CSEC 610 Week 9 Conference Paper

CSEC 610 Week 9 Conference Paper

use the virtual lab to work on this discussion assignment. —

TK Imager is a data preview and imaging tool that allows you to examine files and folders on local hard drives, network drives, CDs/DVDs, and review the content of forensic images or memory dumps. Using FTK Imager you can also create SHA1 or MD5 hashes of files, export files and folders from forensic images to disk, review and recover files that were deleted from the Recycle Bin (providing that their data blocks haven’t been overwritten), and mount a forensic image to view its contents in Windows Explorer.

FTK Imager is installed in the virtual lab. Log on to the virtual lab, get familiar with the tool and then answer the questions:

How to add an individual file or a file folder as evidence items?
What are the differences between TEXT view and HEX view?
Discussion of the tool’s strengths and weaknesses

Add a JPG image file as an evidence (You can do so by “add evicence item” –> select “content of a folder” and browse to the image file) and write down the HEX code from 0000 to 0007.