FTK 5 Transition (1 day)
AccessData FTK 5 Transition Workshop Forensic Toolkit / Password Recovery Toolkit
Intermediate • Three-Day Instructor-Led Course
®
®
The AccessData FTK 5 Transition Workshop introduces participants to the new features in FTK 5. Participants will learn how to use these new features to more effectively process a case and locate evidence This one-day workshop provides a hands-on introduction to the new features in FTK 5: Processing Profiles provide a way to save frequently used processing options in a profile for use in future cases. These profiles can also be shared between FTK users. During this course, participants are shown how to create and use processing profiles to more efficiently process case evidence. PhotoDNA is a technology that helps investigators identify illegal graphic images. Participants are shown how to create and manage PhotoDNA libraries in FTK, then process case files against PhotoDNA libraries. Log2Timeline is an open-source command line tool designed to take the input from a variety of source files for the purpose of exporting them into a format that can be used by a tool for timeline analysis. Participants import Log2Timeline files into FTK to harvest specific timeline data. To facilitate this process, participants create custom column settings and filters. Participants are also shown how to create graphs and charts from the Log2Timeline data in the FTK Visualization interface. FTK has expanded the Bookmark feature so investigators can include timeline information in bookmarks. During this module, participants add timeline information to bookmarked items, then create a timeline report of the bookmarked items. FTK 5 has the ability to identify elements of language in documents, spreadsheets, presentations, and email. During this module, participants process case evidence to identify language elements. Participants also create custom column settings to display item languages and build language-specific filters to isolate documents using a specified language. Social Analyzer II is designed to enhance analysis of communication by email by providing a graphical representation of patterns of communication between domains. During this module, participants use Social Analyzer II to identify significant relationships. After identifying a domain relationship, participants drill into the domain of interest to view individual e-mail address activity levels and communications patterns. FTK 5 has the ability to view Google Chrome’s history database as individual entries. During this module, participants parse Google Chrome history and view rebuilt web pages from Google Chrome browsing activity. FTK 5 provides enhanced integration between FTK and PRTK. Participants are shown how to utilize this functionality to more efficiently process encrypted files. The class includes multiple hands-on labs that allow students to apply what they have learned in the workshop. Prerequisites This hands-on class is intended for new users, particularly forensic professionals and law enforcement personnel, who use AccessData forensic software to examine, analyze and classify digital evidence. To obtain the maximum benefit from this class, you should meet the following requirements: Read and understand the English language. Perform basic operations on a personal computer. Have a basic knowledge of computer forensic investigations and acquisition procedures. Be familiar with the Microsoft Windows environment. Class Materials and Software You will receive the student training manual and CD containing the training material, lab exercises and class-related information. (Continued on next page)
For a complete listing of scheduled courses, visit http://www.accessdata.com/training/calendar-and-syllabi © July 25, 2013 AccessData Group, LLC. – All rights reserved. Some topics and items in this class syllabus are subject to change. This document is for information purposes only. AccessData makes no warranties, express or implied, in this document. AccessData, AccessData Certified Examiner, ACE, AD, AD Summation, CaseScan, CaseVantage, CaseVault, Discovery Cracker, Distributed Network Attack, DNA, Forensic Toolkit, FTK, FTK Imager, iBlaze, Mobile Phone Examiner Plus, Password Recovery Toolkit, PRTK, Registry Viewer, SilentRunner, Summation, Summation Blaze, Summation Legal Technologies, Summation WebBlaze, The Key To Cracking It, Transender PLUS, Ultimate Toolkit, UTK, ViewerRT, and WebBlaze are trademarks of AccessData Group, LLC.in the United States and/or other countries. Other trademarks referenced are property of their respective owners.
AccessData FTK 5 Transition Day Forensic Toolkit / Password Recovery Toolkit
Intermediate • One-Day Instructor-Led Workshop (Continued) Module 1: Introduction
Module 3: FTK PhotoDNA Feature
Topics Identify the FTK components. List the FTK and PRTK system requirements. Describe how to receive upgrades and support for AccessData tools. Install required applications and drivers.
Objectives Describe and discuss PhotoDNA functionality with FTK. Create a PhotoDNA library data set. Process files in a case against a PhotoDNA library. Export PhotoDNA data in *.CSV (Comma Separated Value) format. Import PhotoDNA data from a *.CSV file.
Lab Participants install the UTK components—FTK, KFF Library, FTK Imager, Registry Viewer, and PRTK. Module 2: FTK Evidence Processing Profiles Objectives Define a Processing Profile, along with the potential advantages of using them. Create a Processing Profile using several methods in the FTK interface. Edit an existing Processing Profile both for one-time usage and to save an edited profile for future case usage. Import a Processing Profile into an FTK installation from a *.XML file. Export a processing profile from FTK in *.XML format for transfer to another computer or FTK user. Labs During the practical, participants get hands-on experience with creating and editing custom profiles. Participants also export a processing profile from FTK, then import an existing processing profile from an XML file.
Lab During the practical, participants create a PhotoDNA library data set then process files in a case against the library. Participants also add and remove files from the PhotoDNA library and import/export PhotoDNA library information. Module 4: FTK Log2Timeline Support Objectives Discuss the open source origins of Log2Timeline and some of the potential data types which can be imported into the format. Import a file created by Log2Timeline into FTK using the proper processing options. Use filters to view specific desired data contained in Log2Timeline files. Create a Custom Column Setting using properties specific to the Log2Timeline format. Bookmark Log2Timeline entries. Generate graphs and charts from the data in the Visualization interface. Lab During the practical, participants add Log2timeline files to FTK, then review the Log2timeline data in FTK. Additionally, participants create a custom column setting to view properties specific to the Log2Timeline format and create custom filters to filter Lot2Timeline data. Finally, participants view Log2Timeline entries in the Visualization interface.
For a complete listing of scheduled courses, visit http://www.accessdata.com/training/calendar-and-syllabi ©July 25, 2013 AccessData Group, LLC. – All rights reserved. Some topics and items in this class syllabus are subject to change. This document is for information purposes only. AccessData makes no warranties, express or implied, in this document. AccessData, AccessData Certified Examiner, ACE, AD, AD Summation, CaseScan, CaseVantage, CaseVault, Discovery Cracker, Distributed Network Attack, DNA, Forensic Toolkit, FTK, FTK Imager, iBlaze, Mobile Phone Examiner Plus, Password Recovery Toolkit, PRTK, Registry Viewer, SilentRunner, Summation, Summation Blaze, Summation Legal Technologies, Summation WebBlaze, The Key To Cracking It, Transender PLUS, Ultimate Toolkit, UTK, ViewerRT, and WebBlaze are trademarks of AccessData Group, LLC.in the United States and/or other countries. Other trademarks referenced are property of their respective owners.
AccessData FTK 5 Transition Day Forensic Toolkit / Password Recovery Toolkit
Intermediate • One-Day Instructor-Led Workshop (Continued) Module 5: Timeline Support for Bookmarked Items
Module 7: Social Analyzer II
Objectives Add timeline information to selected bookmarked items, including comments in date fields and manual timeline entries. Generate a CSV delimited file from the content of the timeline bookmarks for further analysis of bookmarked data.
Objectives Describe the basic Social Analyzer II functionality. Create screenshots of the Social Analyzer II window. Comment a screenshot. Add screenshots to a bookmark. Add screenshots into the FTK report.
Lab During the practical, participants add timeline information to bookmarked items, then create a timeline report of the bookmarked items. The timeline report is sorted and filtered in Excel and subsequently added back into a bookmark in FTK.
Lab During the practical, participants review the Social Analyzer II functionality and process information in the Social Analyzer window. Participants also add screenshots to a bookmark and the FTK report.
Module 6: Language Identification Objectives Identify and choose the proper processing options for the Language Identification function. Access the list of available languages within the FTK interface. Use Custom Column settings and properties specific to Language Identification. Create and use filters which isolate documents using a specified language. Lab During the practical, participants explore the basic and extended processing options for the Language Identification function in FTK. Participants also create a custom column setting to display item languages and build a languagespecific filter to isolate documents using a specified language.
Module 8: Parsing and Rebuilding Google Chrome History Objectives Identify processing options available for the Google Chrome history database. Identify artifacts created from additional processing of the Google Chrome history database. View rebuilt web pages from Google Chrome browsing activity. Lab During the labs, participants parse Google Chrome history and view rebuilt web pages from Google Chrome browsing activity. Module 9: FTK 5 Encryption Enhancements Objectives Send an encrypted file to PRTK from FTK. Add a decrypted file into FTK. Use FTK’s automatic decryption feature. Lab During the practical, participants send an encrypted file to PRTK from FTK, add the decrypted file back into FTK. Participants also decrypt files using FTK’s Automatic Decryption feature.
For a complete listing of scheduled courses, visit http://www.accessdata.com/training/calendar-and-syllabi ©July 25, 2013 AccessData Group, LLC. – All rights reserved. Some topics and items in this class syllabus are subject to change. This document is for information purposes only. AccessData makes no warranties, express or implied, in this document. AccessData, AccessData Certified Examiner, ACE, AD, AD Summation, CaseScan, CaseVantage, CaseVault, Discovery Cracker, Distributed Network Attack, DNA, Forensic Toolkit, FTK, FTK Imager, iBlaze, Mobile Phone Examiner Plus, Password Recovery Toolkit, PRTK, Registry Viewer, SilentRunner, Summation, Summation Blaze, Summation Legal Technologies, Summation WebBlaze, The Key To Cracking It, Transender PLUS, Ultimate Toolkit, UTK, ViewerRT, and WebBlaze are trademarks of AccessData Group, LLC.in the United States and/or other countries. Other trademarks referenced are property of their respective owners.
Intermediate • Three-Day Instructor-Led Course
®
®
The AccessData FTK 5 Transition Workshop introduces participants to the new features in FTK 5. Participants will learn how to use these new features to more effectively process a case and locate evidence This one-day workshop provides a hands-on introduction to the new features in FTK 5: Processing Profiles provide a way to save frequently used processing options in a profile for use in future cases. These profiles can also be shared between FTK users. During this course, participants are shown how to create and use processing profiles to more efficiently process case evidence. PhotoDNA is a technology that helps investigators identify illegal graphic images. Participants are shown how to create and manage PhotoDNA libraries in FTK, then process case files against PhotoDNA libraries. Log2Timeline is an open-source command line tool designed to take the input from a variety of source files for the purpose of exporting them into a format that can be used by a tool for timeline analysis. Participants import Log2Timeline files into FTK to harvest specific timeline data. To facilitate this process, participants create custom column settings and filters. Participants are also shown how to create graphs and charts from the Log2Timeline data in the FTK Visualization interface. FTK has expanded the Bookmark feature so investigators can include timeline information in bookmarks. During this module, participants add timeline information to bookmarked items, then create a timeline report of the bookmarked items. FTK 5 has the ability to identify elements of language in documents, spreadsheets, presentations, and email. During this module, participants process case evidence to identify language elements. Participants also create custom column settings to display item languages and build language-specific filters to isolate documents using a specified language. Social Analyzer II is designed to enhance analysis of communication by email by providing a graphical representation of patterns of communication between domains. During this module, participants use Social Analyzer II to identify significant relationships. After identifying a domain relationship, participants drill into the domain of interest to view individual e-mail address activity levels and communications patterns. FTK 5 has the ability to view Google Chrome’s history database as individual entries. During this module, participants parse Google Chrome history and view rebuilt web pages from Google Chrome browsing activity. FTK 5 provides enhanced integration between FTK and PRTK. Participants are shown how to utilize this functionality to more efficiently process encrypted files. The class includes multiple hands-on labs that allow students to apply what they have learned in the workshop. Prerequisites This hands-on class is intended for new users, particularly forensic professionals and law enforcement personnel, who use AccessData forensic software to examine, analyze and classify digital evidence. To obtain the maximum benefit from this class, you should meet the following requirements: Read and understand the English language. Perform basic operations on a personal computer. Have a basic knowledge of computer forensic investigations and acquisition procedures. Be familiar with the Microsoft Windows environment. Class Materials and Software You will receive the student training manual and CD containing the training material, lab exercises and class-related information. (Continued on next page)
For a complete listing of scheduled courses, visit http://www.accessdata.com/training/calendar-and-syllabi © July 25, 2013 AccessData Group, LLC. – All rights reserved. Some topics and items in this class syllabus are subject to change. This document is for information purposes only. AccessData makes no warranties, express or implied, in this document. AccessData, AccessData Certified Examiner, ACE, AD, AD Summation, CaseScan, CaseVantage, CaseVault, Discovery Cracker, Distributed Network Attack, DNA, Forensic Toolkit, FTK, FTK Imager, iBlaze, Mobile Phone Examiner Plus, Password Recovery Toolkit, PRTK, Registry Viewer, SilentRunner, Summation, Summation Blaze, Summation Legal Technologies, Summation WebBlaze, The Key To Cracking It, Transender PLUS, Ultimate Toolkit, UTK, ViewerRT, and WebBlaze are trademarks of AccessData Group, LLC.in the United States and/or other countries. Other trademarks referenced are property of their respective owners.
AccessData FTK 5 Transition Day Forensic Toolkit / Password Recovery Toolkit
Intermediate • One-Day Instructor-Led Workshop (Continued) Module 1: Introduction
Module 3: FTK PhotoDNA Feature
Topics Identify the FTK components. List the FTK and PRTK system requirements. Describe how to receive upgrades and support for AccessData tools. Install required applications and drivers.
Objectives Describe and discuss PhotoDNA functionality with FTK. Create a PhotoDNA library data set. Process files in a case against a PhotoDNA library. Export PhotoDNA data in *.CSV (Comma Separated Value) format. Import PhotoDNA data from a *.CSV file.
Lab Participants install the UTK components—FTK, KFF Library, FTK Imager, Registry Viewer, and PRTK. Module 2: FTK Evidence Processing Profiles Objectives Define a Processing Profile, along with the potential advantages of using them. Create a Processing Profile using several methods in the FTK interface. Edit an existing Processing Profile both for one-time usage and to save an edited profile for future case usage. Import a Processing Profile into an FTK installation from a *.XML file. Export a processing profile from FTK in *.XML format for transfer to another computer or FTK user. Labs During the practical, participants get hands-on experience with creating and editing custom profiles. Participants also export a processing profile from FTK, then import an existing processing profile from an XML file.
Lab During the practical, participants create a PhotoDNA library data set then process files in a case against the library. Participants also add and remove files from the PhotoDNA library and import/export PhotoDNA library information. Module 4: FTK Log2Timeline Support Objectives Discuss the open source origins of Log2Timeline and some of the potential data types which can be imported into the format. Import a file created by Log2Timeline into FTK using the proper processing options. Use filters to view specific desired data contained in Log2Timeline files. Create a Custom Column Setting using properties specific to the Log2Timeline format. Bookmark Log2Timeline entries. Generate graphs and charts from the data in the Visualization interface. Lab During the practical, participants add Log2timeline files to FTK, then review the Log2timeline data in FTK. Additionally, participants create a custom column setting to view properties specific to the Log2Timeline format and create custom filters to filter Lot2Timeline data. Finally, participants view Log2Timeline entries in the Visualization interface.
For a complete listing of scheduled courses, visit http://www.accessdata.com/training/calendar-and-syllabi ©July 25, 2013 AccessData Group, LLC. – All rights reserved. Some topics and items in this class syllabus are subject to change. This document is for information purposes only. AccessData makes no warranties, express or implied, in this document. AccessData, AccessData Certified Examiner, ACE, AD, AD Summation, CaseScan, CaseVantage, CaseVault, Discovery Cracker, Distributed Network Attack, DNA, Forensic Toolkit, FTK, FTK Imager, iBlaze, Mobile Phone Examiner Plus, Password Recovery Toolkit, PRTK, Registry Viewer, SilentRunner, Summation, Summation Blaze, Summation Legal Technologies, Summation WebBlaze, The Key To Cracking It, Transender PLUS, Ultimate Toolkit, UTK, ViewerRT, and WebBlaze are trademarks of AccessData Group, LLC.in the United States and/or other countries. Other trademarks referenced are property of their respective owners.
AccessData FTK 5 Transition Day Forensic Toolkit / Password Recovery Toolkit
Intermediate • One-Day Instructor-Led Workshop (Continued) Module 5: Timeline Support for Bookmarked Items
Module 7: Social Analyzer II
Objectives Add timeline information to selected bookmarked items, including comments in date fields and manual timeline entries. Generate a CSV delimited file from the content of the timeline bookmarks for further analysis of bookmarked data.
Objectives Describe the basic Social Analyzer II functionality. Create screenshots of the Social Analyzer II window. Comment a screenshot. Add screenshots to a bookmark. Add screenshots into the FTK report.
Lab During the practical, participants add timeline information to bookmarked items, then create a timeline report of the bookmarked items. The timeline report is sorted and filtered in Excel and subsequently added back into a bookmark in FTK.
Lab During the practical, participants review the Social Analyzer II functionality and process information in the Social Analyzer window. Participants also add screenshots to a bookmark and the FTK report.
Module 6: Language Identification Objectives Identify and choose the proper processing options for the Language Identification function. Access the list of available languages within the FTK interface. Use Custom Column settings and properties specific to Language Identification. Create and use filters which isolate documents using a specified language. Lab During the practical, participants explore the basic and extended processing options for the Language Identification function in FTK. Participants also create a custom column setting to display item languages and build a languagespecific filter to isolate documents using a specified language.
Module 8: Parsing and Rebuilding Google Chrome History Objectives Identify processing options available for the Google Chrome history database. Identify artifacts created from additional processing of the Google Chrome history database. View rebuilt web pages from Google Chrome browsing activity. Lab During the labs, participants parse Google Chrome history and view rebuilt web pages from Google Chrome browsing activity. Module 9: FTK 5 Encryption Enhancements Objectives Send an encrypted file to PRTK from FTK. Add a decrypted file into FTK. Use FTK’s automatic decryption feature. Lab During the practical, participants send an encrypted file to PRTK from FTK, add the decrypted file back into FTK. Participants also decrypt files using FTK’s Automatic Decryption feature.
For a complete listing of scheduled courses, visit http://www.accessdata.com/training/calendar-and-syllabi ©July 25, 2013 AccessData Group, LLC. – All rights reserved. Some topics and items in this class syllabus are subject to change. This document is for information purposes only. AccessData makes no warranties, express or implied, in this document. AccessData, AccessData Certified Examiner, ACE, AD, AD Summation, CaseScan, CaseVantage, CaseVault, Discovery Cracker, Distributed Network Attack, DNA, Forensic Toolkit, FTK, FTK Imager, iBlaze, Mobile Phone Examiner Plus, Password Recovery Toolkit, PRTK, Registry Viewer, SilentRunner, Summation, Summation Blaze, Summation Legal Technologies, Summation WebBlaze, The Key To Cracking It, Transender PLUS, Ultimate Toolkit, UTK, ViewerRT, and WebBlaze are trademarks of AccessData Group, LLC.in the United States and/or other countries. Other trademarks referenced are property of their respective owners.
