Project 6 Lab Experience
Student
Cyberspace and Cybersecurity Foundations
College
Date
For Lab 6, the digital forensics tool used to image a directory folder with the Forensic Tool Kit (FTK) Imager. The FTK also had a layout and format that mimicked the same types of format and requirements that criminal investigators used during their day-to-day work. I used the FTK Imager to process and analyze the data located on the WINATK01 virtual machine (VM). The FTK Imager tool was easy to use and allowed the user the options of selecting a physical drive, logical drive, image file, folder contents, or multiple CD/DVD. This allows for several different media devices to be duplicated. After the image is created, FTK Imager provides the user with verification results which contains the name of the file, the MDS and SHA1 Hashes. If there are any bad sectors, this information will also be provided here. There is also an image summary in a text format that contains information about the case identification and checksum for MDS and SHA1 hash for verification of the data integrity. Finally, the FTK Imager was used to export files, folders and hash sets from an image. FTK Imager gives the option to pick where the image should be stored and then the files are copied to the chosen location. All of these elements would be extremely beneficial in an investigation. With the ability to create an image of a drive, accessing its contents, and to view and export those elements would significantly enhance the success of an investigation case.