CE425, Forensic Tool Kit (FTK)
Who Should Attend:
DCIO and CI investigators and prospective lab examiners.
Prerequisites:
TT110 (INCH), RT120 (CIRC) and FT210 (WFE-E) or
FT215 (WFE-FTK) or Test Outs
Duration:
2.5 Days
Course Description:
Introduces students, who are already competent with the operation of other forensic applications,
to forensic methodology in the use of FTK software in the examination of digital media. {Mobile}
Objectives:
- Obtain, install, and configure the FTK and associated applications
- Understand FTKs interface and options
- Create, edit, and manage a case
- Perform a file signature analysis
- Perform a hash analysis
- Explain where to find Web-related evidence
- Recover e-mail messages and base64 attachments
- Recover evidentiary data from Windows system files
- Conduct searches
- Perform media verification
- Acquire evidence and add evidence to a case
- Recover ownership information of files and locate the owner
- Open and view Registry, Zip, e-mail archive files, and more
- Bookmark files of evidentiary value
- Edit bookmarked files
- Add notes to bookmark folders
- Create an FTK forensic report
- Export files, folders, applications, and the report
- Password Cracking with PRTK
Topics Covered
Introduction to Forensic Tool Kit (FTK)
- Introduction to and Installation of FTK
- Introduction to FTK Imager (including imaging, previewing and exporting files)
- Creating Custom content Images
Case Management
- Starting a New Case
- Working with Existing Cases
- The FTK Interface
- Bookmarks
- Flagged Graphics
Forensic Analysis with FTK
- The FTK Case Log
- Text Searching
- Examining Graphics Files
- E-mail Analysis
- File Filtering and Data Carving
- Registry Examination
- Exporting Files and File Information
Password Recovery Toolkit (PRTK)
- Introduction to Password Recovery Toolkit
- PRTK Recovery Modules, Dictionaries and Profiles
- Windows EFS
- Password Cracking
Case Reporting
- Creating and Customizing Your Report