FTK_User_Guide FTK UG 4
2012-09-27
: Pdf Ftk Ug 4 FTK_UG_4 ftk
Open the PDF directly: View PDF
Page Count: 286 [warning: Documents this large are best viewed by clicking the View PDF Link!]
- AccessData Legal and Contact Information
- Table of Contents
- Introducing AccessData® (AD) Forensic Toolkit® (FTK®)
- Administrating AccessData® (AD) Forensic Toolkit® (FTK®)
- Application Administration
- Creating an Application Administrator account
- Changing Your Password
- Setting Database Preferences
- Managing Database Sessions
- Managing Shared KFF Settings
- Recovering and Deleting Processing Jobs
- Restoring an Image to a disk
- Adding New Users to a Database
- About Assigning Roles to Users
- Restrictions to the Case Reviewer Role
- About Assigning Permissions to Users
- Assigning Users Shared Label Visibility
- Setting Additional Preferences
- Managing Global Features
- Application Administration
- Case Management
- Introducing Case Management
- Starting New Cases
- Opening an Existing Case
- Creating a Case
- Configuring Case Detailed Options
- Evidence Processing Options
- About Fuzzy Hashing
- Compound Files
- dtSearch Text Indexing Options
- Data Carving
- Running Optical Character Recognition (OCR)
- About Explicit Image Detection
- Including Registry Reports
- Send Email Alert on Job Completion
- Custom File Identification Options
- Evidence Refinement (Advanced) Options
- Selecting Index Refinement (Advanced) Options
- Adding Evidence to a New Case
- Converting a Case from versions 2.2+
- Managing Case Data
- Working with Evidence Image Files
- Verifying Drive Image Integrity
- Mounting an Image to a Drive
- Benefits of Image Mounting
- Characteristics of a Logically Mounted Image
- Characteristics of a Physically Mounted Image
- Mounting an Image as Read-Only
- Mounting a Drive Image as Writable
- Unmounting an Image
- Restoring an Image to a Disk
- Performing Final Carve Processing
- Recovering Processing Jobs
- Working with Static Evidence
- Working with Live Evidence
- About Live Evidence
- Adding Local Live Evidence
- Methods of Adding Remote Live Evidence
- Requirements for Adding Remote Live Evidence
- Adding Evidence with the Temporary Agent
- Adding Data with the FTK Enterprise Agent
- Methods of Deploying the FTK Enterprise Agent
- Creating Self-signed Certificates for Agent deployment
- Configuring Communication Settings for FTK Enterprise Agent push
- Pushing the FTK Enterprise Agent
- Removing the FTK Enterprise Agent
- Connecting to an FTK Enterprise Agent
- Adding Remote Data with the FTK Enterprise Agent
- Acquiring Drive Data
- Acquiring RAM Data
- Importing Memory Dumps
- Unmounting an Agent Drive or Device
- Filtering Evidence
- Working with Labels
- Running Cerberus Malware Analysis
- Decrypting EFS and Other Encrypted Files
- Understanding EFS
- Decrypting EFS Files and Folders
- Decrypting MS Office Files
- Decrypting Lotus Notes Files
- Decrypting S/MIME Files
- Viewing Decrypted Files
- Decrypting Credant Files
- Decrypting Safeguard Utimaco Files
- Decrypting SafeBoot Files
- Decrypting Guardian Edge Files
- Decrypting an Image Encrypted With PGP® Whole Disk Encryption (WDE)
- Exporting Data from the Examiner
- Reviewing Cases
- Tabs of the Examiner Interface
- Exploring Evidence
- Examining Evidence in the Overview Tab
- Examining Email
- Examining Graphics
- Bookmarking Evidence
- Using the Bookmarks Tab
- Creating a Bookmark
- Viewing Bookmark Information
- Bookmarking Selected Text
- Adding to an Existing Bookmark
- Creating Email or Email Attachment Bookmarks
- Adding Email and Email Attachments to Existing Bookmarks
- Moving a Bookmark
- Copying a Bookmark
- Deleting a Bookmark
- Deleting Files from a Bookmark
- Searching Evidence with Live Search
- Searching Evidence with Index Search
- Examining Volatile Data
- Using Visualization
- Customizing the Examiner Interface
- Working with Evidence Reports
- Creating a Case Report
- Adding Case Information to a Report
- Adding Bookmarks to a Report
- Adding Graphics Thumbnails and Files to a Report
- Adding a File Path List to a Report
- Adding a File Properties List to a Report
- Adding Registry Selections to a Report
- Selecting the Report Output Options
- Customizing the Report Graphic
- Viewing and Distributing a Report
- Modifying a Report
- Exporting and Importing Report Settings
- Writing a Report to CD or DVD
- Appendencies
- Appendix A Working with Windows Registry Evidence
- Appendix B Supported File Systems and Drive Image Formats
- Appendix C Recovering Deleted Material
- Appendix D Working with the KFF Library
- Appendix E Managing Security Devices and Licenses
- Appendix F Configuring for Backup and Restore
- Appendix G AccessData Oradjuster
- Appendix H AccessData Distributed Processing