SlideShare a Scribd company logo

FTK report PART I Familiar with FTK ImagerBonus Exerc.docx

Download as DOCX, PDF
B
budbarber38650

FTK report PART I: Familiar with FTK Imager Bonus Exercise 1 (5 points): Assume that you have a write-protected USB device. Image a USB device or a floppy disk to create an image in a DD format. (Note: You are not able to use the 841_Win_Forensics_Updated VM to perform this bonus exercise. You have to use your own computer for this exercise). Provide a snapshot from FTK Imager. Requires: a USB device or a floppy disk Launch FTK Imager Click File > Create Disk Image Click Physical Drive and Next Select the device and select Raw (dd) Image Type Exercise 2: View images Click File > Add Evidence Item Select Image file and then click Next Browse to your WinLabEnCase.E01 image and click Finish View the image in the Evidence Tree view Question 1: What is the VBR file used for? How to export this file? How to export a file Hash? VBR file contain information that will enable client machine to use the remote application . we can export this file by press export , hash file will export as a plain text. Exercise 3: Convert the WinLabEnCase image to a DD image Exercise 4: Verify images Question 2: What are the results of verification? Comparing both hashes, are they same or not? The verification matched and both hashes are the same PART II: Working with FTK 1.8x DETAILED PROCEDURES THAT MAY HELP YOU TO GO THROUGH THE FTK SOFTWARE Exercise 1: Starting a New Case Question 3: What information is required to create a new case using the FTK New Case Wizard? The information needed are : investigator name , address , phone , email , case number , case name , case path , case folder and case destination Question 4: What are the types of evidence that can be added to a case in FTK? Image of drive , local drive , folders and individual file Exercise 2: Working with FTK Click the OVERVIEW tab; note the numbers for each type of file. Question 5: How to make the number of the Checked Items to go up? How to make the number of Flagged Thumbnails to go up? After open each file , items will added to the checked item folder , flagged thumbnails will go up with each file we change the point which down it from red to green . File Signatures A file type (JPEG, Word Document, MP3 file) can be determined by the file’s extension and by a header that precedes the data in the file. If a file’s extension has been changed, then the only way to determine its type is by looking at its header. Question 6: Click on Bad Extension from Overview tab. Do you find any signature mismatch? What are they? There are 11 files , 8 of them are TMP extension , 1 XLS , 1 PDF and 1 DOC Data Carved Files: Question 7: Check the number of Data Carved Files, what is the number? zero Question 8: Check the number of Data Carved Files from Overview, how many files added to the case by data carving? TWO Question 9: What are those files found by performing data carving process? Why is this process so important? The files which found are the files with GIF extension , th.

Education
1 of 19
FTK report PART I: Familiar with FTK Imager Bonus Exercise 1 (5 points): Assume that you have a write- protected USB device. Image a USB device or a floppy disk to create an image in a DD format. (Note: You are not able to use the 841_Win_Forensics_Updated VM to perform this bonus exercise. You have to use your own computer for this exercise). Provide a snapshot from FTK Imager. Requires: a USB device or a floppy disk Launch FTK Imager Click File > Create Disk Image Click Physical Drive and Next Select the device and select Raw (dd) Image Type Exercise 2: View images Click File > Add Evidence Item Select Image file and then click Next Browse to your WinLabEnCase.E01 image and click Finish View the image in the Evidence Tree view Question 1: What is the VBR file used for? How to export this file? How to export a file Hash? VBR file contain information that will enable client machine to use the remote application . we can export this file by press
export , hash file will export as a plain text. Exercise 3: Convert the WinLabEnCase image to a DD image Exercise 4: Verify images Question 2: What are the results of verification? Comparing both hashes, are they same or not? The verification matched and both hashes are the same PART II: Working with FTK 1.8x DETAILED PROCEDURES THAT MAY HELP YOU TO GO THROUGH THE FTK SOFTWARE Exercise 1: Starting a New Case Question 3: What information is required to create a new case using the FTK New Case Wizard? The information needed are : investigator name , address , phone , email , case number , case name , case path , case folder and case destination Question 4: What are the types of evidence that can be added to a case in FTK? Image of drive , local drive , folders and individual file Exercise 2: Working with FTK Click the OVERVIEW tab; note the numbers for each type of file. Question 5: How to make the number of the Checked Items to go up? How to make the number of Flagged Thumbnails to go
up? After open each file , items will added to the checked item folder , flagged thumbnails will go up with each file we change the point which down it from red to green . File Signatures A file type (JPEG, Word Document, MP3 file) can be determined by the file’s extension and by a header that precedes the data in the file. If a file’s extension has been changed, then the only way to determine its type is by looking at its header. Question 6: Click on Bad Extension from Overview tab. Do you find any signature mismatch? What are they? There are 11 files , 8 of them are TMP extension , 1 XLS , 1 PDF and 1 DOC Data Carved Files: Question 7: Check the number of Data Carved Files, what is the number? zero Question 8: Check the number of Data Carved Files from Overview, how many files added to the case by data carving? TWO Question 9: What are those files found by performing data carving process? Why is this process so important? The files which found are the files with GIF extension , this process is very important because it helps the investigator to
focus on one type of files which he looking for . ExploreTab Checkmark List all descendants. Question 10: What is the file system of this Image? FAT 16 Question 11: Right-click a folder and select File Properties, What information do you get? Path , file name , system attributes , file source info and file content info . Question 12: Select a file, and right-click on that file and select File Properties, What information do you get? Path , file name , system attributes , file source info , file content info and file size . Question 13: Select Documents and SettingspsmithRecent, what kind of files contain in this folder? Select each file in this folder, what kind of information do you get from the up-right window? The latest files which open on this machine are on recent file . We can get information about each file like creation time , last write time , last access time and what kind of file it is. Question 14: Select Documents and SettingspsmithLocal SettingsHistoryHistory.IE5index.dat, what kind of files contain in this file? Select each file, what kind of information
do you get from the up-right window? We can fine internet explorer daily browsing history , we can get last accessed time for different websites which opened in the browser . Question 15: Select Documents and SettingspsmithFavorites, what are psmith’s favorite links? www.monster.com www.aerospace-technology.com/contractors www.jsfirm.com/searchcontractors.asp yahoojobs as we see the suspect man was looking for a job Question 16: Looking into the Recycled folder, which files are currently in the recycler? Select the INFO2 file from the Recycled folder, what information do you get from that file? We found 2 files , ogdiagram.gif , tse082800.pdf , in the info2 file we get information about last file which put in the recycle , what is the name and the time when the file deleted . Question 17: Looking into WINDOWSSystem32spool folder, what information can you get from this folder? From spool we get information about all the drivers and printers which install on that machine . Windows Registry Locate ntuser.dat from the Documents and Settingspsmith folder Export the ntuse.dat; then launch the AccessData Registry Viewer to include this file in the Registry Viewer. (You may also right click the file and choose View in Registry Viewer In the Registry Viewer, explore the list.
Action 18: List any interesting results All the information about registry and all softwares which are on that machine . Graphics Tab The Graphics Tab allows you to quickly see all the pictures in the case. Checkmark List all descendants. You will now see all of the pictures contained on all of the devices in the case. Question 19: If a file’s extension has been changed to a non- graphics file type (such as changing jpg to txt), will it be displayed in the Gallery view? Provide one example to support your statement. Does EnCase work in the same way? Yes it does , and this is an advantage of FTK compared to encase Export and Copy Special Export these five graphics to your desktop. Question 20: What is the major difference between Export a file and Copy Special a file? Export will copy the file to a specific location on the machine while copy special give us option to copy what we need from file like file type , modification date and so on. Keywords and Searching Searching evidence for information pertaining to a case can be one of the most crucial steps in the examination. FTK support two kind of search, indexed and live searches. An indexed
search uses the index file to find a search term while a live search involves an item-by-item comparison with a search term. The index file could be generated during the creation of a case or be indexed later. Question 21: What is the advantage to use indexed search vs. the live search? Index search will look inside the files for the needed information while live search check the subject of each file only Examining the Options and Import feature in the indexed Search Question 22: What are these two features used for? Options need for change search brooding options , search result options and search limiting options. Import search in side the files as a text file Question 23: Do you find any files containing US Phone numbers? List two files that in the result list. I found 299 hits in 8 files . Aviation.htm Contacts.htm Email Question 24: Read the manual and find out what kind of email formats do FTK support? FTK now supports the decryption of RSA standard PKCS7
S/MIME email items. This includes support for MBOX, DBX, RFC822, and some PST/EDB archives Question 25: Did anything happen? Do you find any important information? If so, what kind of information you got? ye s I found a lot of information like that the suspect talk with someone about meeting and offering him an offer of work Case Report After performing a thorough forensic investigation, it is critical that you are able to publish and present your findings. FTK has a sophisticated report wizard that allows you to assemble and publish case information. The final report generated by the FTK wizard is in HTML format. Click File > Report Wizard Fill in the Case information which will appear on the Case Information page of the report. Create a report to include the following: a) all bookmarks and export all bookmarked files b) Export full-size graphics and link them to the thumbnails c) Include the Date and Time file Properties for the Bookmarked Files d) Include only graphics flagged green in the Graphics View e) Group 6 thumbnail per row f) Include Bad Extension files in the report and export the files to the report along with its data and time property g) Add one or more of your own file to the report that support your statement h) Create a custom graphic for the report.
Action 26: Include two screenshots of this report in your submission.
1 Computer Forensics - FTK Engineering Computer Systems Management – 767425 Project #1 (Due date: Monday 19 August 2013) The aim of this project is for you to discover how to use a spreadsheet to “model” a typical engineering problem, in this case a heat transfer situation. And to discover how this model can be used to solve problems that would otherwise require lengthy analytical or trial and error solutions. The model can then be used as a design/analysis tool to try out various “what if” scenarios. Hot oil is used as an alternative to steam for providing process heat in some industries. In our scenario the hot oil is being pumped to the process equipment through an insulated pipe and we want to determine the rate of heat loss per metre of pipe. The pipe is made from mild steel and is insulated with fibreglass and clad with stainless steel. Heat is being lost from the stainless steel cladding surface by convection and by
radiation. The initial problem is to determine the heat loss ̇ and cladding surface temperature for various thicknesses of the fibreglass insulation. Heat Transfer Situation: The following data is given: hot oil temperature, ............................................................ 180°C steel pipe internal diameter, ..................................................... 80 mm steel pipe external diameter, .................................................... 90 mm pipe length, ................................................................................. nominal, 1 m inside convection heat transfer coefficient, ............................... 50 W/m 2 °C
steel pipe thermal conductivity, ............................................ 35 W/m°C initial fibreglass insulation thicknesses ........................................... 25 mm insulation thermal conductivity, ............................................. 0.039 W/m°C stainless steel cladding thickness ................................................... 2.6 mm stainless steel cladding thermal conductivity, ........................ 14 W/m°C stainless steel emissivity, ....................................................... 0.2 outside convection heat transfer coefficient, ........................... 18 W/m 2 °C ambient/surrounding surface temperature, .......................... 22°C Relevant formulae: ̇ ̇ ̇ ̇ ̇ ( )
∑( ( ) ) ̇ ( ) ̇ ( ) stainless steel cladding steel pipe fibreglass insulation � � � �3 � � �̇�
�̇� �̇� �̇� � At first glance this looks to be a relatively simple problem, however to solve it we need to find the surface temperature, before we can find the heat loss, ̇ . To solve for analytically would require the solution of a polynomial (quartic) equation. With the spreadsheet we can solve this fairly easily using a trial and error approach or using one of the advanced tools available in Excel to automate this process... Specific requirements: You are required to: using Microsoft Excel, as detailed below. omments and results as also detailed below. 1. Spreadsheet Model Set up your spreadsheet model of the heat transfer situation with an area for input values (all of the data given above), an area for intermediate answers (eg radii, ̇ , ̇ , ̇ ), and an area for the final results, and ̇ . Your model should be set up to be as
flexible as possible to produce answers for and ̇ for a given insulation thickness. (Imagine other engineers might use your spreadsheet as a tool for similar heat loss situations, so make it clear, easy to use and helpful). In your Report (Word document) : functions or tools you used, and how you used them to solve for s and ̇loss for a given insulation thickness. Provide a table summarising your results ( and ̇ ), for the following insulation thicknesses: 25 mm, 50 mm, 75 mm and 100 mm. 2. Further Analysis Use your spreadsheet model to determine the thickness of insulation required to give a cladding surface temperature of say 50°C. In your Report (Word document) : 3. “What if” analysis Set the insulation thickness to 75mm and then use your model to investigate the following “what if”
situations (ie what happens to surface temperature, and heat loss, ̇ if the following changes occurred). 4 or even 0.8 over a period of time as the stainless steel became more oxidised? that the thermal conductivity increased to a value of say 0.06 or 0.1 W/m°C? ture increased to 250°C or decreased to 120°C? increases to 30°C? to 12 W/m 2 °C or increases to 50 W/m 2 °C. to 30 W/m 2 °C or increases to 100 W/m 2
°C In your Report (Word document) : values and new values of and ̇ and discuss whether or not you think the change is significant. main factors that affect the rate of heat loss for an insulated hot oil pipe like this … (use your results from the above “What if” analysis). 4. Comments and Conclusion In your Report add a Comments and Conclusions section and briefly comment on the following: this on a spreadsheet compared to using a calculator and /or hand calculations. -if” scenarios? this on a spreadsheet, and other people using it? Note: Marks will also be awarded for layout (of spreadsheet model) and overall ease of use. Bonus
marks may be awarded for additional helpful features… 5. Submit the spreadsheet and supporting document for marking by 4:00 pm, Monday 19 August 2013, using AUTonline. Instructions for doing this are provided below and in the Assessments area on AUTonline for this paper. Instructions: How to submit Project #1….. 1. Once you have completed Project #1, log on to AUTOnline and select this paper: Engineering Computer Systems Management 2. Click the “Projects” button on the menu 3. Select “Project 1 – Excel Model” 4. Click this item: 5. In the section “2. Assignment Materials”… and word document), alongside “Attach File” click the button and select your Project #1 spreadsheet that you are handing in for marking, then click the button. This will attach the file ready for submitting.
ur Project #1 Word document (Report) that you are handing in for marking. to remove the incorrect file and then repeat the above steps to add the correct file(s). t about your assignment if you wish… 6. Once you have attached the two files you are submitting for Project #1 then in section “3. Submit”, click the button to submit the two files to your lecturer for marking. 7. Once you have submitted your Project you cannot resubmit it. If you have made an error or mistake after you have clicked the button you will need to see your lecturer to reset your Project #1 account.

Recommended

Windows FTK Forensics.pdf
Windows FTK Forensics.pdfWindows FTK Forensics.pdf
Windows FTK Forensics.pdfssusere6dc9d
 
841- Advanced Computer ForensicsUnix Forensics LabDue Date.docx
841- Advanced Computer ForensicsUnix Forensics LabDue Date.docx841- Advanced Computer ForensicsUnix Forensics LabDue Date.docx
841- Advanced Computer ForensicsUnix Forensics LabDue Date.docxevonnehoggarth79783
 
INT 1010 04-5.pdf
INT 1010 04-5.pdfINT 1010 04-5.pdf
INT 1010 04-5.pdfLuis R Castellanos
 
Digital Forensic Examination Summary Report(for ALL lab assignme.docx
Digital Forensic Examination Summary Report(for ALL lab assignme.docxDigital Forensic Examination Summary Report(for ALL lab assignme.docx
Digital Forensic Examination Summary Report(for ALL lab assignme.docxlynettearnold46882
 
data hiding techniques.ppt
data hiding techniques.pptdata hiding techniques.ppt
data hiding techniques.pptMuzamil Amin
 
Forensic Toolkit Analysis Of A Windows 98 Virtual
Forensic Toolkit Analysis Of A Windows 98 VirtualForensic Toolkit Analysis Of A Windows 98 Virtual
Forensic Toolkit Analysis Of A Windows 98 VirtualBrjco
 
Lab 1 Essay
Lab 1 EssayLab 1 Essay
Lab 1 EssayMelissa Moore
 
Data Forensics Tool
Data Forensics ToolData Forensics Tool
Data Forensics ToolKartikey Chaturvedi
 

Recommended

Windows FTK Forensics.pdf
Windows FTK Forensics.pdfWindows FTK Forensics.pdf
Windows FTK Forensics.pdfssusere6dc9d
 
841- Advanced Computer ForensicsUnix Forensics LabDue Date.docx
841- Advanced Computer ForensicsUnix Forensics LabDue Date.docx841- Advanced Computer ForensicsUnix Forensics LabDue Date.docx
841- Advanced Computer ForensicsUnix Forensics LabDue Date.docxevonnehoggarth79783
 
INT 1010 04-5.pdf
INT 1010 04-5.pdfINT 1010 04-5.pdf
INT 1010 04-5.pdfLuis R Castellanos
 
Digital Forensic Examination Summary Report(for ALL lab assignme.docx
Digital Forensic Examination Summary Report(for ALL lab assignme.docxDigital Forensic Examination Summary Report(for ALL lab assignme.docx
Digital Forensic Examination Summary Report(for ALL lab assignme.docxlynettearnold46882
 
data hiding techniques.ppt
data hiding techniques.pptdata hiding techniques.ppt
data hiding techniques.pptMuzamil Amin
 
Forensic Toolkit Analysis Of A Windows 98 Virtual
Forensic Toolkit Analysis Of A Windows 98 VirtualForensic Toolkit Analysis Of A Windows 98 Virtual
Forensic Toolkit Analysis Of A Windows 98 VirtualBrjco
 
Lab 1 Essay
Lab 1 EssayLab 1 Essay
Lab 1 EssayMelissa Moore
 
Data Forensics Tool
Data Forensics ToolData Forensics Tool
Data Forensics ToolKartikey Chaturvedi
 
Evaluate a Health WebsiteName Click here to enter text.Course Cli.docx
Evaluate a Health WebsiteName Click here to enter text.Course Cli.docxEvaluate a Health WebsiteName Click here to enter text.Course Cli.docx
Evaluate a Health WebsiteName Click here to enter text.Course Cli.docxSANSKAR20
 
Digital Asset Management Forum Chicago 2011
Digital Asset Management Forum Chicago 2011Digital Asset Management Forum Chicago 2011
Digital Asset Management Forum Chicago 2011Extensis
 
Assessment item 1 File Systems and Advanced Scripting .docx
Assessment item 1 File Systems and Advanced Scripting .docxAssessment item 1 File Systems and Advanced Scripting .docx
Assessment item 1 File Systems and Advanced Scripting .docxdavezstarr61655
 
What One Digital Forensics Expert Found on Hundreds of Hard Drives, iPhones a...
What One Digital Forensics Expert Found on Hundreds of Hard Drives, iPhones a...What One Digital Forensics Expert Found on Hundreds of Hard Drives, iPhones a...
What One Digital Forensics Expert Found on Hundreds of Hard Drives, iPhones a...Blancco
 
Sas UTR How To Create Your UTRs Sep2009
Sas UTR How To Create Your UTRs Sep2009Sas UTR How To Create Your UTRs Sep2009
Sas UTR How To Create Your UTRs Sep2009praack
 
Chapter 8 Common Forensic ToolsOverviewIn this chapter, youl.docx
Chapter 8 Common Forensic ToolsOverviewIn this chapter, youl.docxChapter 8 Common Forensic ToolsOverviewIn this chapter, youl.docx
Chapter 8 Common Forensic ToolsOverviewIn this chapter, youl.docxchristinemaritza
 
Linux Operating System Resembles Unix Operating. System
Linux Operating System Resembles Unix Operating. SystemLinux Operating System Resembles Unix Operating. System
Linux Operating System Resembles Unix Operating. SystemOlga Bautista
 
Unit3
Unit3Unit3
Unit313023901-016
 
Downloading Steps
Downloading StepsDownloading Steps
Downloading StepsArnel Bautista
 
SysInfoTools MS Word DOCM Recovery
SysInfoTools MS Word DOCM RecoverySysInfoTools MS Word DOCM Recovery
SysInfoTools MS Word DOCM RecoverySysInfoTools Software
 
Examine Evidence PartitionsAnalysis of four small partitions ext.docx
Examine Evidence PartitionsAnalysis of four small partitions ext.docxExamine Evidence PartitionsAnalysis of four small partitions ext.docx
Examine Evidence PartitionsAnalysis of four small partitions ext.docxcravennichole326
 
SysInfoTools MS Word Doc Repair
SysInfoTools MS Word Doc RepairSysInfoTools MS Word Doc Repair
SysInfoTools MS Word Doc RepairSysInfoTools Software
 
Leveraging NTFS Timeline Forensics during the Analysis of Malware
Leveraging NTFS Timeline Forensics during the Analysis of MalwareLeveraging NTFS Timeline Forensics during the Analysis of Malware
Leveraging NTFS Timeline Forensics during the Analysis of Malwaretmugherini
 
DR FAT
DR FATDR FAT
DR FATJohn Laycock
 
SysInfoTools OpenOffice Writer Repair
SysInfoTools OpenOffice Writer RepairSysInfoTools OpenOffice Writer Repair
SysInfoTools OpenOffice Writer RepairSysInfoTools Software
 
SAMPLE Project (Answers and explanations are in red)I opened t.docx
SAMPLE Project (Answers and explanations are in red)I opened t.docxSAMPLE Project (Answers and explanations are in red)I opened t.docx
SAMPLE Project (Answers and explanations are in red)I opened t.docxagnesdcarey33086
 
How to erase private data permanently
How to erase private data permanentlyHow to erase private data permanently
How to erase private data permanentlyLisa Liao
 
UserGuideHDFS_FinalDocument
UserGuideHDFS_FinalDocumentUserGuideHDFS_FinalDocument
UserGuideHDFS_FinalDocumentAnna Ellis
 
File System Comparison on Linux Ubuntu
File System Comparison on Linux UbuntuFile System Comparison on Linux Ubuntu
File System Comparison on Linux UbuntuJayesh Tambe
 
Batch File Virus Project Technical Paper
Batch File Virus Project Technical PaperBatch File Virus Project Technical Paper
Batch File Virus Project Technical PaperStephen Whisman
 
 Assignment 1 Discussion Question Prosocial Behavior and Altrui.docx
 Assignment 1 Discussion Question Prosocial Behavior and Altrui.docx Assignment 1 Discussion Question Prosocial Behavior and Altrui.docx
 Assignment 1 Discussion Question Prosocial Behavior and Altrui.docxbudbarber38650
 
● what is name of the new unit and what topics will Professor Moss c.docx
● what is name of the new unit and what topics will Professor Moss c.docx● what is name of the new unit and what topics will Professor Moss c.docx
● what is name of the new unit and what topics will Professor Moss c.docxbudbarber38650
 

More Related Content

Similar to FTK report PART I Familiar with FTK ImagerBonus Exerc.docx

Evaluate a Health WebsiteName Click here to enter text.Course Cli.docx
Evaluate a Health WebsiteName Click here to enter text.Course Cli.docxEvaluate a Health WebsiteName Click here to enter text.Course Cli.docx
Evaluate a Health WebsiteName Click here to enter text.Course Cli.docxSANSKAR20
 
Digital Asset Management Forum Chicago 2011
Digital Asset Management Forum Chicago 2011Digital Asset Management Forum Chicago 2011
Digital Asset Management Forum Chicago 2011Extensis
 
Assessment item 1 File Systems and Advanced Scripting .docx
Assessment item 1 File Systems and Advanced Scripting .docxAssessment item 1 File Systems and Advanced Scripting .docx
Assessment item 1 File Systems and Advanced Scripting .docxdavezstarr61655
 
What One Digital Forensics Expert Found on Hundreds of Hard Drives, iPhones a...
What One Digital Forensics Expert Found on Hundreds of Hard Drives, iPhones a...What One Digital Forensics Expert Found on Hundreds of Hard Drives, iPhones a...
What One Digital Forensics Expert Found on Hundreds of Hard Drives, iPhones a...Blancco
 
Sas UTR How To Create Your UTRs Sep2009
Sas UTR How To Create Your UTRs Sep2009Sas UTR How To Create Your UTRs Sep2009
Sas UTR How To Create Your UTRs Sep2009praack
 
Chapter 8 Common Forensic ToolsOverviewIn this chapter, youl.docx
Chapter 8 Common Forensic ToolsOverviewIn this chapter, youl.docxChapter 8 Common Forensic ToolsOverviewIn this chapter, youl.docx
Chapter 8 Common Forensic ToolsOverviewIn this chapter, youl.docxchristinemaritza
 
Linux Operating System Resembles Unix Operating. System
Linux Operating System Resembles Unix Operating. SystemLinux Operating System Resembles Unix Operating. System
Linux Operating System Resembles Unix Operating. SystemOlga Bautista
 
Examine Evidence PartitionsAnalysis of four small partitions ext.docx
Examine Evidence PartitionsAnalysis of four small partitions ext.docxExamine Evidence PartitionsAnalysis of four small partitions ext.docx
Examine Evidence PartitionsAnalysis of four small partitions ext.docxcravennichole326
 
Leveraging NTFS Timeline Forensics during the Analysis of Malware
Leveraging NTFS Timeline Forensics during the Analysis of MalwareLeveraging NTFS Timeline Forensics during the Analysis of Malware
Leveraging NTFS Timeline Forensics during the Analysis of Malwaretmugherini
 
SysInfoTools OpenOffice Writer Repair
SysInfoTools OpenOffice Writer RepairSysInfoTools OpenOffice Writer Repair
SysInfoTools OpenOffice Writer RepairSysInfoTools Software
 
SAMPLE Project (Answers and explanations are in red)I opened t.docx
SAMPLE Project (Answers and explanations are in red)I opened t.docxSAMPLE Project (Answers and explanations are in red)I opened t.docx
SAMPLE Project (Answers and explanations are in red)I opened t.docxagnesdcarey33086
 
How to erase private data permanently
How to erase private data permanentlyHow to erase private data permanently
How to erase private data permanentlyLisa Liao
 
UserGuideHDFS_FinalDocument
UserGuideHDFS_FinalDocumentUserGuideHDFS_FinalDocument
UserGuideHDFS_FinalDocumentAnna Ellis
 
File System Comparison on Linux Ubuntu
File System Comparison on Linux UbuntuFile System Comparison on Linux Ubuntu
File System Comparison on Linux UbuntuJayesh Tambe
 
Batch File Virus Project Technical Paper
Batch File Virus Project Technical PaperBatch File Virus Project Technical Paper
Batch File Virus Project Technical PaperStephen Whisman
 

Similar to FTK report PART I Familiar with FTK ImagerBonus Exerc.docx (20)

Evaluate a Health WebsiteName Click here to enter text.Course Cli.docx
Evaluate a Health WebsiteName Click here to enter text.Course Cli.docxEvaluate a Health WebsiteName Click here to enter text.Course Cli.docx
Evaluate a Health WebsiteName Click here to enter text.Course Cli.docx
 
Digital Asset Management Forum Chicago 2011
Digital Asset Management Forum Chicago 2011Digital Asset Management Forum Chicago 2011
Digital Asset Management Forum Chicago 2011
 
Assessment item 1 File Systems and Advanced Scripting .docx
Assessment item 1 File Systems and Advanced Scripting .docxAssessment item 1 File Systems and Advanced Scripting .docx
Assessment item 1 File Systems and Advanced Scripting .docx
 
What One Digital Forensics Expert Found on Hundreds of Hard Drives, iPhones a...
What One Digital Forensics Expert Found on Hundreds of Hard Drives, iPhones a...What One Digital Forensics Expert Found on Hundreds of Hard Drives, iPhones a...
What One Digital Forensics Expert Found on Hundreds of Hard Drives, iPhones a...
 
Sas UTR How To Create Your UTRs Sep2009
Sas UTR How To Create Your UTRs Sep2009Sas UTR How To Create Your UTRs Sep2009
Sas UTR How To Create Your UTRs Sep2009
 
Chapter 8 Common Forensic ToolsOverviewIn this chapter, youl.docx
Chapter 8 Common Forensic ToolsOverviewIn this chapter, youl.docxChapter 8 Common Forensic ToolsOverviewIn this chapter, youl.docx
Chapter 8 Common Forensic ToolsOverviewIn this chapter, youl.docx
 
Linux Operating System Resembles Unix Operating. System
Linux Operating System Resembles Unix Operating. SystemLinux Operating System Resembles Unix Operating. System
Linux Operating System Resembles Unix Operating. System
 
Unit3
Unit3Unit3
Unit3
 
Downloading Steps
Downloading StepsDownloading Steps
Downloading Steps
 
SysInfoTools MS Word DOCM Recovery
SysInfoTools MS Word DOCM RecoverySysInfoTools MS Word DOCM Recovery
SysInfoTools MS Word DOCM Recovery
 
Examine Evidence PartitionsAnalysis of four small partitions ext.docx
Examine Evidence PartitionsAnalysis of four small partitions ext.docxExamine Evidence PartitionsAnalysis of four small partitions ext.docx
Examine Evidence PartitionsAnalysis of four small partitions ext.docx
 
SysInfoTools MS Word Doc Repair
SysInfoTools MS Word Doc RepairSysInfoTools MS Word Doc Repair
SysInfoTools MS Word Doc Repair
 
Leveraging NTFS Timeline Forensics during the Analysis of Malware
Leveraging NTFS Timeline Forensics during the Analysis of MalwareLeveraging NTFS Timeline Forensics during the Analysis of Malware
Leveraging NTFS Timeline Forensics during the Analysis of Malware
 
DR FAT
DR FATDR FAT
DR FAT
 
SysInfoTools OpenOffice Writer Repair
SysInfoTools OpenOffice Writer RepairSysInfoTools OpenOffice Writer Repair
SysInfoTools OpenOffice Writer Repair
 
SAMPLE Project (Answers and explanations are in red)I opened t.docx
SAMPLE Project (Answers and explanations are in red)I opened t.docxSAMPLE Project (Answers and explanations are in red)I opened t.docx
SAMPLE Project (Answers and explanations are in red)I opened t.docx
 
How to erase private data permanently
How to erase private data permanentlyHow to erase private data permanently
How to erase private data permanently
 
UserGuideHDFS_FinalDocument
UserGuideHDFS_FinalDocumentUserGuideHDFS_FinalDocument
UserGuideHDFS_FinalDocument
 
File System Comparison on Linux Ubuntu
File System Comparison on Linux UbuntuFile System Comparison on Linux Ubuntu
File System Comparison on Linux Ubuntu
 
Batch File Virus Project Technical Paper
Batch File Virus Project Technical PaperBatch File Virus Project Technical Paper
Batch File Virus Project Technical Paper
 

More from budbarber38650

 Assignment 1 Discussion Question Prosocial Behavior and Altrui.docx
 Assignment 1 Discussion Question Prosocial Behavior and Altrui.docx Assignment 1 Discussion Question Prosocial Behavior and Altrui.docx
 Assignment 1 Discussion Question Prosocial Behavior and Altrui.docxbudbarber38650
 
● what is name of the new unit and what topics will Professor Moss c.docx
● what is name of the new unit and what topics will Professor Moss c.docx● what is name of the new unit and what topics will Professor Moss c.docx
● what is name of the new unit and what topics will Professor Moss c.docxbudbarber38650
 
…Multiple intelligences describe an individual’s strengths or capac.docx
…Multiple intelligences describe an individual’s strengths or capac.docx…Multiple intelligences describe an individual’s strengths or capac.docx
…Multiple intelligences describe an individual’s strengths or capac.docxbudbarber38650
 
• World Cultural Perspective Paper Final SubmissionResources.docx
• World Cultural Perspective Paper Final SubmissionResources.docx• World Cultural Perspective Paper Final SubmissionResources.docx
• World Cultural Perspective Paper Final SubmissionResources.docxbudbarber38650
 
•       Write a story; explaining and analyzing how a ce.docx
•       Write a story; explaining and analyzing how a ce.docx•       Write a story; explaining and analyzing how a ce.docx
•       Write a story; explaining and analyzing how a ce.docxbudbarber38650
 
•Use the general topic suggestion to form the thesis statement.docx
•Use the general topic suggestion to form the thesis statement.docx•Use the general topic suggestion to form the thesis statement.docx
•Use the general topic suggestion to form the thesis statement.docxbudbarber38650
 
•The topic is culture adaptation ( adoption )16 slides.docx
•The topic is culture adaptation ( adoption )16 slides.docx•The topic is culture adaptation ( adoption )16 slides.docx
•The topic is culture adaptation ( adoption )16 slides.docxbudbarber38650
 
•Choose 1 of the department work flow processes, and put together a .docx
•Choose 1 of the department work flow processes, and put together a .docx•Choose 1 of the department work flow processes, and put together a .docx
•Choose 1 of the department work flow processes, and put together a .docxbudbarber38650
 
‘The problem is not that people remember through photographs, but th.docx
‘The problem is not that people remember through photographs, but th.docx‘The problem is not that people remember through photographs, but th.docx
‘The problem is not that people remember through photographs, but th.docxbudbarber38650
 
·                                     Choose an articleo.docx
·                                     Choose an articleo.docx·                                     Choose an articleo.docx
·                                     Choose an articleo.docxbudbarber38650
 
·You have been engaged to prepare the 2015 federal income tax re.docx
·You have been engaged to prepare the 2015 federal income tax re.docx·You have been engaged to prepare the 2015 federal income tax re.docx
·You have been engaged to prepare the 2015 federal income tax re.docxbudbarber38650
 
·Time Value of MoneyQuestion A·Discuss the significance .docx
·Time Value of MoneyQuestion A·Discuss the significance .docx·Time Value of MoneyQuestion A·Discuss the significance .docx
·Time Value of MoneyQuestion A·Discuss the significance .docxbudbarber38650
 
·Reviewthe steps of the communication model on in Ch. 2 of Bus.docx
·Reviewthe steps of the communication model on in Ch. 2 of Bus.docx·Reviewthe steps of the communication model on in Ch. 2 of Bus.docx
·Reviewthe steps of the communication model on in Ch. 2 of Bus.docxbudbarber38650
 
·Research Activity Sustainable supply chain can be viewed as.docx
·Research Activity Sustainable supply chain can be viewed as.docx·Research Activity Sustainable supply chain can be viewed as.docx
·Research Activity Sustainable supply chain can be viewed as.docxbudbarber38650
 
·DISCUSSION 1 – VARIOUS THEORIES – Discuss the following in 150-.docx
·DISCUSSION 1 – VARIOUS THEORIES – Discuss the following in 150-.docx·DISCUSSION 1 – VARIOUS THEORIES – Discuss the following in 150-.docx
·DISCUSSION 1 – VARIOUS THEORIES – Discuss the following in 150-.docxbudbarber38650
 
·Module 6 Essay ContentoThe ModuleWeek 6 essay require.docx
·Module 6 Essay ContentoThe ModuleWeek 6 essay require.docx·Module 6 Essay ContentoThe ModuleWeek 6 essay require.docx
·Module 6 Essay ContentoThe ModuleWeek 6 essay require.docxbudbarber38650
 
·Observe a group discussing a topic of interest such as a focus .docx
·Observe a group discussing a topic of interest such as a focus .docx·Observe a group discussing a topic of interest such as a focus .docx
·Observe a group discussing a topic of interest such as a focus .docxbudbarber38650
 
·Identify any program constraints, such as financial resources, .docx
·Identify any program constraints, such as financial resources, .docx·Identify any program constraints, such as financial resources, .docx
·Identify any program constraints, such as financial resources, .docxbudbarber38650
 
·Double-spaced·12-15 pages each chapterThe followi.docx
·Double-spaced·12-15 pages each chapterThe followi.docx·Double-spaced·12-15 pages each chapterThe followi.docx
·Double-spaced·12-15 pages each chapterThe followi.docxbudbarber38650
 
© 2019 Cengage. All Rights Reserved. Linear RegressionC.docx
© 2019 Cengage. All Rights Reserved. Linear RegressionC.docx© 2019 Cengage. All Rights Reserved. Linear RegressionC.docx
© 2019 Cengage. All Rights Reserved. Linear RegressionC.docxbudbarber38650
 

More from budbarber38650 (20)

 Assignment 1 Discussion Question Prosocial Behavior and Altrui.docx
 Assignment 1 Discussion Question Prosocial Behavior and Altrui.docx Assignment 1 Discussion Question Prosocial Behavior and Altrui.docx
 Assignment 1 Discussion Question Prosocial Behavior and Altrui.docx
 
● what is name of the new unit and what topics will Professor Moss c.docx
● what is name of the new unit and what topics will Professor Moss c.docx● what is name of the new unit and what topics will Professor Moss c.docx
● what is name of the new unit and what topics will Professor Moss c.docx
 
…Multiple intelligences describe an individual’s strengths or capac.docx
…Multiple intelligences describe an individual’s strengths or capac.docx…Multiple intelligences describe an individual’s strengths or capac.docx
…Multiple intelligences describe an individual’s strengths or capac.docx
 
• World Cultural Perspective Paper Final SubmissionResources.docx
• World Cultural Perspective Paper Final SubmissionResources.docx• World Cultural Perspective Paper Final SubmissionResources.docx
• World Cultural Perspective Paper Final SubmissionResources.docx
 
•       Write a story; explaining and analyzing how a ce.docx
•       Write a story; explaining and analyzing how a ce.docx•       Write a story; explaining and analyzing how a ce.docx
•       Write a story; explaining and analyzing how a ce.docx
 
•Use the general topic suggestion to form the thesis statement.docx
•Use the general topic suggestion to form the thesis statement.docx•Use the general topic suggestion to form the thesis statement.docx
•Use the general topic suggestion to form the thesis statement.docx
 
•The topic is culture adaptation ( adoption )16 slides.docx
•The topic is culture adaptation ( adoption )16 slides.docx•The topic is culture adaptation ( adoption )16 slides.docx
•The topic is culture adaptation ( adoption )16 slides.docx
 
•Choose 1 of the department work flow processes, and put together a .docx
•Choose 1 of the department work flow processes, and put together a .docx•Choose 1 of the department work flow processes, and put together a .docx
•Choose 1 of the department work flow processes, and put together a .docx
 
‘The problem is not that people remember through photographs, but th.docx
‘The problem is not that people remember through photographs, but th.docx‘The problem is not that people remember through photographs, but th.docx
‘The problem is not that people remember through photographs, but th.docx
 
·                                     Choose an articleo.docx
·                                     Choose an articleo.docx·                                     Choose an articleo.docx
·                                     Choose an articleo.docx
 
·You have been engaged to prepare the 2015 federal income tax re.docx
·You have been engaged to prepare the 2015 federal income tax re.docx·You have been engaged to prepare the 2015 federal income tax re.docx
·You have been engaged to prepare the 2015 federal income tax re.docx
 
·Time Value of MoneyQuestion A·Discuss the significance .docx
·Time Value of MoneyQuestion A·Discuss the significance .docx·Time Value of MoneyQuestion A·Discuss the significance .docx
·Time Value of MoneyQuestion A·Discuss the significance .docx
 
·Reviewthe steps of the communication model on in Ch. 2 of Bus.docx
·Reviewthe steps of the communication model on in Ch. 2 of Bus.docx·Reviewthe steps of the communication model on in Ch. 2 of Bus.docx
·Reviewthe steps of the communication model on in Ch. 2 of Bus.docx
 
·Research Activity Sustainable supply chain can be viewed as.docx
·Research Activity Sustainable supply chain can be viewed as.docx·Research Activity Sustainable supply chain can be viewed as.docx
·Research Activity Sustainable supply chain can be viewed as.docx
 
·DISCUSSION 1 – VARIOUS THEORIES – Discuss the following in 150-.docx
·DISCUSSION 1 – VARIOUS THEORIES – Discuss the following in 150-.docx·DISCUSSION 1 – VARIOUS THEORIES – Discuss the following in 150-.docx
·DISCUSSION 1 – VARIOUS THEORIES – Discuss the following in 150-.docx
 
·Module 6 Essay ContentoThe ModuleWeek 6 essay require.docx
·Module 6 Essay ContentoThe ModuleWeek 6 essay require.docx·Module 6 Essay ContentoThe ModuleWeek 6 essay require.docx
·Module 6 Essay ContentoThe ModuleWeek 6 essay require.docx
 
·Observe a group discussing a topic of interest such as a focus .docx
·Observe a group discussing a topic of interest such as a focus .docx·Observe a group discussing a topic of interest such as a focus .docx
·Observe a group discussing a topic of interest such as a focus .docx
 
·Identify any program constraints, such as financial resources, .docx
·Identify any program constraints, such as financial resources, .docx·Identify any program constraints, such as financial resources, .docx
·Identify any program constraints, such as financial resources, .docx
 
·Double-spaced·12-15 pages each chapterThe followi.docx
·Double-spaced·12-15 pages each chapterThe followi.docx·Double-spaced·12-15 pages each chapterThe followi.docx
·Double-spaced·12-15 pages each chapterThe followi.docx
 
© 2019 Cengage. All Rights Reserved. Linear RegressionC.docx
© 2019 Cengage. All Rights Reserved. Linear RegressionC.docx© 2019 Cengage. All Rights Reserved. Linear RegressionC.docx
© 2019 Cengage. All Rights Reserved. Linear RegressionC.docx
 

Recently uploaded

Paris 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityParis 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityGeoBlogs
 
Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3JemimahLaneBuaron
 
Introduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The BasicsIntroduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The BasicsTechSoup
 
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfBASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfSoniaTolstoy
 
Sports & Fitness Value Added Course FY..
Sports & Fitness Value Added Course FY..Sports & Fitness Value Added Course FY..
Sports & Fitness Value Added Course FY..Disha Kariya
 
9548086042 for call girls in Indira Nagar with room service
9548086042 for call girls in Indira Nagar with room service9548086042 for call girls in Indira Nagar with room service
9548086042 for call girls in Indira Nagar with room servicediscovermytutordmt
 
Measures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeMeasures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeThiyagu K
 
Mastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory InspectionMastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory InspectionSafetyChain Software
 
Accessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactAccessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactdawncurless
 
microwave assisted reaction. General introduction
microwave assisted reaction. General introductionmicrowave assisted reaction. General introduction
microwave assisted reaction. General introductionMaksud Ahmed
 
Activity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfActivity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfciinovamais
 
APM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across SectorsAPM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across SectorsAssociation for Project Management
 
Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)eniolaolutunde
 
Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17Celine George
 
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...EduSkills OECD
 
Russian Call Girls in Andheri Airport Mumbai WhatsApp 9167673311 💞 Full Nigh...
Russian Call Girls in Andheri Airport Mumbai WhatsApp 9167673311 💞 Full Nigh...Russian Call Girls in Andheri Airport Mumbai WhatsApp 9167673311 💞 Full Nigh...
Russian Call Girls in Andheri Airport Mumbai WhatsApp 9167673311 💞 Full Nigh...Pooja Nehwal
 
CARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxCARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxGaneshChakor2
 
JAPAN: ORGANISATION OF PMDA, PHARMACEUTICAL LAWS & REGULATIONS, TYPES OF REGI...
JAPAN: ORGANISATION OF PMDA, PHARMACEUTICAL LAWS & REGULATIONS, TYPES OF REGI...JAPAN: ORGANISATION OF PMDA, PHARMACEUTICAL LAWS & REGULATIONS, TYPES OF REGI...
JAPAN: ORGANISATION OF PMDA, PHARMACEUTICAL LAWS & REGULATIONS, TYPES OF REGI...anjaliyadav012327
 

Recently uploaded (20)

Mattingly "AI & Prompt Design: The Basics of Prompt Design"
Mattingly "AI & Prompt Design: The Basics of Prompt Design"Mattingly "AI & Prompt Design: The Basics of Prompt Design"
Mattingly "AI & Prompt Design: The Basics of Prompt Design"
 
Paris 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityParis 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activity
 
Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3
 
Introduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The BasicsIntroduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The Basics
 
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfBASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
 
Sports & Fitness Value Added Course FY..
Sports & Fitness Value Added Course FY..Sports & Fitness Value Added Course FY..
Sports & Fitness Value Added Course FY..
 
9548086042 for call girls in Indira Nagar with room service
9548086042 for call girls in Indira Nagar with room service9548086042 for call girls in Indira Nagar with room service
9548086042 for call girls in Indira Nagar with room service
 
Measures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeMeasures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and Mode
 
Mastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory InspectionMastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory Inspection
 
Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"
Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"
Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"
 
Accessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactAccessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impact
 
microwave assisted reaction. General introduction
microwave assisted reaction. General introductionmicrowave assisted reaction. General introduction
microwave assisted reaction. General introduction
 
Activity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfActivity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdf
 
APM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across SectorsAPM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across Sectors
 
Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)
 
Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17
 
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
 
Russian Call Girls in Andheri Airport Mumbai WhatsApp 9167673311 💞 Full Nigh...
Russian Call Girls in Andheri Airport Mumbai WhatsApp 9167673311 💞 Full Nigh...Russian Call Girls in Andheri Airport Mumbai WhatsApp 9167673311 💞 Full Nigh...
Russian Call Girls in Andheri Airport Mumbai WhatsApp 9167673311 💞 Full Nigh...
 
CARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxCARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptx
 
JAPAN: ORGANISATION OF PMDA, PHARMACEUTICAL LAWS & REGULATIONS, TYPES OF REGI...
JAPAN: ORGANISATION OF PMDA, PHARMACEUTICAL LAWS & REGULATIONS, TYPES OF REGI...JAPAN: ORGANISATION OF PMDA, PHARMACEUTICAL LAWS & REGULATIONS, TYPES OF REGI...
JAPAN: ORGANISATION OF PMDA, PHARMACEUTICAL LAWS & REGULATIONS, TYPES OF REGI...
 

FTK report PART I Familiar with FTK ImagerBonus Exerc.docx

  • 1. FTK report PART I: Familiar with FTK Imager Bonus Exercise 1 (5 points): Assume that you have a write- protected USB device. Image a USB device or a floppy disk to create an image in a DD format. (Note: You are not able to use the 841_Win_Forensics_Updated VM to perform this bonus exercise. You have to use your own computer for this exercise). Provide a snapshot from FTK Imager. Requires: a USB device or a floppy disk Launch FTK Imager Click File > Create Disk Image Click Physical Drive and Next Select the device and select Raw (dd) Image Type Exercise 2: View images Click File > Add Evidence Item Select Image file and then click Next Browse to your WinLabEnCase.E01 image and click Finish View the image in the Evidence Tree view Question 1: What is the VBR file used for? How to export this file? How to export a file Hash? VBR file contain information that will enable client machine to use the remote application . we can export this file by press
  • 2. export , hash file will export as a plain text. Exercise 3: Convert the WinLabEnCase image to a DD image Exercise 4: Verify images Question 2: What are the results of verification? Comparing both hashes, are they same or not? The verification matched and both hashes are the same PART II: Working with FTK 1.8x DETAILED PROCEDURES THAT MAY HELP YOU TO GO THROUGH THE FTK SOFTWARE Exercise 1: Starting a New Case Question 3: What information is required to create a new case using the FTK New Case Wizard? The information needed are : investigator name , address , phone , email , case number , case name , case path , case folder and case destination Question 4: What are the types of evidence that can be added to a case in FTK? Image of drive , local drive , folders and individual file Exercise 2: Working with FTK Click the OVERVIEW tab; note the numbers for each type of file. Question 5: How to make the number of the Checked Items to go up? How to make the number of Flagged Thumbnails to go
  • 3. up? After open each file , items will added to the checked item folder , flagged thumbnails will go up with each file we change the point which down it from red to green . File Signatures A file type (JPEG, Word Document, MP3 file) can be determined by the file’s extension and by a header that precedes the data in the file. If a file’s extension has been changed, then the only way to determine its type is by looking at its header. Question 6: Click on Bad Extension from Overview tab. Do you find any signature mismatch? What are they? There are 11 files , 8 of them are TMP extension , 1 XLS , 1 PDF and 1 DOC Data Carved Files: Question 7: Check the number of Data Carved Files, what is the number? zero Question 8: Check the number of Data Carved Files from Overview, how many files added to the case by data carving? TWO Question 9: What are those files found by performing data carving process? Why is this process so important? The files which found are the files with GIF extension , this process is very important because it helps the investigator to
  • 4. focus on one type of files which he looking for . ExploreTab Checkmark List all descendants. Question 10: What is the file system of this Image? FAT 16 Question 11: Right-click a folder and select File Properties, What information do you get? Path , file name , system attributes , file source info and file content info . Question 12: Select a file, and right-click on that file and select File Properties, What information do you get? Path , file name , system attributes , file source info , file content info and file size . Question 13: Select Documents and SettingspsmithRecent, what kind of files contain in this folder? Select each file in this folder, what kind of information do you get from the up-right window? The latest files which open on this machine are on recent file . We can get information about each file like creation time , last write time , last access time and what kind of file it is. Question 14: Select Documents and SettingspsmithLocal SettingsHistoryHistory.IE5index.dat, what kind of files contain in this file? Select each file, what kind of information
  • 5. do you get from the up-right window? We can fine internet explorer daily browsing history , we can get last accessed time for different websites which opened in the browser . Question 15: Select Documents and SettingspsmithFavorites, what are psmith’s favorite links? www.monster.com www.aerospace-technology.com/contractors www.jsfirm.com/searchcontractors.asp yahoojobs as we see the suspect man was looking for a job Question 16: Looking into the Recycled folder, which files are currently in the recycler? Select the INFO2 file from the Recycled folder, what information do you get from that file? We found 2 files , ogdiagram.gif , tse082800.pdf , in the info2 file we get information about last file which put in the recycle , what is the name and the time when the file deleted . Question 17: Looking into WINDOWSSystem32spool folder, what information can you get from this folder? From spool we get information about all the drivers and printers which install on that machine . Windows Registry Locate ntuser.dat from the Documents and Settingspsmith folder Export the ntuse.dat; then launch the AccessData Registry Viewer to include this file in the Registry Viewer. (You may also right click the file and choose View in Registry Viewer In the Registry Viewer, explore the list.
  • 6. Action 18: List any interesting results All the information about registry and all softwares which are on that machine . Graphics Tab The Graphics Tab allows you to quickly see all the pictures in the case. Checkmark List all descendants. You will now see all of the pictures contained on all of the devices in the case. Question 19: If a file’s extension has been changed to a non- graphics file type (such as changing jpg to txt), will it be displayed in the Gallery view? Provide one example to support your statement. Does EnCase work in the same way? Yes it does , and this is an advantage of FTK compared to encase Export and Copy Special Export these five graphics to your desktop. Question 20: What is the major difference between Export a file and Copy Special a file? Export will copy the file to a specific location on the machine while copy special give us option to copy what we need from file like file type , modification date and so on. Keywords and Searching Searching evidence for information pertaining to a case can be one of the most crucial steps in the examination. FTK support two kind of search, indexed and live searches. An indexed
  • 7. search uses the index file to find a search term while a live search involves an item-by-item comparison with a search term. The index file could be generated during the creation of a case or be indexed later. Question 21: What is the advantage to use indexed search vs. the live search? Index search will look inside the files for the needed information while live search check the subject of each file only Examining the Options and Import feature in the indexed Search Question 22: What are these two features used for? Options need for change search brooding options , search result options and search limiting options. Import search in side the files as a text file Question 23: Do you find any files containing US Phone numbers? List two files that in the result list. I found 299 hits in 8 files . Aviation.htm Contacts.htm Email Question 24: Read the manual and find out what kind of email formats do FTK support? FTK now supports the decryption of RSA standard PKCS7
  • 8. S/MIME email items. This includes support for MBOX, DBX, RFC822, and some PST/EDB archives Question 25: Did anything happen? Do you find any important information? If so, what kind of information you got? ye s I found a lot of information like that the suspect talk with someone about meeting and offering him an offer of work Case Report After performing a thorough forensic investigation, it is critical that you are able to publish and present your findings. FTK has a sophisticated report wizard that allows you to assemble and publish case information. The final report generated by the FTK wizard is in HTML format. Click File > Report Wizard Fill in the Case information which will appear on the Case Information page of the report. Create a report to include the following: a) all bookmarks and export all bookmarked files b) Export full-size graphics and link them to the thumbnails c) Include the Date and Time file Properties for the Bookmarked Files d) Include only graphics flagged green in the Graphics View e) Group 6 thumbnail per row f) Include Bad Extension files in the report and export the files to the report along with its data and time property g) Add one or more of your own file to the report that support your statement h) Create a custom graphic for the report.
  • 9. Action 26: Include two screenshots of this report in your submission.
  • 10. 1 Computer Forensics - FTK Engineering Computer Systems Management – 767425 Project #1 (Due date: Monday 19 August 2013) The aim of this project is for you to discover how to use a spreadsheet to “model” a typical engineering problem, in this case a heat transfer situation. And to discover how this model can be used to solve problems that would otherwise require lengthy analytical or trial and error solutions. The model can then be used as a design/analysis tool to try out various “what if” scenarios. Hot oil is used as an alternative to steam for providing process heat in some industries. In our scenario the hot oil is being pumped to the process equipment through an insulated pipe and we want to determine the rate of heat loss per metre of pipe. The pipe is made from mild steel and is insulated with fibreglass and clad with stainless steel. Heat is being lost from the stainless steel cladding surface by convection and by
  • 11. radiation. The initial problem is to determine the heat loss ̇ and cladding surface temperature for various thicknesses of the fibreglass insulation. Heat Transfer Situation: The following data is given: hot oil temperature, ............................................................ 180°C steel pipe internal diameter, ..................................................... 80 mm steel pipe external diameter, .................................................... 90 mm pipe length, ................................................................................. nominal, 1 m inside convection heat transfer coefficient, ............................... 50 W/m 2 °C
  • 12. steel pipe thermal conductivity, ............................................ 35 W/m°C initial fibreglass insulation thicknesses ........................................... 25 mm insulation thermal conductivity, ............................................. 0.039 W/m°C stainless steel cladding thickness ................................................... 2.6 mm stainless steel cladding thermal conductivity, ........................ 14 W/m°C stainless steel emissivity, ....................................................... 0.2 outside convection heat transfer coefficient, ........................... 18 W/m 2 °C ambient/surrounding surface temperature, .......................... 22°C Relevant formulae: ̇ ̇ ̇ ̇ ̇ ( )
  • 13. ∑( ( ) ) ̇ ( ) ̇ ( ) stainless steel cladding steel pipe fibreglass insulation � � � �3 � � �̇�
  • 14. �̇� �̇� �̇� � At first glance this looks to be a relatively simple problem, however to solve it we need to find the surface temperature, before we can find the heat loss, ̇ . To solve for analytically would require the solution of a polynomial (quartic) equation. With the spreadsheet we can solve this fairly easily using a trial and error approach or using one of the advanced tools available in Excel to automate this process... Specific requirements: You are required to: using Microsoft Excel, as detailed below. omments and results as also detailed below. 1. Spreadsheet Model Set up your spreadsheet model of the heat transfer situation with an area for input values (all of the data given above), an area for intermediate answers (eg radii, ̇ , ̇ , ̇ ), and an area for the final results, and ̇ . Your model should be set up to be as
  • 15. flexible as possible to produce answers for and ̇ for a given insulation thickness. (Imagine other engineers might use your spreadsheet as a tool for similar heat loss situations, so make it clear, easy to use and helpful). In your Report (Word document) : functions or tools you used, and how you used them to solve for s and ̇loss for a given insulation thickness. Provide a table summarising your results ( and ̇ ), for the following insulation thicknesses: 25 mm, 50 mm, 75 mm and 100 mm. 2. Further Analysis Use your spreadsheet model to determine the thickness of insulation required to give a cladding surface temperature of say 50°C. In your Report (Word document) : 3. “What if” analysis Set the insulation thickness to 75mm and then use your model to investigate the following “what if”
  • 16. situations (ie what happens to surface temperature, and heat loss, ̇ if the following changes occurred). 4 or even 0.8 over a period of time as the stainless steel became more oxidised? that the thermal conductivity increased to a value of say 0.06 or 0.1 W/m°C? ture increased to 250°C or decreased to 120°C? increases to 30°C? to 12 W/m 2 °C or increases to 50 W/m 2 °C. to 30 W/m 2 °C or increases to 100 W/m 2
  • 17. °C In your Report (Word document) : values and new values of and ̇ and discuss whether or not you think the change is significant. main factors that affect the rate of heat loss for an insulated hot oil pipe like this … (use your results from the above “What if” analysis). 4. Comments and Conclusion In your Report add a Comments and Conclusions section and briefly comment on the following: this on a spreadsheet compared to using a calculator and /or hand calculations. -if” scenarios? this on a spreadsheet, and other people using it? Note: Marks will also be awarded for layout (of spreadsheet model) and overall ease of use. Bonus
  • 18. marks may be awarded for additional helpful features… 5. Submit the spreadsheet and supporting document for marking by 4:00 pm, Monday 19 August 2013, using AUTonline. Instructions for doing this are provided below and in the Assessments area on AUTonline for this paper. Instructions: How to submit Project #1….. 1. Once you have completed Project #1, log on to AUTOnline and select this paper: Engineering Computer Systems Management 2. Click the “Projects” button on the menu 3. Select “Project 1 – Excel Model” 4. Click this item: 5. In the section “2. Assignment Materials”… and word document), alongside “Attach File” click the button and select your Project #1 spreadsheet that you are handing in for marking, then click the button. This will attach the file ready for submitting.
  • 19. ur Project #1 Word document (Report) that you are handing in for marking. to remove the incorrect file and then repeat the above steps to add the correct file(s). t about your assignment if you wish… 6. Once you have attached the two files you are submitting for Project #1 then in section “3. Submit”, click the button to submit the two files to your lecturer for marking. 7. Once you have submitted your Project you cannot resubmit it. If you have made an error or mistake after you have clicked the button you will need to see your lecturer to reset your Project #1 account.