Welcome to Computer Forensics with FTK. This book has specially been created to provide you with all the information you need to get started with the FTK investigation platform. You will learn the basics of computer forensics and how to use the FTK to conduct digital investigations generating court-accepted evidence.
Chapter 1, Getting Started with Computer Forensics Using FTK, will get you started with the basic installation and configuration of the FTK and how to prepare your environment lab for digital investigations.
Chapter 2, Working with FTK Imager, will teach you how to use the FTK Imager tool to create forensic images of digital devices from volatile data, such as memory.
Chapter 3, Working with Registry View, will give a step-by-step demonstration on how to work with Registry View to access and extract relevant information from Windows Registry, and how this information can be important during the investigation process.
Chapter 4, Working with FTK Forensics, will cover the main computer forensics process, explaining each step in depth. Also, you will learn some important features of the FTK, such as managing users and processing options.
Chapter 5, Processing the Case, will cover how to use the most important features for processing and filtering data during your investigation process. You will learn how to set up the tool to perform data analysis, search information, and bookmark your findings.
Chapter 6, New Features of FTK 5, will give an overview of the main new features that have been developed in the FTK 5, and make you understand how these new features can help you during your investigations.
Chapter 7, Working with PRTK, will teach you how to perform a password recovery from files and systems using the PRTK and DNA products, and how it will help you to solve problems when you find some protected information.
A computer with Windows XP or newer, AccessData Forensic Toolkit 5, some evidence file samples, and an Internet connection.
Computer forensics with the FTK is great for anyone who wants to conduct digital investigations with an integrated platform. Whether you are new to computer forensics or have some experience, this book will help you get started with the FTK, so you can start analyzing evidence effectively and efficiently.
The book also helps law enforcement officials, corporate security, and IT professionals who need to evaluate the evidentiary value of digital evidences.
In this book, you will find a number of styles of text that distinguish between different kinds of information. Here are some examples of these styles, and an explanation of their meaning.
Code words in text, database table names, folder names, filenames, file extensions, pathnames, dummy URLs, user input, and Twitter handles are shown as follows: "These files are located at C:\Windows\System32\Config."
Any command-line input or output is written as follows:
# [Drive]:\FTK\AccessData Distributed Processing Engine.EXE
New terms and important words are shown in bold. Words that you see on the screen, in menus or dialog boxes for example, appear in the text like this: "Install the Distributed Engine component, as it is necessary for the correct operation of FTK."
Feedback from our readers is always welcome. Let us know what you think about this book—what you liked or may have disliked. Reader feedback is important for us to develop titles that you really get the most out of.
To send us general feedback, simply send an e-mail to <[email protected]>, and mention the book title via the subject of your message.
If there is a topic that you have expertise in and you are interested in either writing or contributing to a book, see our author guide on www.packtpub.com/authors.
Now that you are the proud owner of a Packt book, we have a number of things to help you to get the most from your purchase.
For your convenience we have also provided a PDF that contains higher resolution color versions of the images used in this book. These can be extremely useful as you work through various stages of the project when working with materials or examining small detail changes as we tweak individual parameters. You can download the PDF from https://www.packtpub.com/sites/default/files/downloads/9022OT_ColoredImages.pdf.
Although we have taken every care to ensure the accuracy of our content, mistakes do happen. If you find a mistake in one of our books—maybe a mistake in the text or the code—we would be grateful if you would report this to us. By doing so, you can save other readers from frustration and help us improve subsequent versions of this book. If you find any errata, please report them by visiting http://www.packtpub.com/submit-errata, selecting your book, clicking on the errata submission form link, and entering the details of your errata. Once your errata are verified, your submission will be accepted and the errata will be uploaded on our website, or added to any list of existing errata, under the Errata section of that title. Any existing errata can be viewed by selecting your title from http://www.packtpub.com/support.
Piracy of copyright material on the Internet is an ongoing problem across all media. At Packt, we take the protection of our copyright and licenses very seriously. If you come across any illegal copies of our works, in any form, on the Internet, please provide us with the location address or website name immediately so that we can pursue a remedy.
Please contact us at <[email protected]> with a link to the suspected pirated material.
We appreciate your help in protecting our authors, and our ability to bring you valuable content.
You can contact us at <[email protected]> if you are having a problem with any aspect of the book, and we will do our best to address it.