Computer Forensics with FTK

Computer Forensics with FTK
eBook: $13.99
Formats: PDF, PacktLib, ePub and Mobi formats
save 15%!
Print + free eBook + free PacktLib access to the book: $36.98    Print cover: $22.99
save 38%!
Free Shipping!
UK, US, Europe and selected countries in Asia.
Also available on:
Table of Contents
Sample Chapters
  • Receive step-by-step guidance on conducting computer investigations
  • Explore the functionality of FTK Imager and learn to use its features effectively
  • Conduct increasingly challenging and more applicable digital investigations for generating effective evidence using the FTK platform

Book Details

Language : English
Paperback : 110 pages [ 235mm x 191mm ]
Release Date : March 2014
ISBN : 1783559020
ISBN 13 : 9781783559022
Author(s) : Fernando Carbone
Topics and Technologies : All Books, Other

Table of Contents

Chapter 1: Getting Started with Computer Forensics Using FTK
Chapter 2: Working with FTK Imager
Chapter 3: Working with Registry View
Chapter 4: Working with FTK Forensics
Chapter 5: Processing the Case
Chapter 6: New Features of FTK 5
Chapter 7: Working with PRTK
  • Chapter 2: Working with FTK Imager
    • Data storage media
    • Acquisition tools
    • Image formats
    • The FTK Imager interface
      • The menu bar
      • The toolbar
      • The view panes
    • The FTK Imager functionality
      • Adding and previewing an evidence item
      • Creating forensic images
      • Mounting the image
      • The Capture Memory feature
      • Obtaining the protected files
      • Detecting the EFS encryption
    • Summary
  • Chapter 3: Working with Registry View
    • Understanding the Windows registry structure
    • The main feature of Registry Viewer
      • Generating a report
    • Integrating with FTK
      • Identifying the Time Zone setting
      • Account information
    • Summary
  • Chapter 4: Working with FTK Forensics
    • Introducing computer forensics and FTK
      • Preparation
      • Acquisition and preservation
      • Analysis
      • Reports and presentation
    • Managing groups and users
    • Creating a new investigation case
      • The FTK interface
      • Case processing options
      • Refining the case evidence
    • Summary
  • Chapter 5: Processing the Case
    • Changing the time zone
    • Mounting compound files
    • File and folder export
    • Column settings
    • Creating and managing bookmarks
    • The Additional Analysis feature
    • Carving the data
    • Narrowing the case with KFF
    • Searching the case
      • The Index Search and Live Search options
      • Regular expressions
    • Working with filters
    • Reporting the case
    • Summary
  • Chapter 6: New Features of FTK 5
    • Distributed processing
    • Encryption support
    • Data visualization
    • The Single-node enterprise
    • Advanced volatile and memory analysis
    • Explicit Image Detection
    • Malware triage and analysis with Cerberus
    • Mobile Phone Examiner
    • Summary
  • Chapter 7: Working with PRTK
    • An overview of PRTK
    • Understanding the PRTK interface
    • Creating and managing dictionaries
    • Starting a session for password recovery
      • Managing profiles
    • DNA
    • Summary

Fernando Carbone

Fernando Carbone is the Director of the Forensic Technology Services practice in PwC Brazil, based in São Paulo, with more than 15 years of work experience divided between information security and computer forensics. He specializes in assisting companies in digital crime investigations, electronic discovery process, and litigation technical support.

He has worked in the financial industry (Unibanco and Itau) for seven years, and has participated in investigation projects and computer forensics involving more than 100,000 assets. He was responsible for the creation of the incident response team at these institutions.

He is currently a professor of the computer forensics post-graduation course at Universidade Presbiteriana Mackenzie and Impact Tecnologia. He is certified in EnCE, ACE, CHFI, CEH, Security+, CoBIT, ITIL, ISO 27002, and others. He has a Network Computers degree from Instituto Brasileiro de Tecnologia Avançada (IBTA), a post-graduate degree in Information Security, and a post-graduate degree in Project Management, both from IBTA.

This is his first book.

Sorry, we don't have any reviews for this title yet.

Submit Errata

Please let us know if you have found any errors not listed on this list by completing our errata submission form. Our editors will check them and add them to this list. Thank you.


- 1 submitted: last submission 21 Mar 2014

Page no. 23 | Errata type: Layout

The step number 5 appearing on this page is part of the step number 4 without the numbered bullet 5.
This way, the step just before the screenshot on this page should be as follows:
4. Click on Capture Memory to start the process as shown in the following screenshot: 

Sample chapters

You can view our sample chapters and prefaces of this title on PacktLib or download sample chapters in PDF format.

Frequently bought together

Computer Forensics with FTK +    Extending Puppet =
50% Off
the second eBook
Price for both: £13.85

Buy both these recommended eBooks together and get 50% off the cheapest eBook.

What you will learn from this book

  • Get started with Computer Forensics using the FTK platform to conduct your digital investigation
  • Acquire different types of digital devices with integrity
  • Find evidence in Windows registry hives using Registry View
  • Understand the use of PRTK for password recovery
  • Narrowing the case using filters and keyword searches
  • Analyze Internet artifacts and e-mail messages
  • Report results using the bookmarks features
  • Learn tips and tricks to get the most out of your digital investigation results

In Detail

With the increase of electronic crimes and the need to constantly audit the proper use of resources, companies need qualified professionals and appropriate tools to carry out these activities. The FTK platform, with the ability to collect and analyze digital evidence quickly and with integrity, is a great solution to help professionals achieve these goals. It is extremely useful for conducting digital investigations, helping you conduct a thorough investigation through a single tool and ensure the integrity of evidence. It is hard to find technical information on this tool and that’s where this book will come in handy, helping professionals perform their activities with greater excellence.

This tutorial leads by example, providing you with everything you need to use FTK and the tools included such as FTK Imager, Registry View, and PRTK in order to enhance your Computer Forensics knowledge in an easier and more efficient way.

You will be introduced to the background of Computer Forensics, which include the types of digital devices that can be acquired and how to prepare for a new case of investigation. You will become acquainted with the FTK architecture and learn how to leverage its features in order to help you find the evidence as fast as possible. Through this book, you will also learn the memory forensics technique using the memory dump feature of FTK Imager. Furthermore, you will learn how to extract some important information such as process and DLL information, Sockets, and Driver List Open Handles.

To conclude your tutorial, you will learn how to extract information from Windows Registry and how to recover passwords from the system and files. You will find this book an invaluable supplement to teach you all the steps required for the completion of investigations on digital media and to generate consistent and irrefutable evidence in court.


This tutorial contains detailed instructions with useful integrated examples that help you understand the main features of FTK and how you can use it to analyze evidence. This book has clear and concise guidance in an easily accessible format.

Who this book is for

This tutorial-based guide is great for you if you want to conduct digital investigations with an integrated platform. Whether you are new to Computer Forensics or have some experience, this book will help you get started with FTK so you can analyze evidence effectively and efficiently. If you are a law enforcement official, corporate security, or IT professional who needs to evaluate the evidentiary value of digital evidence, then this book is ideal for you.

Code Download and Errata
Packt Anytime, Anywhere
Register Books
Print Upgrades
eBook Downloads
Video Support
Contact Us
Awards Voting Nominations Previous Winners
Judges Open Source CMS Hall Of Fame CMS Most Promising Open Source Project Open Source E-Commerce Applications Open Source JavaScript Library Open Source Graphics Software
Open Source CMS Hall Of Fame CMS Most Promising Open Source Project Open Source E-Commerce Applications Open Source JavaScript Library Open Source Graphics Software