TEASER: FTK Imager Step by Step

Download
File
eForensics_08_2014_Teaser.pdf

Go to the full issue

Not a subscriber? Buy the full issue 


Dear Readers,

Proudly, we want to invite you on a journey exploring the powerful features of FTK Imager.

AccessData FTK Imager is a forensics tool whose main purpose is to preview recoverable data from a disk of any kind. It can also create perfect copies, called forensic images, of that data. Furthermore, it is completely free.  Let’s check what does it mean in practice and test this Access Data tool. FTK Imager is on our board!

You are on a teaser page now. Below is the list of all articles in the full issue, with those available in the teaser marked in green:


FORENSIC TOOLKIT IMAGER – MORE THAN JUST AN IMAGER - FULL ARTICLE INCLUDED IN THE TEASER!
by Sam Pepenella

Although a considarable amount of investigatos utilize FTK Imager as an imager and preview tool, it has many more capabilities which could assist any investigator during the examination of some digital devices. Have a look at some of the features of FTK Imager and get some tips how to simplify future investigations!


FTK IMAGER AS AN ARCHIVER?
by Keith Swanson

One of the trials and tribulations of Digital Forensics is what to do when everything when you’re done. If you have worked for many years, you have folder after folder of data. Reports, images, exports, everything and anything can be involved in a case. All of it has to be put away nicely, in a manner that someone years from now can open and see what you have done. Save your time and money by learning how to archive with FTK Imager!


HOW TO INVESTIGATE FILES WITH FTK IMAGER - FULL ARTICLE INCLUDED IN THE TEASER! 
by Mark Stam

The Master File Table or MFT can be considered one of the most important files in the NTFS file system, as it keeps records of all files in a volume, the physical location of the files on the drive and file metadata. One of the most important tasks of a computer forensics expert is making file artifacts and metadata visible. Learn how in a straightforward manner, conduct the process of extracting NTFS file system data from a physical device. NTFS uses the Master File Table (MFT) as a database to keep track of files. We can use the MFT to investigate data and find detailed information about files. In this example we use FTK Imager 3.1.4.6 to find a picture (JPEG file) in Windows 7.


USING FTK IMAGER CREATE FORENSICALLY SOUND COPIES OF DIGITAL MEDIA
by Austin Troxell

The first step in Digital Forensic examinations is to create precise duplicates of any storage media collected as potential evidence. One of the key principles of Digital Forensics is that examiners must eliminate or minimize the risk of altering any information contained on the original evidence items. Where at all possible, the analyst will make digital copies of the media to be examined and work from these duplicates, preserving the originals. The Digital Forensics examiner has numerous options for creating exact bit-stream representations of digital media, including hardware duplicators as well as various software tools that create digitally identical copies. In this article Austin Troxell focuses on the features and use of AccessData’s FTK Imager.


CREATING A FORENSIC IMAGE OF A HARD DRIVE USING FTK IMAGER AND IMAGER-LITE FROM ACCESSDATA
by Bridgette Braxton

The advancement in the world of computer forensics has provided many tools to assist incident responders perform live analysis on a computer. The capabilities of forensics tools have improved by making analysis feasible by integrating enhanced interfaces, documentation, built-in detection methods, and new ways to collect evidence. Let’s see how FTK Imager can be used in those processes and how to do it!


FTK IMAGER ON THE FLY
by Robert C. DeCicco

Practicing computer forensics often times means having to jump on a plane or in a car to get someplace quickly to collect evidence. In part, response to the ofthen reactive nature of the work, agnecies and firms have developed fly away kits, mobile labs or other solutions that are prepped and ready to go and can handle a variety of environments or evidence types.
What about when you’re not prepared for a collection? What about those instances where you may be only scheduled to attend a meeting or scoping exercise at a client site? Robert DeCicco will show you how FTK Imager literally saved the day when the circumstances suddenly changed.


HIDING INFORMATION THEFT: HOW TO FIND VIDENCE OF DATA THEFT
by Mark Garnett

It is fair to say that most of today’s computer users know that when they “delete” a file from a computer system, it is not really deleted. The have the repository of all answers, Google, available to them that they can use to research ways in which to cover their tracks and prevent computer examiners from finding evidence that may get left behind from any wrongdoing. However, Mark Garnett will show you that even this might not be so successful if the forensic examiner knows how to use FTK Imager!
Discover how he investigated the real case of stole intellectual property and learn how to do it!


DETECTING EVIDENCE OF INTELLECTUAL PROPERTY THEFT USING FTK IMAGER (AND FTK IMAGER LITE)
by Ana M. San Luis and Robert K. Johnson

In today’s world of constantly evolving technology, there arise a number of options for thieves, embittered and disgruntled employees, or naive colleagues to participate in the theft of intellectual property, whether intentional or otherwise. IP theft can cost victims their jobs, reputations, and even millions of dollars, depending on what is stolen. Experts and investigators have a number of industry and court accepted tools available at their fingertips to investigate suspicions or allegations of IP theft. Some of these tools allow forensic experts and investigators to examine live running suspect machines or media, while making little to no changes to the suspect machines or media. Two such tools are AccessData’s FTK Imager and FTK Imager Lite.


FILE RECOVERY PART 01 – WITH FTK IMAGER AND RECUVA SOFTWARE
by Everson Probst

One of the core activities of a computer forensic expert is the file recovery. Through recovering, it is possible to examine records deleted by users or deleted automatically by the system. This tutorial will show you how to recover files as well as the technical properties performed with FTK Imager and Recuva software. Recuva is the free software distributed by Piriform whose main function is to recover deleted files. It uses the archive system index to recover deleted files and also runs Data Carver, but in this aspect, it is not very efficient when compared to Foremost.


FILE RECOVERY PART02 – WITH FTK IMAGER AND FOREMOST SOFTWARE
by Everson Probst
In this tutorial you will learn how to conduct file recovery with FTK Imager and Foremost software. Foremost is the free software that has the function of recovering files based on the Data Carver method. It is capable of recovering files whose record entries are no longer found in the archive system. That makes it a very useful tool to recover older files, despite it is not capable of recovering all original properties of the recovered file.


THE OTHER FTK!: FORENSICS THAT KONVICT!
by Christopher M. Erb

Recently released studies have shown 93% of criminal and civil cases in the United States involve some type of digital evidence. Large capacity storage media containing massive amounts of digital evidence  and constant changes in newly released software continue to bring challenges to digital forensics. That being said, computer forensic examiners are regularly tapped to process and examine vast volumes of data while removing superfluous rubbish. Today, computer forensic examiners are fortunate enough to have a host of forensic software and hardware products available to them and their respective agencies / corporations. This article discusses the best practices to preserve, examine and report the results of a digital forensic examination with the use of FTK.


ADDITIONAL BONUS

FTK – IMPROVING PASSWORD RECOVERY - FULL ARTICLE INCLUDED IN THE TEASER! 
by Brian Mork

Let’s be honest: in our day to day forensics work it is far more likely for us to encounter a user who has saved all of their passwords in a text file than anyone outside the forensic realm would ever guess. If a suspect hasn’t written down their password it is likely as not to be along the lines of “password” or “123456.” On those rare occasions when a “complex” password is chosen it will often conform to the pattern of “word from a dictionary with a capital first letter, followed by a single number or special character.” Those of us who are lucky enough not to spend our days working organized crime cases will find the case where we have to recover a password of any real complexity to be the needle in the haystack.


Go to the full issue

Not a subscriber? Buy the full issue 


Download
File
eForensics_08_2014_Teaser.pdf

July 30, 2021
Subscribe
Notify of
guest

4 Comments
Newest
Oldest Most Voted
Inline Feedbacks
View all comments
Claudio Sakae Shigemi
7 years ago

Hi!

I wonder if there is a possibility to pay for issue(number) of the magazine ?
Great web site!

PS: Sorry for the poor english.

[STAFF MEMBER]
Admin
7 years ago

Hello Claudio, thank you! And yes, all newer issues are available as individual purchases. This one as well, an updated version even, here: https://eforensicsmag.com/product/ftk-imager-step-by-step/
If you’re looking for seomthing else let me know!

Abubakar Siddique
8 years ago

This book is written in very comprehensive way and very important for beginner

[STAFF MEMBER]
Admin
8 years ago

Thank you, we’re glad you liked it!

© HAKIN9 MEDIA SP. Z O.O. SP. K. 2023