LAB 3 - FTK Imager

.docx

School

University of Cincinnati, Main Campus *

*We aren’t endorsed by this school

Course

3072C

Subject

Computer Science

Date

Feb 20, 2024

Type

docx

Pages

Uploaded by DoctorFlagCamel35

IT3072C LAB3 – FTK Imager Instructions Login to the Sandbox environment and access your VM. If your VM is ON, power it OFF. Ensure your VM is powered down via the CECH Sandbox Console. Select the “Actions” icon next to your VM and then “Mount CD-ROM”  Configure the information by selecting “Datastore ISO File” and then “ IT3072C-ImageFiles .iso”.   Click the “Submit” button. You will see the “ Mount CD-ROM Request Has Been Submitted ” message. Please be patient with your VM. LAB 3 Page 1

IT3072C Power ON your VM. After you login, access the sample image files.  Create a “C:\Images” directory on the root of your hard drive.  Click “E:” drive to view the Image Files.   Copy all of the data to the C:\Images directory. Now is a great time to check your “view file” settings in Windows File Explorer (Hint: View  Options  View). Make sure the following options are set, then click [APPLY]:  Show hidden files, folders, and drives (check)  Hide empty drives (un-check)  Hide extensions for known file types (un-check) LAB 3 Page 2

IT3072C FTK Imager Exterro purchased AccessData in 2020. FTK Imager is the first forensic tool that we will use in the course. As the name implies, you can use FTK Imager to create forensic images. It also can be used to verify forensic images, export files and folders, create a hash set, create a custom content image, create a directory and file listing, capture RAM, obtain Windows Registry files, and even perform live searches. One important feature of FTK Imager is the ability to create and view image verification logs. Launch FTK Imager On your desktop, click the “ AccessData FTK Imager ” shortcut. This will open the FTK Imager interface that has the following seven components: Menu Bar, Toolbar, Evidence Tree View, Properties/Hex Value / Custom Content tabs, Status Bar, File List Pane, and Viewer Pane. During this course, you will get proficient with this forensic tool! Access the FTK User Guide From the Menu Bar, click the [Help] button to access the FTK Imager User Guide. LAB 3 Page 3 Status Bar Evidence Tree View File List Pane Viewer Pane Properties / Hex Value / Custom Content tabs Menu Bar Toolbar

IT3072C The File Menu Notice that not all File Menu options are available at the start of the program. FTK Imager provides context-sensitive functionality. The View Menu The View Menu allows you to customize your view of the FTK Imager. You can use View Menu to ensure your data is displaying in the appropriate window. Notice the menu option to [Reset Docked Windows]. This will return the displays to their default values. LAB 3 Page 4

Your preview ends here

Eager to read complete document? Join bartleby learn and gain access to the full version

Access to all documents
Unlimited textbook solutions
24/7 expert homework help