offers law enforcement and corporate security professionals the ability to perform complete and thorough computer forensic examinations. The FTK features powerful file filtering and search functionality. FTK's customizable filters allow you to sort through thousands of files to quickly find the evidence you need. FTK is recognized as the leading forensic tool to perform e-mail analysis.
FTK is a forensic tool for use on Windows. The tool overview page also gives a good description of FTK's other qualities but I'll leave that bit of reading up to you. I have used FTK in a classroom setting, personal use, and recovering data from corrupted disks and files for other people.
I have never used it in an official investigation however the professor who taught the forensic class that I took does have extensive law enforcement experience so that is good enough for me.
First of all we need to download and install FTK. As you will see on the download page, the version of FTK is the Demo Version 1.60.
Be advised that it will only handle 5,000 files or less in any case added to it. Also, you will want to download and install the Known File Filter (KFF).
The KFF is a collection of standard operating system and program files, known child porn and other potential evidence files, and hash datasets. It basically makes it easy for you to identify a file as "known" that otherwise would make you chase it down to identify its use or purpose.
FTK download site:
http://www.accessdata.com/Product04_Download.htm
Download and install FTK and the KFF. You can either download it as a whole or in parts, whichever is better for your situation (bandwidth, time, etc). The KFF is quite large at 183MB so you might want to download it overnight or somewhere with a fast connection.
You will need administrator access to your machine to do the installation. Double-clicking on the setup files should take care of everything. I used the default values for the install.
In the next installment, I'll show you how to add an image to a case and we'll start browsing around the application.
No comments:
Post a Comment