FTK_User_Guide FTK 4.2 UG
2014-07-01
: Pdf Ftk 4.2 Ug FTK 4.2 UG
Open the PDF directly: View PDF
Page Count: 317 [warning: Documents this large are best viewed by clicking the View PDF Link!]
- AccessData Legal and Contact Information
- Table of Contents
- Introducing Forensic Toolkit® (FTK®)
- Administrating Forensic Toolkit® (FTK®)
- Application Administration
- Creating an Application Administrator Account
- Changing Your Password
- Setting Database Preferences
- Managing Database Sessions
- Optimizing the Database for Large Cases
- Managing Shared KFF Settings
- Recovering and Deleting Processing Jobs
- Restoring an Image to a Disk
- Database Integration with AccessData CIRT 2.2
- Adding New Users to a Database
- About Assigning Roles to Users
- Restrictions to the Case Reviewer Role
- About Assigning Permissions to Users
- Assigning Users Shared Label Visibility
- Setting Additional Preferences
- Managing Global Features
- Application Administration
- Case Management
- Introducing Case Management
- Starting New Cases
- Opening an Existing Case
- Creating a Case
- Configuring Case Detailed Options
- Evidence Processing Options
- About Fuzzy Hashing
- Expanding Compound Files
- dtSearch Text Indexing Options
- Data Carving
- Running Optical Character Recognition (OCR)
- About Explicit Image Detection
- Including Registry Reports
- Send Email Alert on Job Completion
- Custom File Identification Options
- Evidence Refinement (Advanced) Options
- Selecting Index Refinement (Advanced) Options
- Adding Evidence to a New Case
- Converting a Case from Version 2.2 or Newer
- Managing Case Data
- Working with Static Evidence
- Static Evidence Compared to Remote Evidence
- Acquiring and Preserving Static Evidence
- Adding Evidence
- Working with Evidence Groups
- Selecting Evidence Processing Options
- Selecting a Language
- Additional Analysis
- Hashing
- Data Carving
- Viewing the Status and Progress of Data Processing and Analysis
- Viewing Processed Items
- Working with Live Evidence
- About Live Evidence
- Adding Local Live Evidence
- Methods of Adding Remote Live Evidence
- Requirements for Adding Remote Live Evidence
- Adding Evidence with the Temporary Agent
- Adding Data with the Enterprise Agent
- Methods of Deploying the Enterprise Agent
- Creating Self-signed Certificates for Agent Deployment
- Configuring Communication Settings for the Enterprise Agent Push
- Pushing the Enterprise Agent
- Removing the Enterprise Agent
- Connecting to an Enterprise Agent
- Adding Remote Data with the Enterprise Agent
- Acquiring Drive Data
- Acquiring RAM Data
- Importing Memory Dumps
- Unmounting an Agent Drive or Device
- Filtering Data to Locate Evidence
- Working with Labels
- Running Cerberus Malware Analysis
- Decrypting Files
- Understanding EFS
- Decrypting EFS Files and Folders
- Decrypting Microsoft Office Files
- Decrypting Lotus Notes Files
- Decrypting S/MIME Files
- Viewing Decrypted Files
- Decrypting Credant Files
- Decrypting Safeguard Utimaco Files
- Decrypting SafeBoot Files
- Decrypting Guardian Edge Files
- Decrypting an Image Encrypted With PGP® Whole Disk Encryption (WDE)
- Decrypting Microsoft Office and Outlook Digital Rights Management (DRM) Protected Files
- Exporting Data from the Examiner
- Copying Information from the Examiner
- Exporting Files to a Native Format
- Exporting Files to an AD1 Image
- Exporting an Image to an Image
- Exporting File List Information
- Exporting a Word List
- Exporting Recycle Bin Index Contents
- Exporting Hashes from a Case
- Exporting Custom Groups from the KFF Library
- Exporting All Hits in a Search to a CSV file
- Exporting Emails to PST
- Reviewing Cases
- Using the Examiner Interface
- Exploring Evidence
- Examining Evidence in the Overview Tab
- Examining Email
- Examining Graphics
- Examining Videos
- Examining Miscellaneous Evidence
- Bookmarking Evidence
- Using the Bookmarks Tab
- Creating a Bookmark
- Viewing Bookmark Information
- Bookmarking Selected Text
- Adding to an Existing Bookmark
- Creating Email or Email Attachment Bookmarks
- Adding Email and Email Attachments to Existing Bookmarks
- Moving a Bookmark
- Copying a Bookmark
- Deleting a Bookmark
- Deleting Files from a Bookmark
- Searching Evidence with Live Search
- Searching Evidence with Index Search
- Examining Volatile Data
- Using Visualization
- About Visualization
- Launching Visualization
- About the Visualization page
- About Visualization Time Line Views
- About the Base Time Line
- Changing the View of Visualization
- Visualizing File Data
- Visualizing Email Data
- About the Detailed Visualization Time Line
- Using the Detailed Visualization Time Line
- Visualizing Internet Browser History Data
- Customizing the Examiner Interface
- Working with Evidence Reports
- Creating a Case Report
- Adding Case Information to a Report
- Adding Bookmarks to a Report
- Adding Graphics Thumbnails and Files to a Report
- Adding a Video to a Report
- Adding a File Path List to a Report
- Adding a File Properties List to a Report
- Adding Registry Selections to a Report
- Selecting the Report Output Options
- Customizing the Report Graphic
- Viewing and Distributing a Report
- Modifying a Report
- Exporting and Importing Report Settings
- Writing a Report to CD or DVD
- Appendices
- Appendix A Working with Windows Registry Evidence
- Appendix B Supported File Systems and Drive Image Formats
- Appendix C Recovering Deleted Material
- Appendix D Working with the KFF Library
- Appendix E Managing Security Devices and Licenses
- Appendix F Configuring for Backup and Restore
- Appendix G AccessData Oradjuster
- Appendix H AccessData Distributed Processing