Forensic Analysis Using FTK

More documents

Recommendations

Info

Lab 3: Analysis Using FTK Note: If you receive a warning that the directory already exists and click “Yes” to erase it, click “Yes” because the evidence file will not be erased. Click “Next” and fill in your name on the “Examiner Information” dialog and click “Next.” Accept the defaults for the “Case Log” options by clicking “Next.” Accept the defaults on “Processes to Perform” by clicking “Next.” Accept the defaults on “Refine Case – Default” by clicking “Next.” Accept the defaults on “Refine Index – Default” by clicking “Next.” In the “Add Evidence” dialog box, click on “Add Evidence” and select “Acquired Image of Drive” and click “Continue.” Navigate to the “Evidence” subdirectory you created: KSU ISA4350 – Page 2 of 11
Lab 3: Analysis Using FTK Select the “Firestarter.E01” file and click “Open.” FTK will process briefly and present a dialog for describing the evidence item and selecting a timezone. Select “Eastern Time…” and click “Next.” Click “Finish” in the “New Case Setup Complete” panel to begin processing the evidence file. This processing will take some time (10 – 15 minutes) as FTK is analyzing the evidence file, recovering deleted files and indexing all the items it finds. KSU ISA4350 – Page 3 of 11
Page 1: Lab 3: Analysis Using FTK Lab 3: Fo
Page 5 and 6: Lab 3: Analysis Using FTK leap imme
Page 7 and 8: Lab 3: Analysis Using FTK pane, rig
Page 9 and 10: Lab 3: Analysis Using FTK Review th
Page 11: Lab 3: Analysis Using FTK Name Date

Forensic Analysis Using FTK

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?