ComputerSecurityStudent (CSS) [Login] [Join Now]




|FORENSICS >> FTK >> FTK Imager Lite >> Imager Lite 3.1.1 >> Current Page |Views: 5322

(FTK Imager Lite: Lesson 2)

{ Create FTK Imager Lite ISO with WinISO  }


Section 0. Background Information
  1. What is the Purpose of this lab?
    • In this lab I am showing a student how to create an ISO from FTK Imager Lite.
    • Running FTK Imager from a CD or ISO does not require a forensics investigator to actually install software on the machine that is being analyzed.
  2. What is FTK Imager Lite?
    • The Forensic Toolkit Imager (FTK Imager) is a commercial forensic imaging software package distributed by AccessData.
    • The FTK Imager Lite version can be installed and executed from a CD/DVD or USB media.
     
  3. What is WinISO?
    • WinISO is a professional CD/DVD/Blu-ray image file utility tool that can: Make disc image files from CD/DVD/Blu-ray Drive. Convert image files between ISO / BIN and other formats. (Including NRG, CCD and MDS image file formats) Extract, edit, rename ISO files directly.

  4. Pre-Requisite Labs
    1. WinISO: Lesson 1: Install WinISO

  5. Lab Notes
    • In this lab we will do the following:
      1. Create a VMware Shared Folder
      2. Download FTK IMAGER LITE
      3. Burn FTK IMAGER LITE to an ISO/CD
      4. Test FTK IMAGER LITE ISO/CD

  6. Legal Disclaimer
    • As a condition of your use of this Web site, you warrant to computersecuritystudent.com that you will not use this Web site for any purpose that is unlawful or that is prohibited by these terms, conditions, and notices.
    • In accordance with UCC § 2-316, this product is provided with "no warranties, either express or implied." The information contained is provided "as-is", with "no guarantee of merchantability."
    • In addition, this is a teaching website that does not condone malicious behavior of any kind.
    • Your are on notice, that continuing and/or using this lab outside your "own" test environment is considered malicious and is against the law.
    • © 2015 No content replication of any kind is allowed without express written permission.

     

Section 1: Log into Damn Vulnerable WXP-SP2
  1. Start VMware Player
    • Instructions
      1. For Windows 7
        1. Click Start Button
        2. Search for "vmware player"
        3. Click VMware Player
      2. For Windows XP
        • Starts --> Programs --> VMware Player

     

  2. Start Up Damn Vulnerable WXP-SP2.
    • Instructions:
      1. Click on Damn Vulnerable WXP-SP2
      2. Click on Edit virtual machine Settings
    • Note(FYI):
      • For those of you not part of my class, this is a Windows XP machine running SP2.

     

  3. Edit Virtual Machine Settings
    • Instructions:
      1. Click on Network Adapter
      2. Click on the Bridged Radio button
      3. Click on the OK Button

     

  4. Play Virtual Machine
    • Instructions:
      1. Click on Damn Vulnerable WXP-SP2
      2. Click on Play virtual machine

     

  5. Logging into Damn Vulnerable WXP-SP2.
    • Instructions:
      1. Click on Administrator
      2. Password: Supply Password
      3. Press <Enter> or Click the Arrow
     
Section 2: Enabled VMware Shared Folder
  1. Virtual Machine Settings...
    • Instructions:
      1. Player --> Manage --> Virtual Machine Settings...

     

  2. Folder Sharing
    • Instructions:
      1. Click the Options Tab
      2. Click on Shared Folder
      3. Click on the Enabled until power off or suspend radio button
      4. Click on the Add button

     

  3. Add Shared Folder Wizard
    • Instructions:
      1. Click on the Next Button

     

  4. Browse to Shared Folder
    • Instructions:
      1. Click the Browse... button

     

  5. Browse For Folder
    • Instructions:
      1. Select either your C: Drive or USB: Drive
        • Note: In my case, I am using a USB Drive (G:)
      2. Click on Make New Folder

     

  6. Name Folder
    • Instructions:
      1. Name the folder --> "FTK IMAGER LITE ISO"
      2. Click the OK Button

     

  7. Name the Shared Folder
    • Instructions:
      1. Host path: G:\FTK IMAGER LITE ISO
        • Note: In my case, I am using a USB Drive (G:)
      2. Name: FTK IMAGER LITE ISO
      3. Click Next

     

  8. Specify Shared Folder Attributes
    • Instructions:
      1. Check the Enable this share checkbox
      2. Click the Finish button

     

  9. View Shared Folder Results
    • Instructions:
      1. Notice the share that you just created
      2. Click the OK Button

 

Section 3: Verify Network Connectivity
  1. Open a Command Prompt
    • Instructions:
      1. Start --> All Programs --> Accessories --> Command Prompt

     

  2. Obtain Damn Vulnerable WXP-SP2's IP Address
    • Instructions:
      1. ipconfig
    • Note(FYI):
      • In my case, Damn Vulnerable WXP-SP2's IP Address 192.168.1.116.
      • Record your Damn Vulnerable WXP-SP2's IP Address.

     

Section 4: Download FTK IMAGER LITE
  1. Open Firefox
    • Instructions:
      1. Start --> All Programs --> Firefox

     

  2. Navigate to FTK Imager Lite
    • Instructions:
      1. Place the following URL into the address textbox and press enter (See Picture)
        • http://www.accessdata.com/support/product-downloads
      2. Click on FTK IMAGER Arrow
      3. Click the FTK Imager Lite version 3.1.1 Download Link
    •  

     

  3. Save FTK IMAGER LITE
    • Instructions:
      1. Click the Download Now button
      2. Click the Save File radio button
      3. Click the OK button

     

  4. Save Location
    • Instructions:
      1. Navigate to Desktop --> My Documents --> Downloads
      2. Click the Save Button

     

  5. Go To the Downloads Folder
    • Instructions:
      1. Tools --> Downloads

     

  6. Open Containing Folder
    • Instructions:
      1. Right Click on Imager_Lite_3.1.1.zip
      2. Click Open Containing Folder

     

  7. Extract Files
    • Instructions:
      1. Right Click on Imager_Lite_3.1.1.zip
      2. Click on Extract All...

     

  8. Extraction Wizard
    • Instructions:
      1. Click the Next Button

     

  9. Select a Destination
    • Instructions:
      1. Click the Next Button

     

  10. Extract Completion
    • Instructions:
      1. Click the Finish Button

 

Section 5: Create FTK IMAGER LITE ISO
  1. Start DoISO
    • Notes(FYI):
      1. It is not necessary to use WinISO to burn FTK Imager Lite to an ISO.  You can use Nero, Roxio, or whatever.  However, WinISO is free and good.
    • Instructions:
      1. Click the Start Button
      2. All Programs --> WinISO --> WinISO

     

  2. Add Directory
    • Instructions:
      1. Click on Actions
      2. Click on Add Directory...

     

  3. Source Location
    • Instructions:
      1. Navigate to the following location
        • C:\Documents and Settings\Administrator\My Documents\Downloads\Imager_Lite_3.1.1
      2. Click the OK Button

     

  4. Set CD-label name
    • Instructions:
      1. Click on Actions
      2. Click on Set CD-label name

     

  5. Rename Label
    • Instructions:
      1. Rename CD Label to FTK

     

  6. Save ISO (Part 1)
    • Instructions:
      1. Click File
      2. Click Save as...

     

  7. Save ISO (Part 2)
    • Instructions:
      1. Navigate to Desktop --> My Documents --> Downloads
      2. File name: IMAGER_LITE_3.1.1.ISO
      3. Save as type: Standard ISO9660 Format(*.ISO)
      4. Click the Save Button

     

Section 6: Copy ISO to VMware Shared Folder
  1. Create VMware Shared Folders Desktop Shortcut
    • Instructions:
      1. Navigate to \\vmware-host
      2. Right Click on Shared Folders
      3. Select Create Shortcut
      4. Click the Yes Button

     

  2. Copy ISO
    • Instructions:
      1. Navigate to the following directory
        • C:\Documents and Settings\Administrator\My Documents
      2. Right click on Imager_Lite_3.1.1.iso
      3. Select Copy

     

  3. Navigate to the VMware Shared Folders
    • Instructions:
      1. Double Click on the VMware Shared Folders located on the desktop

     

  4. Paste ISO File
    • Instructions:
      1. Navigate to the FTK IMAGER LITE ISO
        • \\vmware-host\Shared Folders\FTK IMAGER LITE ISO
      2. Right Click in the white window pain (See Picture)
      3. Select Paste

 

Section 7: Test the ISO/CD Image
  1. Virtual Machine Settings...
    • Instructions:
      1. Click Player
      2. Navigate to Manage --> Virtual Machine Settings...

     

  2. Set CD/DVD
    • Instructions:
      1. Highlight CD/DVD (IDE)
      2. Check the Connected Checkbox
      3. Click the Use ISO image file radio button
      4. Click the Browse... button and navigate to the ISO location.
        • In my case, G:\FTK IMAGER LITE ISO\IMAGER_LITE_3.1.1.ISO
      5. Click the OK Button

     

  3. Start FTK Imager from CD
    • Note(FYI):
      • A Windows Explorer window should have opened up to the D: drive.
    • Instructions:
      1. Navigate to D:\Imager_List_3.1.1
      2. Right Click on FTK Imager.exe
      3. Select Open

     

  4. Congratuations
    • Note(FYI):
      1. Congratuations you successfully burned FTK IMAGER LITE to a CD and tested it!!!

 

Section 8: Proof of Lab
  1. Proof of Lab
    • Instructions:
      1. dir D:\ | findstr "FTK"
      2. date /t
      3. echo "Your Name"
        • This should be your actual name.
        • e.g., echo "John Gray"
    • Proof of Lab Instructions
      1. Press the <Ctrl> and <Alt> key at the same time.
      2. Press the <PrtScn> key.
      3. Paste into a word document
      4. Upload to Moodle


Help ComputerSecurityStudent
pay for continued research,
resources & bandwidth