ComputerSecurityStudent (CSS) [Login] [Join Now]


|FORENSICS >> FTK >> FTK Imager >> Imager 3.1.x >> Current Page |Views: 90461

(FTK Imager: Lesson 1)

{ Install FTK Imager  }

Section 0. Background Information
  1. What is FTK Imager?
    • The FTK toolkit includes a standalone disk imaging program called FTK Imager. The FTK Imager has the ability to save an image of a hard disk in one file or in segments that may be later reconstructed.
    • It calculates MD5 hash values and confirms the integrity of the data before closing the files.
    • In addition to the FTK Imager tool can mount devices (e.g., drives) and recover deleted files.

  2. Lab Notes
    • In this lab we will do the following:
      1. Download FTK Imager.
      2. Install FTK Imager.

  3. Legal Disclaimer
    • As a condition of your use of this Web site, you warrant to computersecuritystudent.com that you will not use this Web site for any purpose that is unlawful or that is prohibited by these terms, conditions, and notices.
    • In accordance with UCC § 2-316, this product is provided with "no warranties, either express or implied." The information contained is provided "as-is", with "no guarantee of merchantability."
    • In addition, this is a teaching website that does not condone malicious behavior of any kind.
    • You are on notice, that continuing and/or using this lab outside your "own" test environment is considered malicious and is against the law.
    • © 2013 No content replication of any kind is allowed without express written permission.

     

Section 1: Log into Damn Vulnerable WXP-SP2
  1. Start VMware Player
    • Instructions
      1. For Windows 7
        1. Click Start Button
        2. Search for "vmware player"
        3. Click VMware Player
      2. For Windows XP
        • Starts --> Programs --> VMware Player

     

  2. Start Up Damn Vulnerable WXP-SP2.
    • Instructions:
      1. Click on Damn Vulnerable WXP-SP2
      2. Click on Edit virtual machine Settings
    • Note(FYI):
      • For those of you not part of my class, this is a Windows XP machine running SP2.

     

  3. Edit Virtual Machine Settings
    • Instructions:
      1. Click on Network Adapter
      2. Click on the Bridged Radio button
      3. Click on the OK Button

     

  4. Play Virtual Machine
    • Instructions:
      1. Click on Damn Vulnerable WXP-SP2
      2. Click on Play virtual machine

     

  5. Logging into Damn Vulnerable WXP-SP2.
    • Instructions:
      1. Username: administrator
      2. Password: Use the Class Password or whatever you set it.

     

  6. Open a Command Prompt
    • Instructions:
      1. Start --> All Programs --> Accessories --> Command Prompt

     

  7. Obtain Damn Vulnerable WXP-SP2's IP Address
    • Instructions:
      1. ipconfig
    • Note(FYI):
      • In my case, Damn Vulnerable WXP-SP2's IP Address 192.168.1.116.
      • This is the IP Address of the Victim Machine that will be attacked by Metasploit.
      • Record your Damn Vulnerable WXP-SP2's IP Address.
    • .
Section 2: Download FTK Imager
  1. Open Firefox
    • Instructions:
      1. Start --> All Programs --> Firefox

     

  2. Download FTK Imager 3.1.4
    • Instructions:
      1. Place the following URL into the address textbox (See Picture)
        • https://drive.google.com/file/d/0BwWG59jwoT6tMUlSWkNFUlAxanM/view?usp=sharing&resourcekey=0-8LUmLVCgeD3by8eYe8WKcw
      2. Click Download anyway
      3. Select the Save File radio button
      4. Click on the OK Button
    • Note(FYI):
      • This lesson is based on FTK Imager 3.1.x.  FTK Imager 3.1.x is no longer downloadable from Access Data.
      • In order to complete this lesson, FTK Imager 3.1.x has been made available on Google Drive. Accordingly, you must comply with Access Data's License Agreements.
      • The latest version of FTK Imager can be found below.
    •  

     

  3. Go To Downloads
    • Instructions: (On Firefox)
      1. Tools --> Downloads

     

  4. Open Containing Folder
    • Instructions:
      1. Right Click on the AccessData_FTK_Imager_3.1.4.zip
      2. Select Open Containing Folder

     

  5. Extract Executable
    • Instructions:
      1. Right Click on AccessData_FTK_Imager_3.1.4.zip
      2. Select Extract All...

     

  6. Extraction Wizard
    • Instructions:
      1. Click Next

     

  7. Extraction Wizard (Select a Destination)
    • Instructions:
      1. Click Next

     

  8. Extraction Wizard (Extraction Complete)
    • Instructions:
      1. Check Show extracted files
      2. Click Finish

     

  9. Open FTK Imager Executable
    • Instructions:
      1. Right Click on the FTK Imager Executable
      2. Select Open

     

  10. AccessData FTK Imager - InstallShield Wizard
    • Instructions:
      1. Click the Next Button

     

  11. AccessData FTK Imager - License Agreement
    • Instructions:
      1. Click the "I accept..." Radio Button.
      2. Click the Next Button

     

  12. AccessData FTK Imager - Destination Folder
    • Instructions:
      1. Click the Next Button

     

  13. AccessData FTK Imager - Install
    • Instructions:
      1. Click the Install Button

     

  14. AccessData FTK Imager - Complete
    • Instructions:
      1. Un-Check the "Launch AccessData FTK Imager" checkbox.
      2. Click the Finish Button

     

Section 3: Proof of Lab
  1. Proof of Lab
    • Instructions:
      1. dir "C:\Program Files\AccessData" | findstr "FTK"
      2. date /t
      3. echo "Your Name"
        • This should be your actual name.
        • e.g., echo "John Gray"
    • Proof of Lab Instructions
      1. Press both the <Ctrl> and <Alt> keys at the same time.
      2. Do a <PrtScn>
      3. Paste into a word document
      4. Upload to Moodle


Help ComputerSecurityStudent
pay for continued research,
resources & bandwidth