manjil@home:~$

CyberDen

About

Notes

FTK-Imager

Let's properly capture the image before analyzing it

Creating a Forensic Image Using FTK Imager

image2

Let’s first view the volume details within each disks from Computer Management > Disk Management

Now to create a disk image using FTK Imager, goto File > Disk Manage, further select the Source accordingly.

image3

Creating Forensics Image for specific directory:

Choose Disk Image > Contents of a Folder > Select Image Source > Image Destination (When contents of Folder is selected as source type, it includes only Logical Files)

image4

(Note: The AD Encryption is used to Protect Sensitive Data)

Further Password prompt dialog box appears, and configure it. image5

Our image is created successfully image6

To view our image:

image7

Mounting a Forensics Image using other tools:

  • Arsenal Image Mounter:

    image8

  • OSFMount image9

Calculating Files Hashes Using HashCalc

image10

Now select any file and drag it to the hashcalc and it will generate required hashes