Scribd Logo
Upload

Welcome to Scribd!

  • 523 TYCS Chinmay CF Input

    Uploaded by

    Chinmay Gujar
    15 views15 pages
    The document provides steps to create a forensic image using FTK Imager/Encase Imager and analyze the forensic image. It also provides steps to recover and inspect deleted files using Autopsy, including checking for deleted files, recovering them, and analyzing and inspecting the recovered files. Key steps include selecting the source evidence, adding an image destination, analyzing the forensic image in Evidence Tree, creating a new case in Autopsy, selecting the source as a local disk, viewing deleted files, extracting recovered files to an export folder, and generating a report.

    Original Description:

    Original Title

    523 TYCS Chinmay Cf Input

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    The document provides steps to create a forensic image using FTK Imager/Encase Imager and analyze the forensic image. It also provides steps to recover and inspect deleted files using Autopsy, including checking for deleted files, recovering them, and analyzing and inspecting the recovered files. Key steps include selecting the source evidence, adding an image destination, analyzing the forensic image in Evidence Tree, creating a new case in Autopsy, selecting the source as a local disk, viewing deleted files, extracting recovered files to an export folder, and generating a report.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    15 views15 pages

    523 TYCS Chinmay CF Input

    Uploaded by

    Chinmay Gujar
    The document provides steps to create a forensic image using FTK Imager/Encase Imager and analyze the forensic image. It also provides steps to recover and inspect deleted files using Autopsy, including checking for deleted files, recovering them, and analyzing and inspecting the recovered files. Key steps include selecting the source evidence, adding an image destination, analyzing the forensic image in Evidence Tree, creating a new case in Autopsy, selecting the source as a local disk, viewing deleted files, extracting recovered files to an export folder, and generating a report.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    of 15

    Chinmay Gujar CF TYCS/523

    Q1 Creating a Forensic Image using FTK Imager/Encase Imager : Creating Forensic ,ImageCheck
    ,Integrity of DataAnalyze Forensic Image

    1. Click File, and then Create Disk Image, or click the button on the tool bar.

    2. Select the source evidence type you want to make an image of and click Next.
    Chinmay Gujar CF TYCS/523

    3. Select the source evidence file with path

    Click on “add” to add image destination

    4. In the Image Destination Folder field, type the location path where you want to save the

    image file, or click Browse to find to the desired location.

    After adding the image destination path click on finish and start the image processing.
    Chinmay Gujar CF TYCS/523

    6. After the images are successfully created, click Image Summary to view detailed file

    information, including MD5 and SHA1 checksums.

    Click on Add Evidence Item to add evidence from disk, image file or folder.

    Now select the source evidence type as image file.


    Chinmay Gujar CF TYCS/523

    Open the created evidence image file

    Now select Evidence Tree and analyse the image file


    Chinmay Gujar CF TYCS/523
    Chinmay Gujar CF TYCS/523

    Q2) Recovering and Inspecting deleted files: Check for Deleted Files,Recover the Deleted
    Files, Analysing and Inspecting the recovered files

    Step 1: Start Autopsy from Desktop.

    Step 2: Now create on New Case

    Step 3: Enter the New case Information and click on Next Button
    Chinmay Gujar CF TYCS/523

    Step 4: Enter the additional Information and click on Finish

    Step 5: Now Select Source Type as Local disk and Select Local disk form drop down list and
    click on

    Next.
    Chinmay Gujar CF TYCS/523

    Step 6: Click on Next Button


    Chinmay Gujar CF TYCS/523

    Step 7: Now click On Finish.


    Chinmay Gujar CF TYCS/523

    Step 8: Now Autopsy window will appear and it will analyzing the disk that we have selected
    Chinmay Gujar CF TYCS/523

    Step 9: All files will appear in table tab select any file to see the data

    Step 10:Expand the tree from left side panel to view the document files

    Step 11: To recover the file, go to view node=>gt; Deleted Files node , here select any file
    and right click
    Chinmay Gujar CF TYCS/523

    on it than select Extract Files option.

    Step 12: By default Export folder is choose to save the recovered file
    Chinmay Gujar CF TYCS/523

    Sep 13 : Now Click on Ok.

    Step 14: Now go to the Export Folder to view Recover file


    Chinmay Gujar CF TYCS/523

    Step 15: Click on Generate Report from autopsy window and Select the Excel format and
    click on next

    Step 16: Now Report is Generated So click on close Button .we can see the Report on Report
    Node
    Chinmay Gujar CF TYCS/523

    Step 17: Now open the Report folder and Open Excel File.

    You might also like