Access Data FTK

[toggle_content title="Transcript"] Hi, Leo Dregier here with Cybrary IT. I want to talk to you about Access Data Forensics Toolkit, FTK. Uh, it’s relatively an easy program to use. You basically set it up, um, trying to get the basic navigation of it and then actually start using it to manipulate cases and more [00:28] case files. Um, it’s pretty straightforward, so let’s take a closer look. As far as the setup is concerned, um, it’s pretty much an, uh, install program like you would install just about anything else. You’re going to run through the install; it may prompt you for a few additional things, uh, like to install some databases and things like that. Most of the time you can just keep clicking Next and then you’ll get through it just fine, or we’ll look at it closer when we get to the, uh, hands-on part. Um, there’s also a Known File Filter that you can install; uh, definitely don’t skip this one, this is a, uh, a critical component of FTK and makes using it much, much easier; we’re going to talk about that. There’s a couple different licensing models; we’ll talk about that when we actually use the software, whether you’re using it for personal use or corporate use. Um, and then you can actually set it up so that multiple people can use it too. There’s a front- and backend setup to it, so let’s say that you have, um, a storage warehouse on the backend, and then you have many computers, like three, four, five, frontend workstations that connect to that backend computer to manage the, um, the case files and things like that, uh, so you can use it in a single or multiple machine format. Uh, so setup’s relatively pretty easy. Next is navigation; you want to get used to the different tabs. I highly recommend, um, you know, just taking a little bit of time, going through each one of the tabs and just getting the basic look and feel for it, um, because what it’ll do is it’ll actually set you up to use a commercial product like Encase, um, really, really comparatively, okay? So there’s the, the Web tab, there’s the Filter tab, the Hex tab, the Graphics tab, the Explore tab, the different types of bookmarks and indexing and thumbnails and things like that. So, odds it, it would probably take you about, I don’t know, maybe about 10 or 15 minutes or so, just to get the basic look and feel out of it and, you know, be able to bounce around the tabs, and learn it that way. Um, what I definitely wouldn’t want you to do is try to think of this as like a hardcore procedure where everything that you do is going to be, you know, “Go to this tab, A, B, C, D, Next, Next, Next, Next, Next.” You want to get the feel for it, and that way, when you’re working with the software, if you need to switch over to another tab or feature, you can do that. So, get, get away from the, the rigid approach to using, um, tools or what I call ‘the spoon-fed approach’ to using the tools, uh, because you may have to go in there and, you know, perform a task X, um, and, just do that and then while that’s running you could go do something else, so it’s, uh, it’s more of an application that you should just be comfortable using. Okay? When it comes to the actual using of the Forensics Toolkit, um, creating a case is relatively simple. You go out and you fill out a Form tab, fill out a bunch of details of it, um, and then basically save it as a case. Then you can go in and start important your evidence, whether it be, you know, a .zip file, or an .iso or a hard drive or partition or an SD card or something like that. Um, then there’s data carving options. Data carving is relatively simple in, in theory. Um, big fancy name, but nonetheless very, very simple. Data carving is basically looking for hidden files or components that are, that are either hidden on the hard drive or that, or, within other files, similar to steganography. Um, then some basic things that you would want to be able to do using the software would be things like backing up cases, restoring cases, or potentially even deleting cases if you need more space or something like that. There’s a variety of filters that you can apply when you’re looking for data or analyzing data because, again, this is a very, very powerful tool; there’s also some decryption options for analyzing encrypted, uh, files, uh, so if you want to analyze something that’s all in an encrypted, uh, file system, EFS for Windows, you can do that. Um, and then finally you can write a report, um, which is ultimately your final report which you will write the report, and then, you know, send that whoever, to whoever needs the report, okay? So that’s the big picture of Access Data’s Forensics Toolkit. Um, now we could talk about the theory of it all day long, but nothing is more valuable than hands-on experience, so let’s go take a closer look. [/toggle_content] Welcome to Module 11 of the Computer Hacking and Forensics course, Access Data. This module introduces the Access Data File Tool Kit (FTK).  This lab discusses in detail the Access Data File Tool Kit (FTK), in terms of its setup, how to install, the various versions/licensing options and single vs. multiple deployments for the back and front end setup. You’ll learn the benefits of navigation thru the tool and getting a feel for all its options and what’s available on each tab, and other navigation components. Then we’ll discuss the importance of case setup and case management in terms of importing evidence, evidence options, filters, reporting, and the value of hands-on experience. The hands on demonstrations you’ll engage as part of the Access Data FTK module include the following labs:
  • Introduction Lab
  • Report Lab
  • Tools Menu Lab
  • Graphics Overview Lab
Recommended Study Material
Learn on the go.
The app designed for the modern cyber security professional.
Get it on Google Play Get it on the App Store

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Cybrary On The Go

Get the Cybrary app for Android for online and offline viewing of our lessons.

Get it on Google Play

Support Cybrary

Donate Here to Get This Month's Donor Badge

Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?