Sir, this is to much informative and practical video. I will request you that please add mobile forensic, audio video forensic, image forensic and others related to digital forensic .. Your wording style is impressive because its easy to understand ..
thanks for the feedback We are starting new course on Cloud Computing / Network Security & Penetration Testing soon You will find lots of new stuff weekly :)
I have a image, if i mount it i can see the file that come from the DVD, but if i wan to export it i cant select a file because no one apear in the "Evience Tree"
you can know the details when it was saved or created To know origin of the photo, you will have to drill down forensics of image / video itself you will get recording date and camera etc
@@FreeEduHub Yes, but my FTK imager didn't generate the other .001 other than the txt to be mounted in the FTK imager later on, instead it generate a ZIP folder, do you know about this problem on how to solved this issue?
check file format settings in FTK Imager, it should generate .E01 or DD or RAW files etc Manually open the file .TXT file with FTK Imager as it seems like file association issue Did you check if there is anything in the zip file?
@@FreeEduHub so apparently inside the zip file there is another file with size of almost 30gb called 001_Evidences (which is my name format settins), and when I try to mount it, turns out it's the .001 file but in zip file, yet still I can't mount it
Sir I'm facing a problem in imaging a pendrive. Every time when I try to image the pendrive like that you did in the above video, everytime I found ubd_drive.001 to be a WinRar archive file. Can you please suggest me what to do now...
How do you look for data if it's only being showed in hexadecimal form? Let's say I am looking for a document that was deleted, I can only see the contents in hexadecimal form, so how would I be able to find it without using autopsy browser or some other additional software?
We usually use HEX to ASCII converters. For recovery of documents etc you can use Recuva free version, it would show you content of the files and recovery process Software like FTK are used for forensics analysis by professionals where the hash code of it is more important than the data in those documents
@@FreeEduHub So for example if I want to prove that somebody downloaded a classified document on their computer that they shouldn't have and then subsequently deleted it, I would just use FTK imager, locate the image of that document in unallocated space, then the once I find the document, compare the hashes of that item found to the hash of the actual document? I wouldn't actually recover the human readable contents of the document itself?
@@samael1981 You can even recover the entire document Whatever you do make sure you image the entire system first and then work on the image But its recoverable
@@FreeEduHub One last question. Would I recover the entire document in human readable format using FTK or would I need a third party program like Autopsy or Recuva?
That is the best video explanation I have found on FTK. Thank you for the attention to detail.
Glad it was helpful!
Thanks for visiting
Sir, this is to much informative and practical video. I will request you that please add mobile forensic, audio video forensic, image forensic and others related to digital forensic ..
Your wording style is impressive because its easy to understand ..
thanks for the feedback
We are starting new course on Cloud Computing / Network Security & Penetration Testing soon
You will find lots of new stuff weekly :)
@@FreeEduHub In Sha Allah .. May Allah bless you and keep it up..
My old mobile device not detected in ftk imager physical disk. What to do now..
look for its related plugins
Thnx for the information. Can we do work from home in ftk imager in jobs?
its best to try at home on your usb and harddrives
Good video full of knowledge . Thank you. Please sir I like it if you make a video of FTK Image and dd in Ubuntu inside VMware work station
Sure I will
That was very good. Thank you
Glad you enjoyed it!
I have a image, if i mount it i can see the file that come from the DVD, but if i wan to export it i cant select a file because no one apear in the "Evience Tree"
And the Directory listing expor does not have the file in the DVD but i can see it in the logical drive that was mounted! ¿?
it could be due to multiple issues from version to hidden files, health, permissions and how is it exported
Sir by using this software can we tell that what is the origin of any photo or video
you can know the details when it was saved or created
To know origin of the photo, you will have to drill down forensics of image / video itself
you will get recording date and camera etc
Thank you
You're welcome
Hi, thanks for sharing the video, great explanation btw but why my .001 extension is TXT?
thats a default behavior
@@FreeEduHub Yes, but my FTK imager didn't generate the other .001 other than the txt to be mounted in the FTK imager later on, instead it generate a ZIP folder, do you know about this problem on how to solved this issue?
check file format settings in FTK Imager, it should generate .E01 or DD or RAW files etc
Manually open the file .TXT file with FTK Imager as it seems like file association issue
Did you check if there is anything in the zip file?
@@FreeEduHub so apparently inside the zip file there is another file with size of almost 30gb called 001_Evidences (which is my name format settins), and when I try to mount it, turns out it's the .001 file but in zip file, yet still I can't mount it
try OSFMount to mount and check, further 001 indicates there will be other sequenced files also
Thank you Sir!! 💯💪
Very welcome
Hi
I have a question
Can we connect laptop hard disk as secondary HDD to system and take aquire the image of that
Is this possible
yes you can, make sure you lock the harddisk first so that the contents are not changed
I keep getting the BSOD as soon as I actually run the memory dump feature. Is there a fix for this issue?
resources issue on your host computer
Thnaks
you are most welcome
Sir I'm facing a problem in imaging a pendrive. Every time when I try to image the pendrive like that you did in the above video, everytime I found ubd_drive.001 to be a WinRar archive file. Can you please suggest me what to do now...
it will create several 001 002 003 files etc.
Its normal
But sir it's not creating me any new disk ! I had the same problem !
How do you look for data if it's only being showed in hexadecimal form? Let's say I am looking for a document that was deleted, I can only see the contents in hexadecimal form, so how would I be able to find it without using autopsy browser or some other additional software?
We usually use HEX to ASCII converters.
For recovery of documents etc you can use Recuva free version, it would show you content of the files and recovery process
Software like FTK are used for forensics analysis by professionals where the hash code of it is more important than the data in those documents
@@FreeEduHub So for example if I want to prove that somebody downloaded a classified document on their computer that they shouldn't have and then subsequently deleted it, I would just use FTK imager, locate the image of that document in unallocated space, then the once I find the document, compare the hashes of that item found to the hash of the actual document? I wouldn't actually recover the human readable contents of the document itself?
@@samael1981 You can even recover the entire document
Whatever you do make sure you image the entire system first and then work on the image
But its recoverable
@@FreeEduHub One last question. Would I recover the entire document in human readable format using FTK or would I need a third party program like Autopsy or Recuva?
@@samael1981 It has plugins and ad-ons to be added which are not free
So if a free software works, use it
how to recover the deleted one?
i am showing how to recover deleted files from USB and HDD
How about Android file deleted?
there are different tools for android