Digital Forensics Report: Analysis of FTK Imager in Investigations

Verified

Added on 2022/08/29

AI Summary

This report provides an overview of digital forensics and focuses on the FTK Imager tool. It begins with an introduction to digital forensics, emphasizing the importance of preserving evidence and reconstructing past events. The report then delves into the specifics of FTK Imager, including its vendor (AccessData) and URL. It details the tool's features, such as creating forensic images of hard drives, previewing files, mounting images, exporting files, and generating hash values for data integrity. The report also discusses the latest version of the tool and its various applications in forensic investigations, highlighting its role in acquiring and analyzing digital evidence. The conclusion summarizes the key aspects of FTK Imager and its significance in the field of digital forensics, reinforcing its value for forensic investigators.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.

Running head: DIGITAL FORENSICS
DIGITAL FORENSICS
Name of the Student
Name of the University
Author Note

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

1DIGIGTAL FORENSICS
Table of Contents
Introduction:...............................................................................................................................2
Discussions.................................................................................................................................2
Forensic Vendor Name and URL...........................................................................................2
Acquisition Tool Name and Latest Version...........................................................................2
Features of FTK Imager.........................................................................................................2
Conclusion..................................................................................................................................2
References..................................................................................................................................3

2DIGIGTAL FORENSICS
Introduction
Digital forensics is the procedure of interpreting and uncovering digital data. The
main aim of the procedure is to preserve any of the evidences in its original state while
executing an investigation that is structured by collection, recognising and validation of the
electronic information for the objective of reconstruction of the past events. The context is
often utilised for the data usage in the court of law but the digital forensics can be utilised in
other instances also.
The report focuses on the digital forensics tool FTK imager. The report provides an
overview of the name of the forensic vendor and the URL of the vendor of the forensics tool.
The report focuses on the digital forensic tool that is FTK imager and the latest version of the
forensics tool. The report provides an overview of the FTK imager and the features of the
FTK imager.
Discussions
Forensic Vendor Name and URL
The digital forensics tool that is taken is forensic toolkit imager and the vendor of the
forensic toolkit is Access data. The forensic toolkit introduces a new program known as FTK
imager (Carbone, 2014). The tool was released 2 years ago and the operating system on
which the tool executes is windows. The Forensic tool kit is a software of digital forensic that
is created by AccessData and the FTK imager is a standalone program of the Forensic
Toolkit.
The URL of the vendor of digital forensics tool is https://accessdata.com/products-
services/forensic-toolkit-ftk/ftkimager or https://accessdata.com/products-services/forensic-
toolkit-ftk

3DIGIGTAL FORENSICS
Acquisition Tool Name and Latest Version
The name of the tool that is utilised in digital forensics is FTK imager, which is a part
of the forensic toolkit. It has been said that forensic toolkit is very versatile but in order to do
a sound practice is to get the copies of the data of the affected systems and then operate on
those copies of data (Easttom, 2019). In order to help in this procedure, the AccessData
provides the forensic investigators, software called FTK Imager. The FTK Imager is an
imaging and a preview of data tool that is utilised in order to obtain data in a sound manner
by creating various copies of data and not making changes in the original data. Other than,
developing images of the CDs, hard drives, the FTK imager also has the feature of data
preview (Hashim et al.,2017). This can be utilised in order to preview both the folders and the
files and the contents those are present in the files and the folders. The FTK imager also
supports mounting of images that upgrade the portability of the tool. This tool can also create
more than one format of files. While developing the copies of the disk those are original, an
essential aspect is to check the integrity of the file. The FTK Imager also helps in this field
and it creates hashes of Message Digest 5 and Secure Hash Algorithm 1 (Beek, 2010).
The latest version of the FTK imager is 4.3.0. The other versions of FTK imager
include 4.2.1, 3.1.1 lite version, 3.4.0.5, 4.2.0 and many more
Features of FTK Imager
The FTK imager is a very powerful tool of digital forensics and the forensic investigators
for investigation use it (Kävrestad, 2017). The features of the FTK imager are as follows:
 Develop images of forensic of the hard drives, DVDs, CDs, folders and files from
different places that are within the digital media
 Preview folders and the files those are present on the hard drives, drives of network,
DVDs, CDs and other devices of USB (Ham & James, 2020).

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

4DIGIGTAL FORENSICS
 Preview the contents of the images of forensics those are stored and present on the local
machine or the drive of the network
 Mount an image for the view of read-only that increases the Windows Internet Explorer
to view the content of the image same as the end user saw the images that is present on
the original files
 Exporting files and folders from the images of forensic
 View and then recover the various folders and files those have been deleted from the
Recycle bin and it has not been overwritten on the drive
 Develop hashes of files in order to check the data integrity by utilising the two functions
of hash that are available in the FTK imager (Akbal & Dogan, 2018). The two hash
functions include Message Digest 5 and Secure Hash Algorithm
 Generate reports of hash for the files those are regular and the images of disk that can be
utilised later as a benchmark in order to prove the integrity of the evidence of the cases
(Ghazinour et al.,2017). When an image of a full drive is taken, a hash that is produced by
the FTK imager can be utilised in order to authenticate the hash of image and the hash of
the drive matches after the hash is developed. The hash stays unchanged since attainment.
Conclusion
From the report, it can be concluded that digital forensics is very important for the
forensic investigation. The tool that is discussed in the report is FTK imager that is a part of
the Forensic Toolkit. The vendor of the FTK imager is the AccessData and the URL of the
vendor is provided in the report. The report provides an overview of the FTK imager tool and
the working of the tool is mentioned in the report. Many of the investigators favour this tool
because it can utilised in order to develop the forensic images of the various drives and helps
to mount the forensic images that is stored in the local machine. The report discusses about
the various versions of the FTK imager tool those are available and that can be downloaded

5DIGIGTAL FORENSICS
free from the internet. The FTK imager is one of the most important digital forensic tools and
it has several features those are favourable for the forensic investigators. The report provides
an overview of the various features of the FTK imager and its role in digital forensic
investigation.

6DIGIGTAL FORENSICS
References
Akbal, E., & Dogan, S. (2018). Forensics Image Acquisition Process of Digital
Evidence. International Journal of Computer Network and Information
Security, 10(5), 1-8.
Beek, C. (2010). Virtual forensics. Ten ICT Professionals, Paper nd.
Carbone, F. (2014). Computer forensics with FTK. Packt Publishing Ltd.
Easttom, C. (2019). Computer security fundamentals. Pearson IT Certification.
Ghazinour, K., Vakharia, D. M., Kannaji, K. C., & Satyakumar, R. (2017, September). A
study on digital forensic tools. In 2017 IEEE International Conference on Power,
Control, Signals and Instrumentation Engineering (ICPCSI) (pp. 3136-3142). IEEE.
Ham, J., & James, J. I. (2020). A Feature Comparison of Modern Digital Forensic Imaging
Software. arXiv preprint arXiv:2001.00301.
Hashim, M. A., Halim, I. H. A., Ismail, M. H., Noor, N. M., Fuzi, M. F. M., Mohammed, A.
H., & Gining, R. A. J. (2017). Digital Forensic Investigation of Trojan Attacks in
Network using Wireshark, FTK Imager and Volatility. Computing Research &
Innovation (CRINN) Vol 2, October 2017, 205.
Kävrestad, J. (2017). FTK Specifics. In Guide to Digital Forensics (pp. 97-116). Springer,
Cham.