For more information contact: [email protected]
The AccessData® FTK® 5 Transition course introduces participants to the new features in FTK 5. Participants will learn how to use these new features to more effectively process a case and locate evidence.
Prerequisites:
This hands-on course is intended for new users, particularly forensic professionals and law enforcement personnel who use AccessData forensic software to examine, analyze and classify digital evidence. To obtain the maximum benefit from this course, you should meet the following requirements:
• Able to understand course curriculum presented in English
• Have a basic knowledge of computer forensic investigations and acquisition procedures • Perform basic operations on a personal computer
• Be familiar with the Microsoft Windows environment Class Materials and Software:
You will receive the associated materials prior to the course.
During this one-day, hands-on workshop, participants will receive an introduction to the new features in FTK5: • Processing Profiles provide a way to save frequently used processing options in a profile for use in future cases. These profiles can also be shared between FTK users. During this course, participants are shown how to create and use processing profiles to more efficiently process case evidence.
• PhotoDNA is a technology that helps investigators identify illegal graphic images. Participants are shown how to create and manage PhotoDNA libraries in FTK, then process case files against PhotoDNA libraries.
• Log2Timeline is an open-source command line tool designed to take the input from a variety of source files for the purpose of exporting them into a format that can be used by a tool for timeline analysis. Participants import Log2Timeline files into FTK to harvest specific timeline data. To facilitate this process, participants create custom column settings and filters. Participants are also shown how to create graphs and charts from the Log2Timeline data in the FTK Visualization interface
• FTK has expanded the Bookmark feature so investigators can include timeline information in bookmarks. During this module, participants add timeline information to bookmarked items, then create a timeline report of the bookmarked items
• FTK 5 has the ability to identify elements of language in documents, spreadsheets, presentations, and email. During this module, participants process case evidence to identify language elements. Participants also create custom column settings to display item languages and build language-specific filters to isolate documents using a specified language
• Social Analyzer II is designed to enhance analysis of communication by email by providing a graphical representation of patterns of communication between domains. During this module, participants use Social Analyzer II to identify significant relationships. After identifying a domain relationship, participants drill into the domain of interest to view individual e-mail address activity levels and communications patterns
• FTK 5 has the ability to view Google Chrome’s history database as individual entries. During this module, participants parse Google Chrome history and view rebuilt web pages from Google Chrome browsing activity
• FTK 5 provides enhanced integration between FTK and PRTK. Participants are shown how to utilize this functionality to more efficiently process encrypted files
Some topics and items in this class syllabus are subject to change. This document is for information purposes only. Syntricate makes no warranties, express or implied, in this document. AccessData, AccessData Certified Examiner, ACE, Distributed Network Attack, DNA, Forensic Toolkit, FTK, LAB, Password Recovery Toolkit, PRTK, Registry Viewer, and Ultimate Toolkit are registered trademarks of the AccessData, Inc. in the United States and/or other countries. Other trademarks referenced are property of their respective owners.
AccessData FTK 5 Transition
Intermediate • One-Day Instructor-Led Course
For more information contact: [email protected]
Module 1: Introduction Topics:
• Identify the FTK components
• List the FTK and PRTK system requirements • Describe how to receive upgrades and support for AccessData tools
• Install required applications and drivers Lab:
• Participants install the UTK components – FTK, KFF Library, FTK Imager, Registry Viewer, and PRTK
Module 2: FTK Evidence Processing Profiles Objectives:
• Define a Processing Profile, along with the potential advantages of using them
• Create a Processing Profile using several methods in the FTK interface
• Edit an existing Processing Profile both for one- time usage and to save an edited profile for future case usage
• Import a Processing Profile into an FTK installation from a *.XML file
• Export a Processing Profile from FTK in *.XML format for transfer to another computer or FTK user
Lab:
• During the practical, participants get hands-on experience with creating and editing custom profiles. Participants also export a processing profile from FTK, then import an existing processing profile from an XML file. Module 3: FTK PhotoDNA Feature
Objectives:
• Describe and discuss PhotoDNA functionality with FTK
• Create a PhotoDNA library data set
• Process files in a case against a PhotoDNA library
• Export PhotoDNA data I n*.CSV (Comma Separated Value) format
• Import PhotoDNA data from a *.CSV file
Lab:
• During the practical, participants create a PhotoDNA library data set then process files in a case against the library. Participants also add and remove files from the PhotoDNA library and import/export PhotoDNA library information. Module 4: FTK Log2Timeline Support Objectives:
• Discuss the open source origins of
Log2Timeline and some of the potential data types which can be imported into the format • Import a file created by Log2Timeline into FTK using the proper processing options • Use filters to view specific desired data contained in Log2Timeline files
• Create a Custom Column Setting using properties specific to the Log2Timeline format
• Bookmark Log2Timeline entries
• Generate graphs and charts from the data in the Visualization interface
Lab:
• During the practical, participants add Log2Timeline files to FTK, then review the Log2Timeline data in FTK. Additionally, participants create a custom column setting to view properties specific to the
Log2Timeline format and create custom filters to filter Log2Timeline data. Finally, participants view Log2Timeline entries in the Visualization interface.
Module 5: Timeline Support for Bookmarked Items
Objectives:
• Add timeline information to selected bookmarked items, including comments in the date fields and manual timeline entries. • Generate a CSV delimited file from the content of the timeline bookmarks for further analysis of bookmarked data
Some topics and items in this class syllabus are subject to change. This document is for information purposes only. Syntricate makes no warranties, express or implied, in this document. AccessData, AccessData Certified Examiner, ACE, Distributed Network Attack, DNA, Forensic Toolkit, FTK, LAB, Password Recovery Toolkit, PRTK, Registry Viewer, and Ultimate Toolkit are registered trademarks of the AccessData, Inc. in the United States and/or other countries. Other trademarks referenced are property of their respective owners.
AccessData FTK 5 Transition
Intermediate • One-Day Instructor-Led Course
For more information contact: [email protected]
Lab:
• During the practical, participants add timeline information to bookmarked items, then create a timeline report of the bookmarked items. The timeline report is sorted and filtered in Excel and subsequently added back into a bookmark in FTK.
Module 6: Language Identification Objectives:
• Identify and choose the proper processing options for the Language Identification function • Access the list of available languages within the FTK interface
• Use Custom Column settings and properties specific to Language Identification
• Create and use filters which isolate documents using a specified language
Lab:
• During the practical, participants explore the basic and extended processing options for the language Identification function in FTK.
Participants also create a custom column setting to display item languages and build a language- specific filter to isolate documents using a specified language.
Module 7: Social Analyzer Objectives:
• Describe the basic Social Analyzer II functionality • Create screenshots of the Social Analyzer II window
• Comment a screenshot
• Add screenshots to a bookmark • Add screenshots into the FTK report Lab:
• During the practical, participants review the Social Analyzer II functionality and process information in the Social Analyzer window. Participants also add screenshots to a bookmark and the FTK report.
Module 8: Parsing and Rebuilding Google Chrome History
Objectives:
• Identify processing options available for the Google Chrome history database
• Identify artifacts created from additional processing of the Google Chrome history database
• View rebuilt web pages from Google Chrome browsing activity
Lab:
• During the practical, participants parse Google Chrome history and view rebuilt web pages from Google Chrome browsing activity.
Module 9: FTK 5 Encryption Enhancements Objectives:
• Send an encrypted file to PRTK from FTK • Add a decrypted file into FTK
• Use FTK’s automatic decryption feature Lab:
• During the practical, participants send an encrypted file to PRTK from FTK, add the decrypted file back into FTK. Participants also decrypt files using FTK’s Automatic Decryption feature.
Some topics and items in this class syllabus are subject to change. This document is for information purposes only. Syntricate makes no warranties, express or implied, in this document. AccessData, AccessData Certified Examiner, ACE, Distributed Network Attack, DNA, Forensic Toolkit, FTK, LAB, Password Recovery Toolkit, PRTK, Registry Viewer, and Ultimate Toolkit are registered trademarks of the AccessData , Inc. in the United States and/or other countries. Other trademarks referenced are property of their respective owners.