¶ … FTK Imager, the Digital Forensic Toolkit FTK Imager is an imaging and data preview tool used for forensic analysis. Typically, the FTK imager can create disk images for USB and hard drives. The FTK can also create forensic images (perfect copies) of data without altering the original evidence. Moreover, the FTK imager can create MD5 or SHAI hashes of files and be able to recover deleted files from Recycle Bin.

Objective of this project is to investigate the strategy of using the FTK for forensic investigation.

Use of the FTK

The first step is to install the FTK Imager, which can be accessed from the following website: http://accessdata.com/product-download/?/support/adownloads

After opening the webpage, the current releases of the digital forensic tools appear ad being revealed below:

Then, click FTK Image and Click the FTK Imager, version 3.4.2, and Click download. After completing the installation, the next section discusses the method of adding a file folder or file as evidence.

1.Method of Adding a file folder or an individual file as Evidence

Method to add a file folder or an individual file as evidence is as follows:

Select file from the top left of the folder

Select Add Evidence Item

Select Source, and (Physical Drive, Image file, Logical Drive, and Contents of a file) appears

PHYSICALDRIVE appears under Evidence Tree as revealed below:

2.Differences between HEX view and TEXT view

Text view allows an individual to view a file content as Unicode or ASCII characters. The text view can assist in viewing binary and text data, which is not visible when the file is in its native form. On the other hand, Hex view refers to byte of data in a file, which is in hexadecimal code.

The following procedure is used for Text View .

Text View

Select View files in plain text

Select Add Evidence Item

Select Source (Physical Drive, Image file, Logical Drive, and Contents of a file) appear

Click Next

Click Finish

Double...

In the United States, over 130,000 companies use the FTK imager for different functions such as e-discovery and forensic functions.
FTK provides you with and entire quite of investigative tools necessary to conduct digital investigations smarter, faster and more effectively. It allows you to quickly establish case facts through innovative and market leading features such as distributed processing, collaborative case analysis, evidence visualization reports and more; all in one single comprehensive solution. FTK provides innovative and integrated features to support data processing integrity, speed and analysis depth. (Access Data, 2015 p 1).

One of the strengths of the FTK imager is that it can be used as an evidence preservation in case an attacker is caught and there is a need to present the evidence in the court of law. Using the FTK forensic tool, it will be easy to extract evidence, which can assist in convicting a hacker criminal. FTK also acquires, previews, and analyzes the peripheral device data, hard drive data, as well as accessing memory / volatile data from the remote systems from a your network.

Moreover, the tool can be used to approve or disapprove an allegation within virtual environment. One of major strengths of the FTK is that it can assist in acquiring image for…