Welcome to Scribd, the world's digital library. Read, publish, and share books and documents. See more
Download
Standard view
Full view
of .
Look up keyword or section
Like this
12Activity

Table Of Contents

Audience
Handling Evidence
Role of Forensic Toolkit
Other AccessData Products
Password Recovery Software
FTK 2.0
The Big Picture
Acquiring and Preserving the Evidence
Analyzing the Evidence
Known File Filter
Searching
Presenting the Evidence
System Requirements
Supported File Systems and Image Formats
System Preparation
Basic Installation
Basic Install from CD
Installing KFF from CD
Basic Install from Downloadable Files
To install FTK from downloadable files:
Installing the Dongle Drivers from Downloadable Files
To install the dongle drivers from downloadable files:
Installing LicenseManager from Downloadable Files
Upgrade Instructions
Upgrading from CD
Upgrading from Downloadable Files
Upgrading FTK from Downloadable Files
Upgrading a Customized KFF
Uninstalling
Starting FTK
Using the Start Menu
Using the Command Line
Using the Case File
Using the Dongle
Using the FTK Startup Menu
Overview Window
Evidence and File Items
File Status
File Category
Explore Window
Graphics Window
E-mail Window
Search Window
Indexed Search
Live Search
Bookmark Window
Toolbar Components
Viewer Toolbar
Tree List Toolbar
File List Toolbar
File List Columns
FTK Imager
Using LicenseManager
Starting LicenseManager
Starting a Case
Completing the New Case Form
Entering Forensic Examiner Information
Selecting Case Log Options
Selecting Evidence Processes
Refining the Case
Refining the Index
Refining Evidence
Reviewing Case Summary
Processing the Evidence
Backing Up the Case
Storing Your Case Files
Recovering Evidence from a System Failure
Backing Up Cases Automatically
Opening an Existing Case
Opening an Existing Case from a Different Location
To open an existing case from a different location:
Opening a Case in Case Agent Mode (Read-only)
Using the Case Agent Mode Manager
Adding Evidence
Completing the Add Evidence Form
Reviewing Evidence Setup
Viewing File Properties
General Info
File Source Info
File Content Info
Case-Specific Info
E-mail Info
Setting Up Multiple Temporary Files
Using Bookmarks
Creating a Bookmark
Adding Files to a Bookmark
To add files to a bookmark:
Removing a Bookmark
Creating Thumbnails
Importing KFF Hashes
Verifying Image Integrity
Using Analysis Tools
Using the Case Log
Viewing the Case Log
Adding Entries to the Case Log
Copying Information from FTK
Exporting Files
About Recursive File Exporting
Exporting the Word List
Conducting a Live Search
Conducting an Indexed Search
Single-Term Searches
Multi-Term Searches
Importing Search Terms
Viewing Search Results
Reloading a Search Query
Wildcard Characters
Indexed Search Options
Documenting Your Search Results
Copying Search Results to the Clipboard
Using Copy Special to Document Search Results
Bookmarking Search Results
Bookmarking Internet Keyword Search Items
Searching for Embedded and Deleted Files (Data Carving)
Data Carving Files During Evidence Processing in a New Case
Data Carving Files in an Existing Case
Adding Carved Files to the Case
Bookmarking Carved Files
Applying an Existing Filter
Using The File Filter Manager
Modifying or Creating a Filter
or
Deleting a Filter
Starting Registry Viewer
Launching Registry Viewer as a Separate Application
Launching Registry Viewer from FTK
Understanding the Registry Viewer Windows
The Full Registry Window
The Common Areas Window
The Report Window
Opening Registry Files
Opening a Registry File in Registry Viewer
To open a registry file in Registry Viewer:
Opening Registry Files within FTK
Or
Obtaining Protected Registry Files Using FTK Imager
To obtain the protected registry files using FTK Imager:
Working with Registry Evidence
Adding Keys to the Common Areas Window
To add a key to the Common Areas window
Deleting Keys from the Common Areas Window
To delete keys from the Common Areas Window:
Adding Keys to the Report Window
Deleting Keys from the Report Window
Creating Registry Summary Reports
Using Pre-defined AccessData Templates
Creating Your Own Registry Report Templates
Changing RSR Settings in the FtkSettings.0.ini File
Searching for Specific Data
Generating a Report
Exporting a Word List
Understanding EFS
Decrypting EFS Files and Folders
Windows 2000 and XP Systems Prior to SP1
Windows XP SP1 or Later
Viewing the Decrypted Files in FTK
Creating a Report
Entering Basic Case Information
Managing Bookmarks
Selecting the Properties of Bookmarked Files
Managing Thumbnails
Selecting a File Path List
Selecting a File Properties List
Selecting the Properties of the File Properties List
Adding Supplementary Files and the Case Log
Selecting the Report Location
Viewing and Distributing a Report
Updating a Report
Modifying a Report
Modifying a Report in the Same FTK Session
Modifying a Report in a Different FTK Session
Customizing Fonts and Colors
Customizing Columns
Modifying the File Listing Database
Creating and Modifying Column Settings
Deleting Column Settings
Changing the Viewer Settings
Changing Preferences
Date and Time Format Options
File Viewing Options
Case Log Options
Evidence Cache Size
Temporary File Folder
KFF Database Location
Post Processing Backup Location
Show Reminder when Exporting or Creating a Report with Filter Active
Show Startup Dialog
Managing Licenses with LicenseManager
LicenseManager Interface
The Installed Components Tab
The Licenses Tab
Opening and Saving Dongle Packet Files
Viewing Product Licenses
Adding and Removing Product Licenses
Managing Product Licenses on Isolated Machines
Adding a Product License to an Isolated Machine
Removing a Product License from an Isolated Machine
Updating Products
Checking for Product Updates
Downloading Product Updates
Purchasing Product Licenses
Sending a Dongle Packet File to Support
Document File Types
E-mail Message Programs
Instant Messaging Programs
Executable File Types
Archive File Types
Other Known File Types
Regular Expression Searching
Understanding Regular Expressions
Simple Regular Expressions
Complex Regular Expressions—Visa and MasterCard Numbers
Predefined Regular Expressions
Social Security Number
U.S. Phone Number
IP Address
Going Farther with Regular Expressions
Locating More Information on Regular Expressions
Common Operators
FAT 12, 16, and 32
NTFS
ext2
ext3
Understanding the Windows Registry
Additional Considerations
Registry Quick Find Chart
System Information
Networking
User Data
User Application Data
Words and Phrases
Wildcards (* and ?)
Natural Language Searching
Synonym Searching
Fuzzy Searching
Phonic Searching
Stemming
Variable Term Weighting
AND Connector
OR Connector
W/N Connector
NOT and NOT W/N
Numeric Range Searching
Subscriptions
Technical Support
Product Returns
0 of .
Results for:
No results containing your search query
P. 1
FTK 1.80 Manual

FTK 1.80 Manual

Ratings: (0)|Views: 2,882 |Likes:
Published by Adam Smith

More info:

Published by: Adam Smith on Jun 01, 2011
Copyright:Attribution Non-commercial

Availability:

Read on Scribd mobile: iPhone, iPad and Android.
download as PDF, TXT or read online from Scribd
See more
See less

01/27/2013

pdf

text

original

You're Reading a Free Preview
Pages 8 to 89 are not shown in this preview.
You're Reading a Free Preview
Pages 97 to 187 are not shown in this preview.
You're Reading a Free Preview
Pages 195 to 296 are not shown in this preview.
You're Reading a Free Preview
Pages 304 to 354 are not shown in this preview.
You're Reading a Free Preview
Pages 362 to 365 are not shown in this preview.

Activity (12)

You've already reviewed this. Edit your review.
1 hundred reads
1 thousand reads
Hector Lopez liked this
Lizandro Ambriz liked this
Ghazal Malik liked this
Harold Garron liked this
Martha Willis liked this
Alicia Milano liked this
waberens liked this
BrusPulverHest liked this

You're Reading a Free Preview

Download
/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->