the required job categories from the following sections:

  • Processing
  • eDisco/Search
  • Other

 


Warning:  If no job types are selected, all the jobs will be assigned by to a server.


 

6. Click Associate Job(s) to server.




DPM DPE Configuration

Uploading and processing of evidence files in the FTK Central application is now greatly enhanced using the Distributed Processing Manager (DPM) and Distributed Processing Engine (DPE).

With this feature, you can create processing managers (DPM) each configured with multiple processing engines (DPE). You can use these engines to store huge volumes of data and process all the corresponding jobs at a faster rate, thereby increasing the efficiency. 


Notes: You can check the status of the DPM DPE and the corresponding processing jobs from the Monitoring DPM and DPE section.

 

 


 
Configuring the DPM DPE

To Configure the DPM and DPE:

1. From the home page, click on the Settings button  from the top-right corner.

  • The Administration page is displayed.

2. Navigate to the System Management tab.

3. Select the DPM DPE Configuration section.

4. Click on the button against the DPM section.

  • The Add New DPM pop-up is displayed.

5. Enter the Host Name/IP.

6. Provide the Port number.

7. Click Save.

8. Click on the button against the DPE section.

  • The Add New DPE pop-up is displayed.

9. Enter the Host Name/IP.

10. Provide the Port number.

11. Click Save.



Notes: 
  • You can click on the Delete  button against the required DPM or DPE to delete it.
  • You can click on the  button against the DPE section to refresh the list of processing engines created.

 

 


Enabling/disabling DPE

To enable/disable the DPE:

1. From the home page, click on the Settings button  from the top-right corner.

  • The Administration page is displayed.

2. Navigate to the System Management tab.

3. Select the DPM DPE Configuration section.

 

4. Enable or disable the Status toggle against the required DPE to enable or disable the processing jobs associated with the corresponding DPE.