FTK_User_Guide FTK UG
2017-11-02
: Pdf Ftk Ug FTK_UG 6.3.x ftk
Open the PDF directly: View PDF
Page Count: 589 [warning: Documents this large are best viewed by clicking the View PDF Link!]
- AccessData Legal and Contact Information
- Table of Contents
- Introducing Forensic Toolkit® (FTK®)
- Administrating Forensic Toolkit® (FTK®)
- Application Administration
- Initializing the Database and Creating an Application Administrator Account
- Creating Databases for Individual Cases
- Recovering and Deleting Processing Jobs
- Database Integration with other AccessData Products
- Adding New Users to a Database
- Email Notifications for Case-Level Permissions
- Application Administration
- Case Management
- Introducing Case Management
- Creating and Configuring New Cases
- Opening a Case in iSubmit
- Creating a Case
- Configuring Detailed Options for a Case
- Evidence Processing Options
- Expanding Compound Files
- Using dtSearch Text Indexing
- Configuring Case Indexing Options
- Data Carving
- Running Optical Character Recognition (OCR)
- Using Explicit Image Detection
- Including Registry Reports
- Send Email Alert on Job Completion
- Custom File Identification Options
- Creating Custom File Identifiers
- Configuring Evidence Refinement (Advanced) Options
- Refining Evidence by File Status/Type
- Selecting Index Refinement (Advanced) Options
- Selecting Lab/eDiscovery Options
- Adding Evidence to a New Case
- Managing Case Data
- Working with Evidence Image Files
- Working with Static Evidence
- Working with Live Evidence
- Types of Live Evidence
- Adding Local Live Evidence
- Methods of Adding Remote Live Evidence
- Adding Evidence with the Temporary Agent
- Adding Data with the Enterprise Agent
- Methods of Deploying the Enterprise Agent
- Creating Self-signed Certificates for Agent Deployment
- Configuring Communication Settings for the Enterprise Agent Push
- Pushing the Enterprise Agent
- Removing the Enterprise Agent
- Connecting to an Enterprise Agent
- Adding Remote Data with the Enterprise Agent
- Acquiring Drive Data
- Acquiring RAM Data
- Importing Memory Dumps
- Unmounting an Agent Drive or Device
- Filtering Data to Locate Evidence
- Working with Labels
- Decrypting Files
- About the Encrypted File Passwords List
- Identifying the Encrypted Files in a Case
- Using PRTK/DNA Integration
- Recovering Unknown Passwords of Encrypted Files
- Decrypting Other Encryption Types
- Decrypting EFS
- Decrypting Microsoft Office Digital Rights Management (DRM) Protected Files
- Decrypting Dropbox DBX Files
- Decrypting Lotus Notes Files
- Decrypting S/MIME Files
- Decrypting Credant Files (Dell Data Protection | Encryption Server)
- Decrypting Bitlocker Partitions
- Decrypting Safeguard Utimaco Files
- Decrypting SafeBoot Files
- Decrypting Guardian Edge Files
- Decrypting an Image Encrypted With PGP® WDE
- Viewing Decrypted Files
- Exporting Data from the Examiner
- Exporting Files to a Native Format
- Exporting Files to an AD1 Image
- Exporting an Image to an Image
- Exporting File List Information
- Exporting a Word List
- Exporting Hashes from a Case
- Exporting All Hits in a Search to a CSV file
- Exporting Emails to PST
- Exporting the Properties Panel
- Exporting Geolocation Data to KML or KMZ
- About Cerberus Malware Analysis
- About Cerberus Score Weighting
- About Cerberus Override Scores
- About Cerberus Threat Score Reports
- Cerberus Stage 1 Threat Scores
- Cerberus Stage 1 File Information
- About Cerberus Stage 2 Static Analysis
- About Cerberus Stage 2 Report Data
- Cerberus Stage 2 Function Call Data
- File Access Call Categories
- Networking Functionality Call Categories
- Process Manipulation Call Categories
- Security Access Call Categories
- Windows Registry Call Categories
- Surveillance Call Categories
- Uses Cryptography Call Categories
- Low-level Access Call Categories
- Loads a driver Call Categories
- Subverts API Call Categories
- Running Cerberus Malware Analysis
- Getting Started with KFF (Known File Filter)
- About the KFF Server and Geolocation
- About KFF
- Installing the KFF Server
- Configuring the Location of the KFF Server
- Migrating Legacy KFF Data from Previous Versions
- Importing KFF Data
- Using the KFF Import Utility
- Uninstalling KFF
- Installing KFF Updates
- KFF Library Reference Information
- What has Changed in Version 6.3
- What was Changed in Version 5.6
- Using the Known File Filter (KFF)
- Using Project VIC
- Reviewing Cases
- Using the Examiner Interface
- Exploring Evidence
- Examining Evidence in the Overview Tab
- Examining Email
- Examining Graphics
- Examining Videos
- Examining Miscellaneous Evidence
- Identifying Processing-Generated Data
- Viewing Windows Prefetch Data
- Viewing IIS Log File Data
- Viewing Registry Timeline Data
- Viewing Log2Timeline CSV File Data
- Identifying Document Languages
- Examining Internet Artifact Data
- Examining Mobile Phone Data
- Viewing Data in Volume Shadow Copies
- Bookmarking Evidence
- Searching Evidence with Live Search
- Searching Evidence with Index Search
- Conducting an Index Search
- Using Search Terms
- Defining Search Criteria
- Selecting Index Search Options
- Using dtSearch Regular Expressions
- Documenting Search Results
- Using Copy Special to Document Search Results
- Bookmarking Search Results
- Viewing System Information
- Examining Volatile Data
- Analyzing Document Content
- Using Visualization
- Using Visualization Heatmap
- Using Visualization Social Analyzer
- Using Visualization Geolocation
- Customizing the Examiner Interface
- Working with Evidence Reports
- Creating a Case Report
- Adding Case Information to a Report
- Adding Bookmarks to a Report
- Adding Graphics Thumbnails and Files to a Report
- Adding a Video to a Report
- Adding a File Path List to a Report
- Adding a File Properties List to a Report
- Adding Registry Selections to a Report
- Adding Screen Captures from Examiner
- Selecting the Report Output Options
- Modifying a Report
- Writing a Report to CD or DVD
- Reference
- Installing the AccessData Elasticsearch Windows Service
- Installing the Windows Agent
- Installing the Unix / Linux Agent
- Installing the Mac Agent
- Working with Windows Registry Evidence
- Supported File Systems and Drive Image Formats
- Recovering Deleted Material
- Managing Security Devices and Licenses
- Configuring a Multi-box Setup
- AccessData Distributed Processing