You are previewing Computer Forensics with FTK.
O'Reilly logo
Computer Forensics with FTK

Book Description

Written by a specialist in digital crime, this book helps you leverage the power of the FTX platform to conduct penetrating computer forensic investigations. With a step-by-step approach, it clarifies even the most complex processes.

In Detail

With the increase of electronic crimes and the need to constantly audit the proper use of resources, companies need qualified professionals and appropriate tools to carry out these activities. The FTK platform, with the ability to collect and analyze digital evidence quickly and with integrity, is a great solution to help professionals achieve these goals. It is extremely useful for conducting digital investigations, helping you conduct a thorough investigation through a single tool and ensure the integrity of evidence. It is hard to find technical information on this tool and that’s where this book will come in handy, helping professionals perform their activities with greater excellence.

This tutorial leads by example, providing you with everything you need to use FTK and the tools included such as FTK Imager, Registry View, and PRTK in order to enhance your Computer Forensics knowledge in an easier and more efficient way.

You will be introduced to the background of Computer Forensics, which include the types of digital devices that can be acquired and how to prepare for a new case of investigation. You will become acquainted with the FTK architecture and learn how to leverage its features in order to help you find the evidence as fast as possible. Through this book, you will also learn the memory forensics technique using the memory dump feature of FTK Imager. Furthermore, you will learn how to extract some important information such as process and DLL information, Sockets, and Driver List Open Handles.

To conclude your tutorial, you will learn how to extract information from Windows Registry and how to recover passwords from the system and files. You will find this book an invaluable supplement to teach you all the steps required for the completion of investigations on digital media and to generate consistent and irrefutable evidence in court.

What You Will Learn

  • Get started with Computer Forensics using the FTK platform to conduct your digital investigation
  • Acquire different types of digital devices with integrity
  • Find evidence in Windows registry hives using Registry View
  • Understand the use of PRTK for password recovery
  • Narrowing the case using filters and keyword searches
  • Analyze Internet artifacts and e-mail messages
  • Report results using the bookmarks features
  • Learn tips and tricks to get the most out of your digital investigation results
  • Downloading the example code for this book. You can download the example code files for all Packt books you have purchased from your account at http://www.PacktPub.com. If you purchased this book elsewhere, you can visit http://www.PacktPub.com/support and register to have the files e-mailed directly to you.

    Table of Contents

    1. Computer Forensics with FTK
      1. Table of Contents
      2. Computer Forensics with FTK
      3. Credits
      4. About the Author
      5. About the Reviewers
      6. www.packtpub.com
        1. Support files, eBooks, discount offers and more
          1. Why Subscribe?
          2. Free Access for Packt account holders
      7. Preface
        1. What this book covers
        2. What you need for this book
        3. Who this book is for
        4. Conventions
        5. Reader feedback
        6. Customer support
          1. Downloading color versions of the images for this book
          2. Errata
          3. Piracy
          4. Questions
      8. 1. Getting Started with Computer Forensics Using FTK
        1. Downloading FTK
          1. Prerequisites for FTK
          2. Installing FTK and the database
          3. Running FTK for the first time
        2. Summary
      9. 2. Working with FTK Imager
        1. Data storage media
        2. Acquisition tools
        3. Image formats
        4. The FTK Imager interface
          1. The menu bar
          2. The toolbar
          3. The view panes
        5. The FTK Imager functionality
          1. Adding and previewing an evidence item
          2. Creating forensic images
          3. Mounting the image
          4. The Capture Memory feature
          5. Obtaining the protected files
          6. Detecting the EFS encryption
        6. Summary
      10. 3. Working with Registry View
        1. Understanding the Windows registry structure
        2. The main feature of Registry Viewer
          1. Generating a report
        3. Integrating with FTK
          1. Identifying the Time Zone setting
          2. Account information
        4. Summary
      11. 4. Working with FTK Forensics
        1. Introducing computer forensics and FTK
          1. Preparation
          2. Acquisition and preservation
          3. Analysis
          4. Reports and presentation
        2. Managing groups and users
        3. Creating a new investigation case
          1. The FTK interface
          2. Case processing options
          3. Refining the case evidence
        4. Summary
      12. 5. Processing the Case
        1. Changing the time zone
        2. Mounting compound files
        3. File and folder export
        4. Column settings
        5. Creating and managing bookmarks
        6. The Additional Analysis feature
        7. Carving the data
        8. Narrowing the case with KFF
        9. Searching the case
          1. The Index Search and Live Search options
          2. Regular expressions
        10. Working with filters
        11. Reporting the case
        12. Summary
      13. 6. New Features of FTK 5
        1. Distributed processing
        2. Encryption support
        3. Data visualization
        4. The Single-node enterprise
        5. Advanced volatile and memory analysis
        6. Explicit Image Detection
        7. Malware triage and analysis with Cerberus
        8. Mobile Phone Examiner
        9. Summary
      14. 7. Working with PRTK
        1. An overview of PRTK
        2. Understanding the PRTK interface
        3. Creating and managing dictionaries
        4. Starting a session for password recovery
          1. Managing profiles
        5. DNA
        6. Summary
      15. Index