FTK Imager 2.6.1

Slides:



Advertisements
Similar presentations
Intro to WinHex CSC 414.
Advertisements

Chapter 12: File System Implementation
11 MANAGING DISK STORAGE Chapter 12. Chapter 12: MANAGING DISK STORAGE2 CHAPTER OVERVIEW Understand disk-storage concepts and terminology Distinguish.
Installing Windows XP Professional and Recovery Console
Chapter 4 Maintaining the Modern Computer. Troubleshooting Hardware Devices Troubleshooting Hardware Devices Device Manager provides a hardware device.
Comm Operator Introduction Serial Port Tool
An Introduction to Computer Forensics James L. Antonakos Professor Computer Science Department.
Access - Project 1 l What Is a Database? –A Collection of Data –Organized in a manner to allow: »Access »Retrieval »Use of That Data.
Guide to Computer Forensics and Investigations Fourth Edition
Digital Forensics Module 11 CS /26/2004Module 112 Outline of Module #11 Overview of Windows file systems Overview of ProDiscover Overview of UNIX.
Guide to Computer Forensics and Investigations Fourth Edition
Computer & Network Forensics
COS 413 Day 13. Agenda Questions? Assignment 4 Due Assignment 5 posted –Due Oct 21 Capstone proposal Due Oct 17 Lab 5 on Oct 15 in N105 –Hands-on Projects.
Guide to Computer Forensics and Investigations Third Edition
Chapter 7: Configuring Disks. 2/24 Objectives Learn about disk and file system configuration in Vista Learn how to manage storage Learn about the additional.
Hands-On Microsoft Windows Server 2003 Administration Chapter 5 Administering File Resources.
Chapter 7: Configuring Disks. Configuring File Systems Fat32 –First used with Windows 95 OSR2 –Smaller cluster sizes, more efficient storage up to 32.
COS/PSA 413 Day 15. Agenda Assignment 3 corrected –5 A’s, 4 B’s and 1 C Lab 5 corrected –4 A’s and 1 B Lab 6 corrected –A, 2 B’s, 1 C and 1 D Lab 7 write-up.
Hands-On Microsoft Windows Server 2003 Administration Chapter 6 Managing Printers, Publishing, Auditing, and Desk Resources.
Module 6: Managing Data Storage. Overview Managing File Compression Configuring File Encryption Implementing Disk Quotas.
Encase Overview. What is Encase EnCase Forensic is the industry standard in computer forensic investigation technology. Encase is a single tool, capable.
COEN 252 Computer Forensics
1 Chapter Overview Managing Data Storage Creating Dynamic Disks Implementing Storage Quotas Managing Compression and Encryption.
Hands-on: Capturing an Image with AccessData FTK Imager
Guide to Computer Forensics and Investigations, Second Edition Chapter 9 Data Acquisition.
TrendReader Standard 2 This generation of TrendReader Standard software utilizes the more familiar Windows format (“tree”) views of functions and file.
Course ILT Folder and file management Unit objectives Explore the contents of a hard disk and view file and folder attributes by using Windows Explorer.
Storage and NT File System INFO333 – Lecture Mariusz Nowostawski Noria Foukia.
LIS508 lecture 5: storage devices Thomas Krichel
Computer Concepts 2013 Chapter 4 Operating Systems and File Management.
®® Microsoft Windows 7 for Power Users Tutorial 5 Comparing Windows 7 File Systems.
I Can… Define basic file management and related terms Identify levels of a file system Identify and explain ways to view files in Windows OS Explain the.
Analyzing an Image using MAC Systems Sleuth kit version & Autopsy 2.24 Page 325 from “Guide to Computer Forensics and Investigations 4th edition”
Teaching Digital Forensics w/Virtuals By Amelia Phillips.
Teach Yourself Windows 98 Module 2: Working with Files, Folders, and the Desktop.
Chapter 9 Computer Forensics Analysis and Validation Guide to Computer Forensics and Investigations Fourth Edition.
Information Security 493. Lab 11.3: Encrypt a Windows File Windows operating systems since Windows 2000 have included the ability to encrypt files. Follow.
With Windows 7 Introductory© 2011 Pearson Education, Inc. Publishing as Prentice Hall1 Windows 7 Introductory Chapter 2 Managing Libraries Folders, Files.
ArcGIS: ArcMap Layout View. Agenda Layout interface Using templates Page properties Data frame properties Toolbars Layout elements Fine-tuning Finishing.
11 INSTALLING AND MANAGING STORAGE DEVICES IN WINDOWS XP Chapter 8.
ATN GIS Support ArcGIS: ArcMap Layout View.
File System Management File system management encompasses the provision of a way to store your data in a computer, as well as a way for you to find and.
1 Interface Two most common types of interfaces –SCSI: Small Computer Systems Interface (servers and high-performance desktops) –IDE/ATA: Integrated Drive.
Guide to Computer Forensics and Investigations Fourth Edition
Chapter 9 Computer Forensics Analysis and Validation Guide to Computer Forensics and Investigations Fourth Edition.
1 Computer Disk management Using Disk Management To open Disk Management: Click Start, right-click My Computer, and then click Manage. Under the Storage.
Chapter 5 Organizing Files and Folders. 2Practical PC 5 th Edition Chapter 5 Getting Started In this Chapter, you will learn: − How to get a list of your.
Guide to MCSE , Second Edition, Enhanced 1 File Storage Basics Basic storage Centers on partitioning physical disk Dynamic storage New method supported.
Working with Disks Lesson 4. Skills Matrix Technology SkillObjective DomainObjective # Configuring Data Protection Configure data protection6.4 Using.
IST 222 Day 3. Homework for Today Take up homework and go over Go to Microsoft website and check out their hardware compatibility list.
ArcGIS: ArcCatalog. Agenda The ArcCatalog Interface General ArcCatalog ▫Navigating directories ▫Preview data ▫View metadata Advanced ArcCatalog ▫Modifying.
OPERATING SYSTEMS Frans Sanen.  Analyze a FAT file system manually  FAT12 first and simplest version  Still used on smaller disks (e.g. floppies) 
MICROSOFT ONENOTE ADVANCED MODULE 1 EXPLORE ONENOTE 2010  Navigate in the OneNote program window  Work in the OneNote program window  Explore.
Windows and Mac OSX.  Formatting a disk prepares it to accept data  NTFS on Windows  HFS+ on the Mac  There are lots of different formatting options.
EnCase  Starting a New Case  Adding a Device  Creating a Boot Disk  Keyword Search  Bookmarking  File Signatures  Exporting Files/Report  File.
Chapter 3 Data Acquisition Guide to Computer Forensics and Investigations Fifth Edition All slides copyright Cengage Learning with additional info from.
COEN 252 Computer Forensics Forensic Duplication of Hard Drives.
Windows Vista Configuration MCTS : NTFS Security Features and File Sharing.
WINDOWS Part 2 – File Management. File Management Files - Electronic collections of data that you create and save on a computer Examples: –Resume created.
Forensic Investigation Techniques Michael Jones. Overview Purpose People Processes Michael JonesDigital Forensic Investigations2.
Pass4itsure Cisco Dumps
Creighton Barrett Dalhousie University Archives
Encase Overview.
Microsoft Windows 7 - Illustrated
Understanding File Management
HOW TO PUT PASSWORD IN WORD, SPREAD SHEET AND DATABASE
Chapter 5 EnCase Concepts.
Understanding File Management
CHFI & Digital Forensics [Part.1] - Basics & FTK Imager
Computer Forensics Lab 1 INFORMATION TECHNOLOGY DEPARTMENT LEBANESE FRENCH UNIVERSITY (LFU) COURSE CODE: IT402CF 1.
Presentation transcript:

FTK Imager

FTK Imager Interface Viewer File List Evidence Tree View Properties Status Bar Tool Bar Menu Bar Native Viewer

Properties General

Properties DOS Attribs & NTFS Info

Properties Access Conrol Entry

Interpreters Values

Interpreters Dates

Hex Interpreter Hex View Hex Interpreter Hex Viewer

Right-Click Menu options

Export Files... Choose where. Go for it!

Export Hash List... Hash value of each file in directory

Add to Custom Content Image (AD1) More on this later

Drive Free Space Unallocated Space

Unpartitioned Space

FTK Imager Image a Device

Choose the Device

Where to put it. What to call it

E01 Permits Compression

Single Source - Multiple Images

Multiple Images – Multiple Sources Once one is started you Can start another.

Progress Success

FTK Creates a Couple of Files.csv – Listing of files found.txt – Properties of Device

Details from FTK Imager Information for C:\Documents and Settings\Admin\My Documents\Courses\Forensics\Case\Case-USB\ \Image\ dd: Physical Evidentiary Item (Source) Information: [Drive Geometry] Cylinders: 31 Tracks per Cylinder: 255 Sectors per Track: 63 Bytes per Sector: 512 Sector Count: 499,712 [Physical Drive Information] Drive Model: Kingston DataTraveler 2.0 USB Device Drive Interface Type: USB Source data size: 244 MB Sector count: [Computed Hashes] MD5 checksum: c78f258d9661b2086bb f6 SHA1 checksum: ee8f4315cdc0911f0467dfdb5ea8a5148ab415e8 Image Information: Segment list: C:\Documents and Settings\Admin\My Documents\Courses\Forensics\Case\Case-USB\ \ dd.001 Thu Oct 02 11:40: Image Verification Results: MD5 checksum: c78f258d9661b2086bb f6 : verified SHA1 checksum: ee8f4315cdc0911f0467dfdb5ea8a5148ab415e8 : verified

List of Undeleted Files

Using FTK Imager Triage

Choose Source

Find the Image

Image Added to FTK Imager

Explore the Image

Converting from One Format to Another Open image file Select it File->Export Disk Image Create image dialog Add Provide the requested info

Image Verification dd Image EnCase E01 Image

Custom Content Image (AD1) Logical images that contain all sorts of content Portions of a file system Entire file systems Individual files or folders Portions of free space Contains content from diverse forensic images “Case in a file”

Add Content to the Custom Content Image

Create Custom Content Image

Review the Content Create Image

Creates a.csv file of the contents of the AD1 file.

Name and Place

CCI.txt The Custom Content Image was made from the following list: USB.E01\Partition 1 [243MB]\KINGSTON [FAT16]\[root]\Comp_Sec-II\CS_ doc MD5,SHA1,Filename "d41d8cd98f00b204e ecf8427e","da39a3ee5e6b4b0d3255bfef afd80709","USB.E01\Partition 1 [243MB]\KINGSTON [FAT16]\[root]\Comp_Sec- II\CS_ doc\CS_ doc" USB.E01\Partition 1 [243MB]\KINGSTON [FAT16]\unallocated space\00412 MD5,SHA1,Filename "9da2a3b792a0d032fd7fd e910","a6dbd978d9512abfba6a170598acf9b78c825120","USB.E01\Partition 1 [243MB]\KINGSTON [FAT16]\unallocated space\00412\00412"

FTK Imager Acquisition Tools Image Formats FTK Imager Interface FTK Functionality

Lab Sanitize your thumb drive Make case folder Seize the thumb drive (Red) Image the evidence thumb drive (Red) Write a Imaging Report

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.