Computer Forensics with FTK.
Title:
Computer Forensics with FTK.
Author:
Carbone, Fernando.
ISBN:
9781783559039
Personal Author:
Physical Description:
1 online resource (134 pages)
Contents:
Computer Forensics with FTK -- Table of Contents -- Computer Forensics with FTK -- Credits -- About the Author -- About the Reviewers -- www.packtpub.com -- Support files, eBooks, discount offers and more -- Why Subscribe? -- Free Access for Packt account holders -- Preface -- What this book covers -- What you need for this book -- Who this book is for -- Conventions -- Reader feedback -- Customer support -- Downloading color versions of the images for this book -- Errata -- Piracy -- Questions -- 1. Getting Started with Computer Forensics Using FTK -- Downloading FTK -- Prerequisites for FTK -- Installing FTK and the database -- Running FTK for the first time -- Summary -- 2. Working with FTK Imager -- Data storage media -- Acquisition tools -- Image formats -- The FTK Imager interface -- The menu bar -- The toolbar -- The view panes -- The FTK Imager functionality -- Adding and previewing an evidence item -- Creating forensic images -- Mounting the image -- The Capture Memory feature -- Obtaining the protected files -- Detecting the EFS encryption -- Summary -- 3. Working with Registry View -- Understanding the Windows registry structure -- The main feature of Registry Viewer -- Generating a report -- Integrating with FTK -- Identifying the Time Zone setting -- Account information -- Summary -- 4. Working with FTK Forensics -- Introducing computer forensics and FTK -- Preparation -- Acquisition and preservation -- Analysis -- Reports and presentation -- Managing groups and users -- Creating a new investigation case -- The FTK interface -- Case processing options -- Refining the case evidence -- Summary -- 5. Processing the Case -- Changing the time zone -- Mounting compound files -- File and folder export -- Column settings -- Creating and managing bookmarks -- The Additional Analysis feature -- Carving the data -- Narrowing the case with KFF.
Searching the case -- The Index Search and Live Search options -- Regular expressions -- Working with filters -- Reporting the case -- Summary -- 6. New Features of FTK 5 -- Distributed processing -- Encryption support -- Data visualization -- The Single-node enterprise -- Advanced volatile and memory analysis -- Explicit Image Detection -- Malware triage and analysis with Cerberus -- Mobile Phone Examiner -- Summary -- 7. Working with PRTK -- An overview of PRTK -- Understanding the PRTK interface -- Creating and managing dictionaries -- Starting a session for password recovery -- Managing profiles -- DNA -- Summary -- Index.
Abstract:
This tutorial contains detailed instructions with useful integrated examples that help you understand the main features of FTK and how you can use it to analyze evidence. This book has clear and concise guidance in an easily accessible format.This tutorial-based guide is great for you if you want to conduct digital investigations with an integrated platform. Whether you are new to Computer Forensics or have some experience, this book will help you get started with FTK so you can analyze evidence effectively and efficiently. If you are a law enforcement official, corporate security, or IT professional who needs to evaluate the evidentiary value of digital evidence, then this book is ideal for you.
Local Note:
Electronic reproduction. Ann Arbor, Michigan : ProQuest Ebook Central, 2017. Available via World Wide Web. Access may be limited to ProQuest Ebook Central affiliated libraries.
Genre:
Electronic Access:
Click to View