Это видео недоступно.
Сожалеем об этом.
FTK Image Loading and Analysis
- Добавить в
- Мой плейлист
- Посмотреть позже
- Поделиться
Поделиться
HTML-код
Размер видео:
- Опубликовано: 25 мар 2014
- Basic overview of using FTK Imager to open and analyze a captured image.
Комментарии • 15
Следующие
Автовоспроизведение
FTK Imager - Forensic Acquisition Tool - FTK Imager Tutorial - FTK Image Loading AnalysisFree Education Academy - FreeEduHub
Просмотров 68 тыс.
Forensic Acquisition in Windows - FTK ImagerDFIRScience
Просмотров 159 тыс.
Digital Photo Forensics: How To analyze Fake PhotosHack eXPlorer
Просмотров 58 тыс.
Rachel Dratch Interrupts Jimmy's Monologue as Australian Olympic Breakdancer Raygun | Tonight ShowThe Tonight Show Starring Jimmy Fallon
Просмотров 303 тыс.
Fortnite Battle Royale Chapter 5 Season 4 - Absolute Doom | Official Season TrailerFortnite
Просмотров 4,5 млн
Yung Miami On Her Relationship with Diddy, JT Fallout, and Reclaiming Her Voice | Caresha PleaseREVOLT
Просмотров 2,6 млн
HIGHLIGHTS | AUSTRALIA v SOUTH AFRICA | The Rugby Championship 2024SUPER RUGBY PACIFIC & TRC
Просмотров 883 тыс.
Digital Forensics with FTK Imager (TryHackMe Advent of Cyber Day 8)John Hammond
Просмотров 55 тыс.
AccessData's Forensic Toolkit Product DemoJustin Tolman
Просмотров 14 тыс.
Acquire VMDK to E01 using FTK Imager 4 2 then analyze E01 evidence in FTKDr. Yerby
Просмотров 17 тыс.
Analyzing the Zeus Banking Trojan - Malware Analysis Project 101Grant Collins
Просмотров 33 тыс.
Image Mounting using FTK ImagerThe Archaic
Просмотров 1,9 тыс.
37C3 - Breaking "DRM" in Polish trainsmedia.ccc.de
Просмотров 434 тыс.
Forensic Investigation With FTK Imager & Autopsy GUICyber Secrets
Просмотров 19 тыс.
Data Recovery: Hard Drive Platter Swap in Our Lab!Louis Rossmann
Просмотров 1,4 млн
С Максимом Шевченко. Курская битва 2024: контекст и смыслы. 11. 08.2024Максим Шевченко
Просмотров 427 тыс.
Каким образом вы регулярно нарушаете закон? #апвоут #реддит #апвоутисторииапвоут
Просмотров 734 тыс.
Герасимов ЛИКВИДИРОВАН? Кто будет "СПАСАТЬ" КУРСК? ПАЧКИ ПЛЕННЫХ! Путина УНИЗИЛИ! | НОВОСТИ СЕГОДНЯУКРАИНА СЕГОДНЯ - ГРОШІ
Просмотров 658 тыс.
Реакция людей на палёную сумку. Антон ТеляковСклад Телякова
Просмотров 1,1 млн
Когда загорелся чек #автоюмор #автоприколыГвоздиShow
Просмотров 543 тыс.
İrlanda'da Filistin bayrağını indirmek isteyen kişi böyle durduruldu #shorts #filistin #keşfetUlusal Kanal
Просмотров 286 тыс.
Inside Out 2: Does Alexia Treat Joy Kindly? #shorts #animationAnythingAlexia
Просмотров 5 млн
Торговаться надо уметь 😂 #тнт #shorts #юмор #шоу #однаждывроссии #кошкина #равдин #картунковаОВР Шоу
Просмотров 104 тыс.
Hi, May i ask how can i search the file location in the evidence tree after i found the keyword in the hex section at bottom right
Hello Sir; thank you for your lecture. I got a question. I got an
image of my laptop's hard drive using the FTK Imager. I then formatted
(partitioned) my hard drive and installed another windows OS. I later
carved the image, added evidence items using the imager. I noticed that I
have everything but they are unreadable (encrypted). I guess by
bitlocker was on my laptop was on during imaging. I have my bitlocker
key for my laptop. Now, is there any solution for this problem?
Great video , may I ask how to find information from an image by using FTK like :
a) What is the computer name?
b) What is the TCP/IP Host name?
c) Last shutdown time
d) Mounted devices
e) Information about the network interface cards
f) What are the user accounts available in the machine
g) List all user accounts
h) What is the last password reset time of the users?
i) How many disabled user accounts available and what are the user name of those
accounts?
j) What are the use IDs that have Administrator access?
That is found in the registry keys
i like your video, Can you make a video of something like this with Encase too. thanks
What about pulling the windows password hash file from a ram memory capture. Does FTK do this? Can?
FTK Imager is supposed to be able to capture memory, I have had mixed results from it. As for the analysis of the mem files with FTK Imager, it really does not do it. It will open the file and display it but it doesn't provide much insight. I cannot speak for the full FTK product as I do not have access to an instance to test, it may have a richer feature set than the imager when it comes to memory analysis.
how to export the files marked with red cross.
If you mean red X, you should still be able to recover those with a right click option. What FTK is telling you is the file has been deleted from the system but it still available. If this is not what you are looking for let me know.
@@h3xxedit Sir, thank you for your response. The ftk export files is exporting the metadata only, with 0 BYTES BEING TRANSFERED. I mean no data is being exported.
@@jassi123jassi I am looking to answer your question. Based on the red X which is what I see when a file has been deleted here is what I believe is going on. When you recover a file and it has 0 bytes it means the pointer is still there however the data is no longer available. You can see this in FTK when you click on the file. Looking in the lower screen it will show you the text it contains, you can also switch to hex view if not selected. Depending on the underlying filesystem ie. FAT, NTFS, etc. you may see the complementing slack space and can get some data out of it.
Hello Sir; thank you for your lecture. I got a question. I got an
image of my laptop's hard drive using the FTK Imager. I then formatted
(partitioned) my hard drive and installed another windows OS. I later
carved the image, added evidence items using the imager. I noticed that I
have everything but they are unreadable (encrypted). I guess by
bitlocker was on my laptop was on during imaging. I have my bitlocker
key for my laptop. Now, is there any solution for this problem?
I am aware FTK supports bitlocker keys however, I have not had a case to implement it. One article I read suggested mounting the drive outside of FTK and providing the key there. Then use FTK to access the new mount and review the data.
@@h3xxedit I used Autopsy to mount, it didn't work either. Do you know any other software?
Since this last reply I have had use of bitlocker in this format. What I did was use FTK to mount the drive in Windows. When you click the the drive it mounts as it will ask you for the key. Once complete I use FTK to acquire another image of the drive and this image would be without the bitlocker limitation.