FTK_User_Guide FTK UG
Ftk 5.3.4 User Guide FTK 5.3.4 User Guide FTK 5.3.4 User Guide ad
Ftk Ug FTK_UG FTK_UG 5.3.7 ftk ad
Ftk 5.3.3 Ug FTK 5.3.3 UG FTK 5.3.3 UG ad
2015-04-22
: Pdf Ftk Ug FTK_UG 5.3.8 ftk
Open the PDF directly: View PDF
Page Count: 507 [warning: Documents this large are best viewed by clicking the View PDF Link!]
- AccessData Legal and Contact Information
- Table of Contents
- Introducing Forensic Toolkit® (FTK®)
- Administrating Forensic Toolkit® (FTK®)
- Case Management
- Introducing Case Management
- Creating and Configuring New Cases
- Creating a Case
- Configuring Detailed Options for a Case
- Evidence Processing Options
- Expanding Compound Files
- Using dtSearch Text Indexing
- Configuring Case Indexing Options
- Data Carving
- Running Optical Character Recognition (OCR)
- Using Explicit Image Detection
- Including Registry Reports
- Send Email Alert on Job Completion
- Custom File Identification Options
- Creating Custom File Identifiers
- Configuring Evidence Refinement (Advanced) Options
- Refining Evidence by File Status/Type
- Selecting Index Refinement (Advanced) Options
- Selecting Lab/eDiscovery Options
- Adding Evidence to a New Case
- Managing Case Data
- Working with Evidence Image Files
- Working with Static Evidence
- Working with Live Evidence
- Types of Live Evidence
- Adding Local Live Evidence
- Methods of Adding Remote Live Evidence
- Adding Evidence with the Temporary Agent
- Adding Data with the Enterprise Agent
- Methods of Deploying the Enterprise Agent
- Creating Self-signed Certificates for Agent Deployment
- Configuring Communication Settings for the Enterprise Agent Push
- Pushing the Enterprise Agent
- Removing the Enterprise Agent
- Connecting to an Enterprise Agent
- Adding Remote Data with the Enterprise Agent
- Acquiring Drive Data
- Acquiring RAM Data
- Importing Memory Dumps
- Unmounting an Agent Drive or Device
- Filtering Data to Locate Evidence
- Working with Labels
- Decrypting Files
- About the Encrypted File Passwords List
- Identifying the Encrypted Files in a Case
- Using PRTK/DNA Integration
- Recovering Unknown Passwords of Encrypted Files
- Decrypting Other Encryption Types
- Decrypting EFS
- Decrypting Microsoft Office Digital Rights Management (DRM) Protected Files
- Decrypting Lotus Notes Files
- Decrypting S/MIME Files
- Decrypting Credant Files
- Decrypting Bitlocker Partitions
- Decrypting Safeguard Utimaco Files
- Decrypting SafeBoot Files
- Decrypting Guardian Edge Files
- Decrypting an Image Encrypted With PGP® WDE
- Viewing Decrypted Files
- Exporting Data from the Examiner
- About Cerberus Malware Analysis
- About Cerberus Score Weighting
- About Cerberus Override Scores
- About Cerberus Threat Score Reports
- Cerberus Stage 1 Threat Scores
- Cerberus Stage 1 File Information
- About Cerberus Stage 2 Static Analysis
- About Cerberus Stage 2 Report Data
- Cerberus Stage 2 Function Call Data
- File Access Call Categories
- Networking Functionality Call Categories
- Process Manipulation Call Categories
- Security Access Call Categories
- Windows Registry Call Categories
- Surveillance Call Categories
- Uses Cryptography Call Categories
- Low-level Access Call Categories
- Loads a driver Call Categories
- Subverts API Call Categories
- Running Cerberus Malware Analysis
- Reviewing Cases
- Using the Examiner Interface
- Exploring Evidence
- Examining Evidence in the Overview Tab
- Examining Email
- Examining Graphics
- Examining Videos
- Examining Miscellaneous Evidence
- Identifying Processing-Generated Data
- Viewing Windows Prefetch Data
- Viewing IIS Log File Data
- Viewing Registry Timeline Data
- Viewing Log2Timeline CSV File Data
- Identifying Document Languages
- Examining Internet Artifact Data
- Performing Cluster Analysis
- Bookmarking Evidence
- Searching Evidence with Live Search
- Searching Evidence with Index Search
- Conducting an Index Search
- Using Search Terms
- Defining Search Criteria
- Selecting Index Search Options
- Using dtSearch Regular Expressions
- Documenting Search Results
- Using Copy Special to Document Search Results
- Bookmarking Search Results
- Examining Volatile Data
- Using Visualization
- Using Visualization Heatmap
- Using Visualization Social Analyzer
- Using Visualization Geolocation
- Customizing the Examiner Interface
- Working with Evidence Reports
- Creating a Case Report
- Adding Case Information to a Report
- Adding Bookmarks to a Report
- Adding Graphics Thumbnails and Files to a Report
- Adding a Video to a Report
- Adding a File Path List to a Report
- Adding a File Properties List to a Report
- Adding Registry Selections to a Report
- Adding Screen Captures from Examiner
- Selecting the Report Output Options
- Modifying a Report
- Writing a Report to CD or DVD
- Reference
- Using the Known File Filter (KFF)
- About KFF Components
- Process for Using KFF
- Configuring KFF Data
- Configuring KFF Templates for Use in Cases
- Enabling KFF for a Case
- Reviewing KFF Results in a Case
- Viewing KFF Import Data Logs
- Installing KFF
- Working with Windows Registry Evidence
- Supported File Systems and Drive Image Formats
- Recovering Deleted Material
- Managing Security Devices and Licenses
- Configuring for Backup and Restore
- AccessData Distributed Processing
- AccessData Oradjuster
- Installing the Windows Agent
- Installing the Unix / Linux Agent
- Installing the Mac Agent
- Using the Known File Filter (KFF)