FTK Imager
Alonso Eduardo Caballero Quezada
Consultant in Ethical Hacking, Forensic Computing & GNU / Linux
Website: http://www.ReYDeS.com
e -mail: ReYDeS@gmail.com
Thursday, June 5, 2014
Who Am I?
• Independent Consultant and Instructor in Ethical Hacking, IT
Forensic and GNU / Linux.
• Former Member of RareGaZz and current member of PeruSEC
• Former Editor in the Linux Magazine + DVD (ES).
• Creator of the II South American Digital Forensic Challenge – Chavin de
Huantar 2012.
• Brainbench Certified Network Security, Brainbench Certified
Computer Forensics (US) & Brainbench Certified Linux
Administration (General). CNHE, CNCF, CNHAW
• More than 11 years of experience in the area.
•
•
@Alonso_ReYDeS
pe.linkedin.com/in/alonsocaballeroquezada/
What is FTK Imager?
FTK Imager is a tool for previewing data, which
can also make replicas or images. This way
can quickly evaluate electronic evidence and determine if
requires a deeper analysis with a tool
like AccessData Forensics ToolKit.
FTK Imager can also create perfect copies (images
] forensics) of computer-based data without making changes
in the original evidence.
Important:
When using FTK Imager to create forensic images from
a hard disk or other electronic device, it should be use a
hardware-based write blocker. This ensures that the
operating system will not alter the original source unit when
append to the computer.
* http://bit.ly/16wT65d
* http: //http://bit.ly/Upsqjs
What can be done with FTK Imager?
• Create forensic images of local hard drives, CDs, DVDs,
USBs, folders , or individual media files.
• Preview files and folders from local hard drives,
network drives, CDs, DVDs, USBs, etc.
• Preview contents of stored forensic images
on the local machine or on a network drive.
• Mount a forensic image to view it on "read-only", which
allows the Windows browser to view the contents.
• Export files or folders from the forensic images.
• View and recover deleted files from the recycle bin je.
• Create file hashes using MD5 or SHA-1.
• Generate hashes reports for regular files and images
FTK Imager
To prevent accidental or intentional manipulation of the
original evidence, FTK Imager makes a duplicate image bit by bit
of the medium. The forensic image is identical in any way to the original
including the gap or residual space, and the space without
assign or the free space in the unit. This allows the
original evidence to be stored in a secure location for damage while the
investigation proceeds.
After creating the image of the data,
AccessData Forensic Toolkit (FTK) can be used to perform a forensic examination
full and deep, to then create a report of the findings.
AccessData Forensics Toolkit
It is a platform for digital forensic investigations built
to be fast, stable and easy to use.
] * http://bit.ly/Upsqjs
Visual Course in Forensic Computing
Days:
Group 1: Saturdays 7, 14, 21 and 28 June 2014
Group 2: Sundays 8, 15, 22 and 29 of June 2014
Hours:
From 9:00 a.m. to 12: 30m (UTC -05: 00)
More information:
http://bit.ly/2As4ed1
caballero.alonso@gmail.com
http://bit.ly/2ESJaiP caballeroquezada /
http://www.reydes.com
@Alonso_ReYDeS
ReYDeS
Demonstrations
.
More Material
Videos of 21 Free Webinars that I have dictated about Hacking
Ethical, Hacking Web Applications and Computer Forensics
http://bit.ly/2ePHBEk
All the slides used in the Free Webinars
found on the following page .
http://bit.ly/2AhVMwx
All articles and documents that I have published.
http://bit.ly/2SklNlW? q = node / 2
My Blog on topics of my interest.
http://bit.ly/2AiNiFv
Thank you!
FTK Imager [19659002] Alonso Eduardo Caballero Quezada
Consultant in Ethical Hacking, Forensic Computing & GNU / Linux
Website: http://www.ReYDeS.com
e-mail: ReYDeS@gmail.com
Thursday, June 5, 2014
from Nettech Post http://bit.ly/2ETKFOf
No hay comentarios:
Publicar un comentario