Free Sample
+ Collection
Code Files

Computer Forensics with FTK

Fernando Carbone

Written by a specialist in digital crime, this book helps you leverage the power of the FTK platform to conduct penetrating computer forensic investigations. With a step-by-step approach, it clarifies even the most complex processes.
RRP $13.99
RRP $22.99
Print + eBook

Want this title & more?

$12.99 p/month

Subscribe to PacktLib

Enjoy full and instant access to over 2000 books and videos – you’ll find everything you need to stay ahead of the curve and make sure you can always get the job done.

Book Details

ISBN 139781783559022
Paperback110 pages

About This Book

  • Receive step-by-step guidance on conducting computer investigations
  • Explore the functionality of FTK Imager and learn to use its features effectively
  • Conduct increasingly challenging and more applicable digital investigations for generating effective evidence using the FTK platform

Who This Book Is For

This tutorial-based guide is great for you if you want to conduct digital investigations with an integrated platform. Whether you are new to Computer Forensics or have some experience, this book will help you get started with FTK so you can analyze evidence effectively and efficiently. If you are a law enforcement official, corporate security, or IT professional who needs to evaluate the evidentiary value of digital evidence, then this book is ideal for you.

Table of Contents

Chapter 1: Getting Started with Computer Forensics Using FTK
Downloading FTK
Chapter 2: Working with FTK Imager
Data storage media
Acquisition tools
Image formats
The FTK Imager interface
The FTK Imager functionality
Chapter 3: Working with Registry View
Understanding the Windows registry structure
The main feature of Registry Viewer
Integrating with FTK
Chapter 4: Working with FTK Forensics
Introducing computer forensics and FTK
Managing groups and users
Creating a new investigation case
Chapter 5: Processing the Case
Changing the time zone
Mounting compound files
File and folder export
Column settings
Creating and managing bookmarks
The Additional Analysis feature
Carving the data
Narrowing the case with KFF
Searching the case
Working with filters
Reporting the case
Chapter 6: New Features of FTK 5
Distributed processing
Encryption support
Data visualization
The Single-node enterprise
Advanced volatile and memory analysis
Explicit Image Detection
Malware triage and analysis with Cerberus
Mobile Phone Examiner
Chapter 7: Working with PRTK
An overview of PRTK
Understanding the PRTK interface
Creating and managing dictionaries
Starting a session for password recovery

What You Will Learn

  • Get started with Computer Forensics using the FTK platform to conduct your digital investigation
  • Acquire different types of digital devices with integrity
  • Find evidence in Windows registry hives using Registry View
  • Understand the use of PRTK for password recovery
  • Narrowing the case using filters and keyword searches
  • Analyze Internet artifacts and e-mail messages
  • Report results using the bookmarks features
  • Learn tips and tricks to get the most out of your digital investigation results

In Detail

With the increase of electronic crimes and the need to constantly audit the proper use of resources, companies need qualified professionals and appropriate tools to carry out these activities. The FTK platform, with the ability to collect and analyze digital evidence quickly and with integrity, is a great solution to help professionals achieve these goals. It is extremely useful for conducting digital investigations, helping you conduct a thorough investigation through a single tool and ensure the integrity of evidence. It is hard to find technical information on this tool and that’s where this book will come in handy, helping professionals perform their activities with greater excellence.

This tutorial leads by example, providing you with everything you need to use FTK and the tools included such as FTK Imager, Registry View, and PRTK in order to enhance your Computer Forensics knowledge in an easier and more efficient way.

You will be introduced to the background of Computer Forensics, which include the types of digital devices that can be acquired and how to prepare for a new case of investigation. You will become acquainted with the FTK architecture and learn how to leverage its features in order to help you find the evidence as fast as possible. Through this book, you will also learn the memory forensics technique using the memory dump feature of FTK Imager. Furthermore, you will learn how to extract some important information such as process and DLL information, Sockets, and Driver List Open Handles.

To conclude your tutorial, you will learn how to extract information from Windows Registry and how to recover passwords from the system and files. You will find this book an invaluable supplement to teach you all the steps required for the completion of investigations on digital media and to generate consistent and irrefutable evidence in court.


Read More

Recommended for You

Python 3 Text Processing with NLTK 3 Cookbook
$ 26.99
Python Text Processing with NLTK 2.0 Cookbook: LITE
$ 9.99
Python Text Processing with NLTK 2.0 Cookbook
$ 23.99
Unreal Development Kit Game Programming with UnrealScript [Video]
$ 25.50