Ftk Imager the Digital Forensic Toolkit Analysis

¶ … FTK Imager, the Digital Forensic Toolkit FTK Imager is an imaging and data preview tool used for forensic analysis. Typically, the FTK imager can create disk images for USB and hard drives. The FTK can also create forensic images (perfect copies) of data without altering the original evidence. Moreover, the FTK imager can create MD5 or SHAI hashes of files and be able to recover deleted files from Recycle Bin. Objective of this project is to investigate the strategy of using the FTK for forensic investigation.

Use of the FTK The first step is to install the FTK Imager, which can be accessed from the following website: http://accessdata.com/product-download/?/support/adownloads After opening the webpage, the current releases of the digital forensic tools appear ad being revealed below: Then, click FTK Image and Click the FTK Imager, version 3.4.2, and Click download. After completing the installation, the next section discusses the method of adding a file folder or file as evidence.

1.Method of Adding a file folder or an individual file as Evidence Method to add a file folder or an individual file as evidence is as follows: Select file from the top left of the folder Select Add Evidence Item Select Source, and (Physical Drive, Image file, Logical Drive, and Contents of a file) appears PHYSICALDRIVE appears under Evidence Tree as revealed below: 2.Differences between HEX view and TEXT view Text view allows an individual to view a file content as Unicode or ASCII characters.

The text view can assist in viewing binary and text data, which is not visible when the file is in its native form. On the other hand, Hex view refers to byte of data in a file, which is in hexadecimal code. The following procedure is used for Text View.

Text View Select View files in plain text Select Add Evidence Item Select Source (Physical Drive, Image file, Logical Drive, and Contents of a file) appear Click Next Click Finish Double Click Physical Drive Double Click Partition 1 Click System Reserved (NTFS) Click Backup Boot Sector The following procedure is used for the HEX View.

HEX view Select View files in Hex format Select Add Evidence Item Select Source (Physical Drive, Image file, Logical Drive, and Contents of a file) appear Click Next Click Finish Double Click Physical Drive Double Click Partition 1 Click System Reserved (NTFS) Click Backup Boot Sector 3.Discussion of the tool's Strengths and Weaknesses. The FTK imager is a forensic toolkit that can assist different organizations to secure the delete file and trace attacker attempting to steal sensitive data from organizational database.

In the United States, over 130,000 companies use the FTK imager for different functions such as e-discovery and forensic functions. FTK provides you with and entire quite of investigative tools necessary to conduct digital investigations smarter, faster and more effectively. It allows you to quickly establish case facts through innovative and market leading features such as distributed processing, collaborative case analysis, evidence visualization reports and more; all in one single comprehensive solution. FTK provides innovative and integrated features to support data processing integrity, speed and analysis depth. (Access Data, 2015 p 1).

One of the strengths of the FTK imager is that it can be used as an evidence preservation in case an attacker is caught and there is a need to present the evidence in the court of law. Using the FTK forensic tool, it will be easy to extract evidence, which can assist in convicting a hacker criminal. FTK also acquires, previews, and analyzes the peripheral device data, hard drive data, as well as accessing memory / volatile data from the remote systems from a your network.

Moreover, the tool can be used to approve or disapprove an allegation within virtual environment. One of major strengths of the FTK is that it can assist in acquiring image for the analysis for cataloging and indexing of data. Moreover, the FTK can be used for the investigation platform used for a comprehensive indexing and processing of image. The tool can also be used to search and filter evidence quickly, which assists in increasing the analysis speed.

Additionally, the tool assists in handling massive datasets and providing a faster processing speeds, which are not available in other tools. More importantly, the FTK serves as an image detection technology used to report and discern materials that can be used for an investigation. The tool also assists in correlating massive data sets collected from different sources that include computer hardware, network data, mobile devices, as well as from internet storage. The FTK also assists in reducing digital investigation in order to reduce the case investigation.

Another benefits of the tool is that it allows determining the actionable intelligence to carry out the Malware analysis and triage. The tool also uses the rainbow table to carry out the brute-force attacks to recover password or cryptographic key different key combination until the correct key is found. The FTK also assists in reducing case backlog, and performs comprehensive processing to increase the speed of investigation.

"FTK allows users to create images, process a wide range of data types from forensic images to email archives and mobile devices, analyze the registry, decrypt files, crack passwords, and build reports, all within a single solution." (Access Data, 2015 p 1). Additionally, the FTK allows users to create image as well as processing different types of data such as forensic images, mobile devices, and email archives. It also assists in analyzing the registry, crack passwords, decrypt files, and build reports.

FTK also utilizes distributed processing, which is the only forensics solution to have leverage multi-core / multi-threaded computers. FTK is better than other forensic tools because it does not waste potential hardware solution and 100% of hardware resources. The FTK "quickly identifies critical image and video.