One of the most common commercial digital forensic tools is Forensic Toolkit from Access Data, better known as FTK. FTK is an integrated tool used in many types of digital forensic investigations, with a focus on computers and servers.
Additional Access Data tools that are commonly used with FTK include Password Recovery Toolkit (PRTK) and Registry Viewer. FTK Imager, which is license-free, is used to create forensic images of media in a variety of formats that can be used by digital forensic tools. In this project, you will use all four of these Access Data tools in a typical law enforcement scenario.
There are three steps in this project. In those steps, you will use FTK and other Access Data tools to image two computers and a thumb drive or USB stick. Each step in the project requires you to respond to detectives’ questions based on computer images.
The final assignment is a paper that helps detectives better understand the use of FTK Imager and other Access Data tools to access and image computers and thumb drives. In Step 1, you introduce detectives to the basics of forensic digital investigation by creating an image using FTK Imager.
Your work will be evaluated using the competencies listed below.
- 1.1: Organize document or presentation clearly in a manner that promotes understanding and meets the requirements of the assignment.
- 1.4: Tailor communications to the audience.
- 1.6: Follow conventions of Standard Written English.
- 1.7: Create neat and professional looking documents appropriate for the project or presentation.
- 2.2: Locate and access sufficient information to investigate the issue or problem.
- 5.3: Demonstrate the appropriate use of multiple digital forensic tools and techniques for imaging.
- 6.1: Perform report creation, affidavit creation, and preparation to testify.
- 6.3: Use forensic tools for investigation of multimedia technologies.
- 6.4: Demonstrate the ability to gather file system evidence.