Preface - Computer Forensics with FTK (2014)

Computer Forensics with FTK (2014)

Preface

Welcome to Computer Forensics with FTK. This book has specially been created to provide you with all the information you need to get started with the FTK investigation platform. You will learn the basics of computer forensics and how to use the FTK to conduct digital investigations generating court-accepted evidence.

What this book covers

Chapter 1, Getting Started with Computer Forensics Using FTK, will get you started with the basic installation and configuration of the FTK and how to prepare your environment lab for digital investigations.

Chapter 2, Working with FTK Imager, will teach you how to use the FTK Imager tool to create forensic images of digital devices from volatile data, such as memory.

Chapter 3, Working with Registry View, will give a step-by-step demonstration on how to work with Registry View to access and extract relevant information from Windows Registry, and how this information can be important during the investigation process.

Chapter 4, Working with FTK Forensics, will cover the main computer forensics process, explaining each step in depth. Also, you will learn some important features of the FTK, such as managing users and processing options.

Chapter 5, Processing the Case, will cover how to use the most important features for processing and filtering data during your investigation process. You will learn how to set up the tool to perform data analysis, search information, and bookmark your findings.

Chapter 6, New Features of FTK 5, will give an overview of the main new features that have been developed in the FTK 5, and make you understand how these new features can help you during your investigations.

Chapter 7, Working with PRTK, will teach you how to perform a password recovery from files and systems using the PRTK and DNA products, and how it will help you to solve problems when you find some protected information.

What you need for this book

A computer with Windows XP or newer, AccessData Forensic Toolkit 5, some evidence file samples, and an Internet connection.

Who this book is for

Computer forensics with the FTK is great for anyone who wants to conduct digital investigations with an integrated platform. Whether you are new to computer forensics or have some experience, this book will help you get started with the FTK, so you can start analyzing evidence effectively and efficiently.

The book also helps law enforcement officials, corporate security, and IT professionals who need to evaluate the evidentiary value of digital evidences.

Conventions

In this book, you will find a number of styles of text that distinguish between different kinds of information. Here are some examples of these styles, and an explanation of their meaning.

Code words in text, database table names, folder names, filenames, file extensions, pathnames, dummy URLs, user input, and Twitter handles are shown as follows: "These files are located at C:\Windows\System32\Config."

Any command-line input or output is written as follows:

# [Drive]:\FTK\AccessData Distributed Processing Engine.EXE

New terms and important words are shown in bold. Words that you see on the screen, in menus or dialog boxes for example, appear in the text like this: "Install the Distributed Engine component, as it is necessary for the correct operation of FTK."

Note

Warnings or important notes appear in a box like this.

Tip

Tips and tricks appear like this.