Это видео недоступно.
Сожалеем об этом.
CAINE - 11 - FTKImager - data acquisition tool for imaging, live capture, and memory capture
HTML-код
- Опубликовано: 13 авг 2024
- CAINE - 11 - FTKImager - data acquisition tool for imaging, live capture, and memory capture
♥️ SUBSCRIBE for more videos: www.youtube.co...
Difficulty Level: Beginner
Prerequisites: basic understanding of the Windows and forensic imaging process of hard drives and other digital media.
FTKImager is a tool that can help you acquire forensic data off computer media. The tool allows you to create forensic images, logical acquisition of files and folders, obtain protected files, generate directory listing, memory capture, preview files and folders, preview the contents of captured forensic images, mount an image for read-only view, export files and folders from forensic images, see and recover deleted files, hash files with MD5 and SHA1, capture and view APFS images from Mac computers.
Video timeline
00:00 intro
FTK Imager run from Forensic workstation
02:14 imaging and directory listing generation
09:04 Image verification
10:30 Image mounting
12:33 Drive Survey
FTK Imager run from Target machine
13:35 memory capture
16:00 Obtaining protected files
17:32 Custom content images
21:12 recap
To download FTKImage: www.accessdata...
⭕️ For other videos in the CAINE forensics series: • CAINE forensics tutorials
Linux distro:
This video was created using CAINE 11.0
Virtualization software:
Virtual Box (virtualbox.org)
Icons made by freepik from @flaticon www.flaticon.co...
Icons made by Smashicons from www.flaticon.co...
🔨 Gear mentioned in this video:
FTK Imager
accessdata.com...
WiebeTech USB 3.1 WriteBlocker: amzn.to/3yiZS3t
amzn.to/3ygTOIJ
wiebetech.com/...
Tableau Forensic USB 3.0 Bridge: amzn.to/37h93FG
security.opent...
DISCLAIMER: Links in this video description might be affiliate links. If you purchase a product or service using one of these links, I may receive a small commission at no additional cost to you. Thank you!
This course was designed to provide information on how to use the tools on the CAINE forensics distro to accomplish tasks in the basic steps in digital forensics: Preservation of evidence (write blocking), extraction of data (imaging), Analysis, and Reporting. This course covers the tools that allow users to acquire data (logical and physical), forensically analyze data, hashing datasets, perform malware analysis, memory forensics, mobile forensics, network forensics, open source intelligence (OSINT), and timeline analysis.
#DFIR #WindowsForensics #FTKImager
Hi there! I love your videos and they are very informative. One question, to capture a live image of a computer using FTK Imager, do I need to have some type of a bootable USB flash? If so, how would you recommend me going about it? Thanks!
Thanks for the compliment! To capture a live image where you dont want to reboot the machine, all you need is to copy the installed folder of FTK Imager on a regular USB. There used to be a different version of Imager called Lite for that very purpose.
Some things to note: make sure the USB is formatted to FAT32 or NTFS so that it is compatible with the target Windows machine. Also when you are imaging a live machine, the operating system is changing the hard drive so you will not be able to replicate the same resulting image if you perform another imaging process.
And on an unrelated subject that you had asked about, to create a bootable USB with a bootable OS, see this video:
ruclips.net/video/14YIkiGd0jQ/видео.htmlsi=01z3WB6hR5hUubHn
@@BlueMonkey4n6 Thank you so much!
Is FTKImager available in CAINE ? Because I can't seem to find it in my iso (which was downloaded from the official website)
Unfortunately FTKImager is no longer available with CAINE versions 12 and newer as there wasn’t room on the ISO for a Windows partition anymore. You can still download FTKImager free from the AccessData/Exterro website.
@@BlueMonkey4n6 Thank you for your clarification ! Loved the videos, they helped a lot !
Hi there. I am very grateful for the lessons on RUclips that you have shared. Can you give me advice, experience or send me documents related to digital forensics. Thank you very much
I can offer general advice but it would be more helpful to you if you can tell me what country you are in, are you trying to get into the digital forensics field, and what experience you have. You can DM me on twitter if you dont want to post here.
I iive in Vietnam.thank bro