archives

ftk imager

This tag is associated with 3 posts

Windows Registry Analysis 101

by Chirath De Alwis Computer forensics is the process of methodically examining computer media (hard disks, diskettes, tapes, etc.) for evidence [1].  When considering computer forensics, registry forensics plays a huge role because of the amount of the data that is stored on the registry and the importance of the stored data. The extraction of … Continue reading

Evidence Acquisition Using Accessdata FTK Imager

by Chirath De Alwis Forensic Toolkit or FTK is a computer forensics software product made by AccessData. This is a Windows based commercial product. For forensic investigations, the same development team has created a free version of the commercial product with fewer functionalities. This FTK Imager tool is capable of both acquiring and analyzing computer forensic … Continue reading

Encrypt it, but Don’t Trust It

This is not about acquisition tools, but about understanding why we need to test our tools even if the tool was just updated.  The latest and greatest tool without testing can be a risk factor just like the old and worthless. I remember how excited I was to test TIM (Tableau IMager) on a multi … Continue reading

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Join 1,209 other followers