- Видео 109
- Просмотров 124 176
Justin Tolman
Добавлен 19 апр 2021
I am the Forensic Evangelist and Subject Matter Expert at Exterro. We develop Forensic and eDiscovery software, helping professionals world wide. I post videos covering training, features, and other topics related to our software and forensic analysis in general.
Working with Privileged Chats from Mobile Device Extractions - FTK Feature Focus
Many times you may be investigating and individual that may have data unrelated to your case such as data protected by HIPPA, Financial Data, IP, Client/Attorney, etc... How do you have a reviewer review the data without time consuming (and thereby costly) exports and reformatting?
FTK 8.1 allows examiners to mark individual chats (one at a time or in groups) as privileged so that a reviewer will not see those chats, but can still have full access to review and reporting capabilities. Easy? Check! No movement of data out of the case? Check!
Trust me, you want to use this feature: store.exterro.com/products/ftk-8-0
FTK 8.1 allows examiners to mark individual chats (one at a time or in groups) as privileged so that a reviewer will not see those chats, but can still have full access to review and reporting capabilities. Easy? Check! No movement of data out of the case? Check!
Trust me, you want to use this feature: store.exterro.com/products/ftk-8-0
Просмотров: 101
Видео
Entity Management - Cross App Communication Analysis - FTK Feature Focus
Просмотров 1363 месяца назад
When working a case we are typically investigating (or are interested in) individuals. We may not care what application they are using to communicate, we just want to know what they are saying. FTK 8.1 introduces Entity Management as a feature that allows analysts to do just that. It will automatically group up contacts by phone number, email, or handle, and then display the chats together so t...
FTK Over the Air - Techno Security 2024 Recap - Season 2 Episode 5
Просмотров 263 месяца назад
Lynne and I discuss our experiences at the Techno Security conference. I share my presentation on distributed workflows and the importance of protecting privacy in investigations. We talk about the fun swag and the claw machine at the vendor hall, as well as the after-hours event with a large turnout. Our conversation covers various topics, including the importance of automation and scalability...
FTK Over the Air - Bitmindz Forensic Solutions - Building the Perfect Forensic Workstation
Просмотров 523 месяца назад
Manny Kressel, CEO and founder of Bitmindz Forensic Solutions, shares his journey from law enforcement to building custom forensic workstations. He emphasizes the importance of understanding the specific needs of forensic examiners and customizing the hardware accordingly. During the episode he provides tips and tricks for getting the most machine for the best price. We address the challenges o...
CISA Incident Response Playbook - Episode 8 - CISA Playbook and FTK
Просмотров 6135 месяцев назад
This series looks at the Cybersecurity and Infrastructure Incident Response and Vulnerability playbook. This playbook, released in November 2021, provides an outline of how all FCEB agencies should implement their incident response plans. This eight-episode series will look at each section of the playbook and break out the important considerations for each. Episode 8 of the CISA Playbook series...
Complete Install of FTK Standalone 8.0 - May 2024
Просмотров 1,3 тыс.5 месяцев назад
This video shows the complete install and configuration of Forensic Toolkit (FTK) 8.0 as of May 2024. The only thing that has been "modified" is that I sped up the status bars. This should give users an accurate walk through of what they need to do to install FTK Standalone on their computer. Note: If you do not have a license for FTK Connect, you can ignore that portion of the install. However...
FTK Over the Air - Ep3 - Rob Fried - What is the Tool and Who is the Solution?
Просмотров 465 месяцев назад
Rob Fried, Senior Vice President of Forensics at Sandline Global, shares his journey into forensics and the importance of active listening in investigations. He emphasizes the need for documentation and chain of custody in digital forensics, as well as the evolution of technology and its impact on investigations. Rob also discusses the second edition of his book, 'Forensic Data Collections 2.0,...
FTK Over The Air - Ep2 - IACIS Podcast Joint Episode!
Просмотров 165 месяцев назад
In this conversation, Justin and Farand discuss various topics related to digital forensics and the upcoming IACIS conference. They cover the increase in specialized classes and the addition of an advanced mobile class at the conference. They also talk about the importance of human judgment in forensic work and the limitations of AI in the field. It explores the potential of using large languag...
Synthetic Media's Impact on Forensic Investigations with Bert Lyons of MedEx Forensics
Просмотров 646 месяцев назад
On the first episode of Season 2 of FTK Over The Air Bertram Lyons, CEO of MedEx Forensics, discusses the challenges and impact of AI-generated content and the need for authentication and provenance analysis. We discuss the rise of synthetic media and the need for tools to authenticate and analyze it. The conversation explores the nuances of real, original, and authentic content, and the role o...
Podcast Clip - Social Media is the key to provenance data in multimedia Files
Просмотров 196 месяцев назад
Whether its AI generated (synthetic), manually modified, or "unaltered" multimedia is is more important than ever to know how to validate whether something is real, authentic, or original. This clip from our podcast episode with Bert Lyons releasing on April 5, 2024. Be sure to check out the full episode when it releases! FTK Over the Air is hosted on Spotify, Apple Podcasts, and RUclips Music ...
Basics of accessing Encrypted Office Documents using Password Recovery Toolkit (PRTK)
Просмотров 2557 месяцев назад
Requested by a user, this video covers the basics of breaking into an encrypted Microsoft Office document using Password Recovery Toolkit or PRTK.
FTK Feature Focus - Searching vs Filtering the content of Documents - Episode 61
Просмотров 1327 месяцев назад
From the comments! In today's Feature Focus we answer a question dropped in the comments of Episode 9. We take a look filtering vs searching the content of text documents within a case. Filtering works with FTK's column data, while searching can view both. We will combine searching and filtering to narrow down our results speeding up movement through cases.
FTK Trial Download and Activation Instructions (Re-Upload)
Просмотров 6678 месяцев назад
This video will guide users through the BASIC installation of FTK 8.0 and the activation of the 30 Day License. If you own the full version of FTK the activation of the license is done automatically through either the USB hardware dongle, or a virtual license.
Changing the Evidence location in FTK
Просмотров 17910 месяцев назад
We return to our FTK Support tickets and answer the question of "If my evidence image has moved, how do I point FTK to the new location?" Its super simple!
Loading Mobile Device Extractions into FTK 8.0
Просмотров 29011 месяцев назад
FTK can bring in and process data from Cellebrite, Graykey, and more. This video will cover the basics of bringing in data from those sources so you can analyze that data within FTK.
Using FTK Connect to Search Case Automatically
Просмотров 32411 месяцев назад
Using FTK Connect to Search Case Automatically
Create a Case in Forensic Toolkit (FTK)
Просмотров 1,4 тыс.11 месяцев назад
Create a Case in Forensic Toolkit (FTK)
FTK Feature Focus - Web History In Smart Review
Просмотров 19211 месяцев назад
FTK Feature Focus - Web History In Smart Review
FTK Feature Focus - Mini Timeline - FTK 8.0
Просмотров 22311 месяцев назад
FTK Feature Focus - Mini Timeline - FTK 8.0
Exterro's Forensic Toolkit Product Demo: Part 2 - (FTK 8.0)
Просмотров 1,9 тыс.Год назад
Exterro's Forensic Toolkit Product Demo: Part 2 - (FTK 8.0)
FTK 8.0 Feature Focus - Reviewing Mobile Chats
Просмотров 251Год назад
FTK 8.0 Feature Focus - Reviewing Mobile Chats
FTK Over The Air (Video Only) - Analyzing Door Bell Camera Footage
Просмотров 110Год назад
FTK Over The Air (Video Only) - Analyzing Door Bell Camera Footage
R.A.N.G.E - Focus on Your Mental Health
Просмотров 47Год назад
R.A.N.G.E - Focus on Your Mental Health
FTK Feature Focus - Index Search Refinement
Просмотров 442Год назад
FTK Feature Focus - Index Search Refinement
Download YouTube videos with FTK and pytube
Просмотров 597Год назад
Download RUclips videos with FTK and pytube
FTK Feature Focus - Episode 50 - What's the Deal with Timestamps?
Просмотров 190Год назад
FTK Feature Focus - Episode 50 - What's the Deal with Timestamps?
FTK Over the Air - Episode 14 - DFIR Life After Law Enforcement
Просмотров 81Год назад
FTK Over the Air - Episode 14 - DFIR Life After Law Enforcement
Justin, I did index search. I found the keyword in unallocated space . File Name is "Carved[xxx].pdf" When I take this file out. it is not working. the file is damaged it says. but when I look it via index results . On File content tab on filtered section I see the whole paragraph I was looking for.. how can I export this part via FTK or Should I take scrreenshot over FTK?.. I got the file and added it into FTK imager. but it shows only in hexadecimals... I hope you understand me.. Below it shows where pdf file came from.. System Volume Information/{5a7e25bc-61f1-11ef-add2-b808cfb2f443}{3808876b-c176-4e48-b7ae-04046e6cc752}.FileSlack»Carved [xxx].pdf
Can i know which tool can be used.. To create playbook?
@@ShashankM-k1f Software based response playbooks are typically built in orchestration tools like Splunk. These Security Orchestration, Automation and Response (SOAR) tools are connected within a network to various other resources and tools that can help in reaction during a breach. If you are talking about organizational playbooks, that is just documentation and procedures. So whatever you would want to use for that.
This video was super helpful! Thank you!!
wish they offer trials for these stuff
Say no more. go.exterro.com/FTKfreetrialsignup 30 day trial of FTK. Full feature.
Hi Justin i current have FTK 7.4 and i just got my license renewed can i upgrade to FTK 8.0 or do i need to uninstall the older version?
You should download FTK 8.1 (It was released today) and yes, it will require you to uninstall 7.4. If you need cases from 7.4 you will actually need to take your cases from 7.4 to 7.6 and then to 8.1. Or just reprocess the case in 8.1... or just finish the cases in 7.4 if you can before you move to 8.1. 7.4 is old enough that a straight 7.4 to 8.1 isn't supported.
thanks for share it
why when i use gmail email it says to use bussiness email?
One of the requirements for using the Trial is to use a business email, tied to an organization. This was an operational decision made above my paygrade. hah. Sorry for any inconvenience.
Hello Justin, I'm having the same issue as @johnwilliam-ii4sq. I need help please
Do you have other Forensic Software that is using Codemeter? Are you using a virtual license or a physical dongle? One thing to try is opening the ISO and installing Codemeter directly rather than part of the whole install process.
Hi Justin, I have an error during install FTK Standalone 8.0 that error is "The installation of CodeMeterRuntime64_7.60 appears to have failed. Do you want to continue the installation?" I Install CodeMeterRuntime64_7.60, but the error and failed install still. I need your help plz?
Not sure why it is failing. Can you try opening the ISO and installing code meter itself separate from the main install. Run as admin. If the error comes up take a screenshot and email me at Justin.tolman@exterro.com
What happened to the 8th and final video? It's not in the playlist.
That is a great question. Not sure what happened... I have just reuploaded it and added it to the playlist. Thanks for letting me know! ruclips.net/video/8oxlFZGWqxA/видео.html
hello
👌🏻
Great video, it helped me a lot. thanks.
This literally was zero help
I understand you were probably wanting a walk through of the actual buttons to press during installation. I can create a video showing that process. However, do you have a specific part of the installation that you are hung up on that I can address?
Hello again friend. Could you tell me if there is a word search filter within the files, just as the Index search does. That is, from the filters window, which filter can I use to search for words within text files?
I created this today. Let me know if it answers your question: ruclips.net/video/ykuazx0o2bI/видео.html
can we recover deleted data from mobile phones using this soft
My answer is a mix between "it depends" and "most likely not". Why? FTK does not do any mobile device extraction, so it can only work with what it is given. FTK parses the artifact data of what was extracted through solutions like Cellebrite's UFED or Grayshift's Graykey. So if it is an allocated file only extraction, there is very little to carve out (more on that later). Also, most phones use file based encryption. This means that when a file is deleted, so is the pointer, and the decryption key that is used to make the file visible. That creates a major hurdle in recovering files that require carving even on a physical extraction. It depends, because FTK's carving can recover embedded files. In the mobile space this could be something "deleted" or hidden in a database or other file. Rare... but that is the "it depends"
Hi, Can it automatically collect the data of a certain number of employees and create a report?
You can set up FTK Connect to collect from specific employees. You would need to specify which endpoints you would like to collect from and what you want to collect. Once that collection profile is created, you can automate the collection at any time.
followed all the steps - i get stuck on initializing security dongle communication and then the prompt closes and does nothing =[
Hmmm interesting. Reach out to support@exterro.com via email. They should be able to get you sorted out.
Hello sir,i need your little bit help ,Can you help me?
What is your question?
Reporting to CISA? www.cisa.gov/report
thanks could you please explain more of how to push the agent remotely on machine ? or at least some useful resource that could help us . thank you
Yes. Give me a little bit to set up a machine I don't already have an agent on.
thanks, but how can we push the agent remold to target machine ? if you can make explain it appreciate it.
"PromoSM"
terimakasih mas Bule kontl
Ещё - в Википедии были выложены файлы - на замену файлов - алгоритма Bitlocker (идентификации пароля), но сейчас - я то найти не могу - как и американского студента видео - как в FTK делать "слепок" диска", сохранив на большем, и потом - в FTK менять файлы алгоритма BitLocker на те, что его "обойдут (восприняв верным паролем)". Все предельно тупо!! ______________________________
Justin, one more question how can we parse Skype main.db files and export the skype chat messages from Internet tab. it is below web browsers section.? is there a video also which shows exporting chat messages regarding skype, telegram vb.? Regards
We moved around some of our parsers. I am not sure if Skype for windows is still directly supported. But, if you go to Expansion Options and choose Exterro Mobile Parsers, Skype for Android and iOS are supported. The export process once you parse it is the same as exporting Browser data from the file list pane. OR you can choose to export HTML version to get the chat view. I will make a video on that, but it may be a bit as my schedule right now is pretty stacked.
@@JustinTolmanForensics what do you mean with expansion options?
thank you so much
hi I see the results over FTK on internet button . But I am not able to get them out. I want to get all web history regarding chrome, edge,firefox according to the date visited. Can you put a short video for it?
Yup. Here you go: ruclips.net/user/shortsvyA3au-9aPU
what about extracting chats belonging to skype or telegram? @@JustinTolmanForensics
Did yall even proofread the questions? like talk about wasting $100. I'd have been better off buying gay porn LMAO
Could you make a video demonstrating more on MAC OS forensic's.. possibly imaging a MAC, and then processing it inside of FTK, looking for key forensic artifacts?
SuperCybex can provide a cyber defense services for businesses with 50-5000 employees throughout the US to help identify cyber threats and mitigate the risks. Whether your business needs firewalls, network upgrades, or cyber defense and training, we can provide a complete solution including Incident Response
Good morning, thank you for sharing your knowledge, could you please help me by indicating the following error in the FTK processing, what can it refer to? failure:\system\operations.cpp:136:Error in find_next
You guys are awesome. And nice.
Thanks again for chatting with us!
Can we download access data forensics tool kit freely?
FTK requires a license to be activated and used. FTK is required to pass the exam. If you don't have access to FTK and cannot purchase a copy, you can purchase lab time to take the exam. This does not include study time or anything, just time to take the exam. This can be purchased through the website: training.accessdata.com.
@@JustinTolmanForensics can we access Forensic ToolKit if we take lab time
@@pravallikadarsi8268 If you have the ACE with Lab option, FTK is pre-installed on a remote machine you can log into and take the exam. If you have specific questions about that process you can email training@exterro.com. At the time of the recording I was over the training department, I took a promotion and am now no longer associated with the training department. They can get you sorted out for sure.
This is great information... Thank you for sharing!
I've added two E01 images to a case that I know have bitlocker. However, the "Bitlocker Encryption Credentials" window did not pop up. Is there a way to retroactively add a recovery key to an image after it's been added? Thanks!
Two questions and I will follow up on this. What version of FTK are you on? Did you load the images at the same time or one at a time?
😇 P𝐫O𝕞O𝓢m
tradução jso janoy RJ.BRASIL JSO JANOY RJ EXISTI A TRADUÇÃO. .
Wow, what an extensive overview! Nicely done 👍 tho I was really hoping it would cover installation and setup
I don't have a video that shows the "click through" of the install process. But I did make this which explains the concepts and considerations when installing FTK: ruclips.net/video/cMakwd4rT_U/видео.html
@@JustinTolmanForensics thanks for this reference! I’ll check it out and update you 👍
This was horrible. Please spend more time on the actual installation.
exactly
𝕡𝕣𝕠𝕞𝕠𝕤𝕞
I really like what you did as a demonstration, it's easy to understand even if I'm a French-speaking Canadian (Quebec city) --> I hope it will be you who will train me because I took the Forensic Toolkit Learning Pass -
I really like what you did as a demonstration, it's easy to understand even if I'm a French-speaking Canadian (Quebec city) --> I hope it will be you who will train me because I took the Forensic Toolkit Learning Pass -
I really like what you did as a demonstration, it's easy to understand even if I'm a French-speaking Canadian (Quebec city) --> I hope it will be you who will train me because I took the Forensic Toolkit Learning Pass -
Hi Justin, i have tried to run this additional processing but it fails. im not really sure why but i cannot get it to work in any capacity.
Can you let me know what version you are on so I can check it out on my end? Thanks.
@@JustinTolmanForensics 7.5 - happy to reach out directly via my work email (we have paid for support with Exterro) - just PM me if that is appropriate
@@YORCC justin.tolman@exterro.com email me. I am traveling, but will respond asap.
Hey Justin, I installed the FTK 7.5 on my laptop, but anytime that I am trying to open it, it says "No security device was found. Would you like to specify a location for a network security device?" Do you have any tips on this.
Sounds like FTK can't see the USB license dongle, or if you are using a network license it can't see that. If using a physical USB dongle, check to make sure the USB port is working. If so, open License Manager to make sure your license is set up correct (typically this would say "no more licenses available" but you never know). If you are using a Network dongle, trouble shoot the network connection, and make sure the addressing and ports are set up correctly. If all that looks good, then you may need to contact support.
@@JustinTolmanForensics What is meant by the license? what does actually it needs?
@@muhammadyaqubsecurity Sorry for the delay in my response, I did not see the notification. FTK is a premium tool, so you need to purchase a license (or permission) to use the software.
Great episode and guest. Very important work!
Can you please make a video on generating final reports with all the legal information, such as System-Info, Time-Zone, User-Info, OS-version, Install date, Network Info, Last-login, last shutdown, Image Hash verification details and the Analysts custom bookmarks, in a PDF format, which could be finally presented in a court of law.
Yeah, I will look at those topics and frame some videos around it. A video that might cover some of what you are looking for could be this one: ruclips.net/video/aGRQS-rrQkE/видео.html
@@JustinTolmanForensics Thankyou sir, It would be great if you include system information such as computername, installation date, OS version and build etc.
Hi Justin! I am unable to add a bitlockered image into FTK. The encryption type is Clear Key Bitlocker, so it is encrypted but unlocked and has no key protector. I can see all the files if I just mount the image. In FTK, the Bitlocker Encryption Credentials window pops up, but all the fields are disabled and the OK button does nothing. Is there a way around this?
Looks like this is a known issue. Fortunately, it appears we have a patch for it coming in the next few weeks! FTK 7.5.2 will bring in support for this type of Bitlocker Encryption. Be on the lookout for that update. If that doesn't fix it, we will need to contact support and take a deeper look. Apologies for not having a quicker fix.
@@JustinTolmanForensics Thank you for the update. I overcame this issue by using other tools. But I am curious if I was to mount the image using FTK Imager (the files would be visible) and then make another image of the mounted disk, will this image be unencrypted?
@@cipster I haven't tested that workflow with our latest version of FTK Imager. However, the concept you are describing is technically correct. I will see if I can find some time to do some testing on that because it sounds interesting to me.
Hi Justin, I have a quick question for you. Why in some images FTK doesn't allow to decrypt the Bitlocker image with the user password, and just only shows the Recovery Key option as available? Thanks in advance!
There could be a few things that could cause this. 1. It could be that the user was using a smart card. If they are then the password field would not be populated and you would get the grayed-out behavior, you are seeing. 2. It could be that they didn't set a password. BitLocker would simply be tied then to the Windows login. This of course would leave the password field blank, and thus grayed-out. If you don't think either of those are the issue you can contact our support channel and they can attempt to trouble shoot any potential FTK issues that could create this response.
@@JustinTolmanForensics Got it. Thanks again Justin, have a nice day!