Presentation is loading. Please wait.

Presentation is loading. Please wait.

FTK Imager 2.6.1

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "FTK Imager 2.6.1"— Presentation transcript:

1 FTK Imager 2.6.1 http://www.accessdata.com/downloads.html

2 FTK Imager Interface Viewer File List Evidence Tree View Properties Status Bar Tool Bar Menu Bar Native Viewer

3 Properties General

4 Properties DOS Attribs & NTFS Info

5 Properties Access Conrol Entry

6 Interpreters Values

7 Interpreters Dates

8 Hex Interpreter Hex View Hex Interpreter Hex Viewer

9 Right-Click Menu options

10 Export Files... Choose where. Go for it!

11 Export Hash List... Hash value of each file in directory

12 Add to Custom Content Image (AD1) More on this later

13 Drive Free Space Unallocated Space

14 Unpartitioned Space

15 FTK Imager Image a Device

16 Choose the Device

17 Where to put it. What to call it

18 E01 Permits Compression

19 Single Source - Multiple Images

20 Multiple Images – Multiple Sources Once one is started you Can start another.

21 Progress Success

22 FTK Creates a Couple of Files.csv – Listing of files found.txt – Properties of Device

23 Details from FTK Imager Information for C:\Documents and Settings\Admin\My Documents\Courses\Forensics\Case\Case-USB\ 08-0001\Image\08-0001.dd: Physical Evidentiary Item (Source) Information: [Drive Geometry] Cylinders: 31 Tracks per Cylinder: 255 Sectors per Track: 63 Bytes per Sector: 512 Sector Count: 499,712 [Physical Drive Information] Drive Model: Kingston DataTraveler 2.0 USB Device Drive Interface Type: USB Source data size: 244 MB Sector count: 499712 [Computed Hashes] MD5 checksum: c78f258d9661b2086bb37658527290f6 SHA1 checksum: ee8f4315cdc0911f0467dfdb5ea8a5148ab415e8 Image Information: Segment list: C:\Documents and Settings\Admin\My Documents\Courses\Forensics\Case\Case-USB\08-0001\08- 0001.dd.001 Thu Oct 02 11:40:12 2008 - Image Verification Results: MD5 checksum: c78f258d9661b2086bb37658527290f6 : verified SHA1 checksum: ee8f4315cdc0911f0467dfdb5ea8a5148ab415e8 : verified

24 List of Undeleted Files

25 Using FTK Imager Triage

26 Choose Source

27 Find the Image

28 Image Added to FTK Imager

29 Explore the Image

30 Converting from One Format to Another Open image file Select it File->Export Disk Image Create image dialog Add Provide the requested info

31 Image Verification dd Image EnCase E01 Image

32 Custom Content Image (AD1) Logical images that contain all sorts of content Portions of a file system Entire file systems Individual files or folders Portions of free space Contains content from diverse forensic images “Case in a file”

33 Add Content to the Custom Content Image

34 Create Custom Content Image

35 Review the Content Create Image

36 Creates a.csv file of the contents of the AD1 file.

37 Name and Place

38 CCI.txt The Custom Content Image was made from the following list: -------------------------------------------------- USB.E01\Partition 1 [243MB]\KINGSTON [FAT16]\[root]\Comp_Sec-II\CS_457.2010.doc MD5,SHA1,Filename "d41d8cd98f00b204e9800998ecf8427e","da39a3ee5e6b4b0d3255bfef95601890afd80709","USB.E01\Partition 1 [243MB]\KINGSTON [FAT16]\[root]\Comp_Sec- II\CS_457.2010.doc\CS_457.2010.doc" USB.E01\Partition 1 [243MB]\KINGSTON [FAT16]\unallocated space\00412 MD5,SHA1,Filename "9da2a3b792a0d032fd7fd0363886e910","a6dbd978d9512abfba6a170598acf9b78c825120","USB.E01\Partition 1 [243MB]\KINGSTON [FAT16]\unallocated space\00412\00412"

39 FTK Imager Acquisition Tools Image Formats FTK Imager Interface FTK Functionality

40 Lab Sanitize your thumb drive Make case folder Seize the thumb drive (Red) Image the evidence thumb drive (Red) Write a Imaging Report

Download ppt "FTK Imager 2.6.1"

Similar presentations

Intro to WinHex CSC 414.

Intro to WinHex CSC 414.
Chapter 12: File System Implementation

Chapter 12: File System Implementation
11 MANAGING DISK STORAGE Chapter 12. Chapter 12: MANAGING DISK STORAGE2 CHAPTER OVERVIEW Understand disk-storage concepts and terminology Distinguish.

11 MANAGING DISK STORAGE Chapter 12. Chapter 12: MANAGING DISK STORAGE2 CHAPTER OVERVIEW Understand disk-storage concepts and terminology Distinguish.
Installing Windows XP Professional and Recovery Console

Installing Windows XP Professional and Recovery Console
Chapter 4 Maintaining the Modern Computer. Troubleshooting Hardware Devices Troubleshooting Hardware Devices Device Manager provides a hardware device.

Chapter 4 Maintaining the Modern Computer. Troubleshooting Hardware Devices Troubleshooting Hardware Devices Device Manager provides a hardware device.
Comm Operator Introduction Serial Port Tool

Comm Operator Introduction Serial Port Tool
An Introduction to Computer Forensics James L. Antonakos Professor Computer Science Department.

An Introduction to Computer Forensics James L. Antonakos Professor Computer Science Department.
Access - Project 1 l What Is a Database? –A Collection of Data –Organized in a manner to allow: »Access »Retrieval »Use of That Data.

Access - Project 1 l What Is a Database? –A Collection of Data –Organized in a manner to allow: »Access »Retrieval »Use of That Data.
Guide to Computer Forensics and Investigations Fourth Edition

Guide to Computer Forensics and Investigations Fourth Edition
Digital Forensics Module 11 CS 996. 4/26/2004Module 112 Outline of Module #11 Overview of Windows file systems Overview of ProDiscover Overview of UNIX.

Digital Forensics Module 11 CS /26/2004Module 112 Outline of Module #11 Overview of Windows file systems Overview of ProDiscover Overview of UNIX.
Guide to Computer Forensics and Investigations Fourth Edition

Guide to Computer Forensics and Investigations Fourth Edition
Computer & Network Forensics

Computer & Network Forensics
COS 413 Day 13. Agenda Questions? Assignment 4 Due Assignment 5 posted –Due Oct 21 Capstone proposal Due Oct 17 Lab 5 on Oct 15 in N105 –Hands-on Projects.

COS 413 Day 13. Agenda Questions? Assignment 4 Due Assignment 5 posted –Due Oct 21 Capstone proposal Due Oct 17 Lab 5 on Oct 15 in N105 –Hands-on Projects.
Guide to Computer Forensics and Investigations Third Edition

Guide to Computer Forensics and Investigations Third Edition
Chapter 7: Configuring Disks. 2/24 Objectives Learn about disk and file system configuration in Vista Learn how to manage storage Learn about the additional.

Chapter 7: Configuring Disks. 2/24 Objectives Learn about disk and file system configuration in Vista Learn how to manage storage Learn about the additional.
Hands-On Microsoft Windows Server 2003 Administration Chapter 5 Administering File Resources.

Hands-On Microsoft Windows Server 2003 Administration Chapter 5 Administering File Resources.
Chapter 7: Configuring Disks. Configuring File Systems Fat32 –First used with Windows 95 OSR2 –Smaller cluster sizes, more efficient storage up to 32.

Chapter 7: Configuring Disks. Configuring File Systems Fat32 –First used with Windows 95 OSR2 –Smaller cluster sizes, more efficient storage up to 32.
COS/PSA 413 Day 15. Agenda Assignment 3 corrected –5 A’s, 4 B’s and 1 C Lab 5 corrected –4 A’s and 1 B Lab 6 corrected –A, 2 B’s, 1 C and 1 D Lab 7 write-up.

COS/PSA 413 Day 15. Agenda Assignment 3 corrected –5 A’s, 4 B’s and 1 C Lab 5 corrected –4 A’s and 1 B Lab 6 corrected –A, 2 B’s, 1 C and 1 D Lab 7 write-up.
Hands-On Microsoft Windows Server 2003 Administration Chapter 6 Managing Printers, Publishing, Auditing, and Desk Resources.

Hands-On Microsoft Windows Server 2003 Administration Chapter 6 Managing Printers, Publishing, Auditing, and Desk Resources.
Module 6: Managing Data Storage. Overview Managing File Compression Configuring File Encryption Implementing Disk Quotas.

Module 6: Managing Data Storage. Overview Managing File Compression Configuring File Encryption Implementing Disk Quotas.

Similar presentations

Ads by Google