Access Data FTK Report Lab

[toggle_content title="Transcript"] Alright, Leo Dregier here. Time to tie it all in together. So, throughout the incident response process we would have, identified there was, there was a problem; that’s why somebody would’ve come to us, uh, in the first place, so it’s the detection of the incident. Typically in this case, in this scenario, reported by a helpdesk, uh, worker. Call in, end user, uh, reviewing pornographic, uh, files at work. That’s the call, that’s the investigation you get called to do. So you go to the suspect’s computer, you image it, you import all of the files. Now, you have the files, you have the evidence, and you’re basically ready to make your report after you’ve done all of your analysis, okay? So let’s go through what it takes to create a forensics report and review that report. Uh, easiest way to start here is to go to the report wizard, and this is going to tie in all of the different pieces of the module, uh, in its entirety, okay? So this is the magic video of them all. Agency information: here’s where you put the company name, your investigator’s name, the address; all of this is optional, you know, phone, fax, email, comment; you don’t necessarily need that to report. I’m not going to bother with it now, simply for the sake of speed of the video. Okay? Next is bookmarks. Throughout the investigation you would’ve had items of interest that you would’ve needed to include, uh, in your investigation. These become the bookmark, okay? So you have plenty of bookmark options, like would you like to include bookmarks from our particular section in the report, do you want to look at the thumbnail images, and do you want to export the bookmark files actually in the report themselves, okay? You, next, you have more information about the bookmarks. This goes all into the actual specific details of all of the fields that you would’ve filled out and any other custom fields that you want to add to it. Go ahead and click Next. The thumb – or the graphics in thumbnail format if you like, everything that you’ve found, such as evidence to include in report, let’s get those graphics in those reports for the, for anybody else that wants to analyze it. Okay, you can list the file path, uh, in a couple different ways, okay, so what you want to include, what you not want to include, what you want to export or whatnot, um, you get the idea. Alright, list file properties, okay, anything that you see here with a file properties or the type specific, uh, you can include those export those. Next, additional file properties; see, here’s where you’ve chosen to add a file properties sections at the report. Please select the file properties to be displayed for each list category selected in, in the inclusion report. So, that’s adding something by a specific list. You can add those right in here. This would be for larger investigations, uh, as opposed to the simple investigation where we can only have a few things selected, but if you need to scale that you have things listed by category and things like that. That list that you used to organize that, that’s where you’d put that. A supplementary file: so let’s say upon the investigation for activity X, you find out that the user is also performing activity Y, whatever that Y scenario is. Well, if there’s supplemental files that you think other people should know, well, you can certainly add those here. And also, please note here (you’re going to see this again in a second), including the case log, uh, include the case log in the report for this. Um, and, if you want the HTML files as well to be put there. Okay? Next, let’s go over there and – report location, this happens to be any place where you’re giving the report. So at this point, what happens in the investigator’s mind is absolutely critical. You are going to export these files and then you are going to to take a message digest of these files, uh, for your own purposes because this is where you can always track exactly what you have provided in the report. You have a specific message digest that goes along with that, so that’s a perfect time to go, “Snapshot!” Okay? Get that message digest and record it. Uh, that should be covered in, in the documentation, that way if anybody wants to verify the integrity from the time you wrote the report, it can be done, alright? And of course if you like the report in English, we’ll say yes. So also would you like to view the report? Here’s where everything gets reported to basically the final webpage, and it’s going to cover all of the case information and details. Um, everything from the version of the software that, that performed all of this investigation, and all of the fields that we fill out throughout all of these videos, okay? It ultimately leads to, to this moment, okay? Um, if you want to look at specific case information, here’s where all of that is, everything from the, who’s the forensics examiner, the investigator, etc., etc. There are all of the file overviews, alright? All of the specific file references and the, and, also the evidence list, the list of evidence that would’ve been included in um – now, I told you would see this again. The case log, and there is – throughout this course there’s been talk about the case log. Well, this is literally the forensics investigator’s notebook in many cases. Read this every single time and go through it and understand it. It should make sense to you, alright? Get used to seeing things in that format. Also, the list file properties, any bookmarks that would’ve been added, and any of the selected graphic thumbnails to be included in the report, they would all be, you know, in, in the report. And then if you want you can go to a list file database, okay? So, that’s it. That’s how to go through, uh, and create a case report and that is something that every investigator is going to need to know. Uh, how could ever have a job if you don’t know how to create a report? You get, want to get hired as a consultant, you want to work in the field, uh, and you’re performing these activities, you need to, one, understand integrity, the, the case management and everything else and understand the business aspect of this as well. This is very much a part of the types of activities that you would be supplying in terms of, you know, the case information, who’s the investigator involved. And you’re performing the activity for, you know, what reasons? Uh, or, you know, what they provided you and what you did to it, and then the report that goes along with it to, basically get your paycheck. Think of it that way. It’s to get your paycheck, um, to, uh, complete a transaction in the business scope of things. So, I hope you enjoyed the videos, my name’s Leo Dregier and I’ll see you in the next video. [/toggle_content] This lab provides a demonstration on how to tie everything together, it’s the Report Lab for of the Access Data FTK module. You’ll learn how to launch and use the report wizard, what components you should include, how to use certain wizard feature, how to customized and what you should customize, and how to incorporate all your actual forensic resources, finding, primary and supplementary files, the file properties of your files, and display them to generate a really cohesive case report. And lastly, you’ll also learn to verify the integrity of your report, summarize it and how to include/reference your case log and discuss why its critically important to your forensic analysis work.
Recommended Study Material
Learn on the go.
The app designed for the modern cyber security professional.
Get it on Google Play Get it on the App Store

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Cybrary On The Go

Get the Cybrary app for Android for online and offline viewing of our lessons.

Get it on Google Play

Support Cybrary

Donate Here to Get This Month's Donor Badge

Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?