Press "Enter" to skip to content

CST 640 – Project 4: FTK Investigations

0
(0)

Step 1: Create an Image in FTK Imager One of the first steps in conducting digital forensic investigations involves creating a forensic image of the digital evidence disk or drive. Digital forensics evidence can be found in operating systems, disk drives, network traffic, emails, and in software applications. To help the detectives in your department to better understand the digital forensics investigation process, you have offered to show them how you create an image using FTK Imager. Media investigations of digital storage devices can include audio files, pictures, videos, words, portions of files, graphic files, and information about a file. Graphics files can be a rich source of forensic evidence.

Because you are pressed for time, you go to the virtual lab and decide to create an image of the “My Pictures” directory on your computer. This process is similar to making a full computer image, but it takes only a few minutes rather than several hours. You are preparing a report describing the steps that you follow so the detectives can refer to it later. You will include a screenshot and text file (DFC620_Lab1_Name.ad1) that document your imaging process with information such as hash values.

Step 2: Process an Image From the Suspect Mantooth’s Computer

In the previous step, you imaged a directory for a forensic report using FTK Imager. Now the detectives have requested additional analysis, so you decide to go to the virtual lab and use Registry Viewer to access user account information for the image from a computer owned by a suspect named Mantooth. Detectives don’t yet have the suspect’s first name and are seeking more information.

Key words: examining metadata, file systems, hexadecimal, ASCII, operating systems, report writing, file system information gathering.

Step 3: Process an Image From the Suspect Washer’s Computer

The Mantooth image has provided a lot of new information, but the detectives want more. PRTK is the tool that can uncover it. An image has been taken of the hard drive in a computer belonging to a suspect named Washer.

Key words: examining metadata, file systems, hexadecimal, ASCII, operating systems, report writing, file system information gathering.

How useful was this post?

Click on a star to rate it!

Average rating 0 / 5. Vote count: 0

No votes so far! Be the first to rate this post.

inciteprofessor
inciteprofessor

Inciteprofessor is a Master Holder in Actuarial Science from the World's Best Universities. He also possesses a Bachelor degree in Computer Science and Cyber Security. He has worked with many freelance companies including Freelancers, Fiverr , Studybay, Essayshark, Essaywriters, Writerbay, Edusson, and Chegg Tutor. He offers help in research paper writing & tutoring in Mathematics, Finance, and Computer Science field.

View all posts

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.