AccessData Forensic Toolkit (FTK)

Paths

AccessData Forensic Toolkit (FTK)

Authors: Phil Chapman, Larry Glusman

Forensic Toolkit (FTK) is computer forensics software, created by AccessData. It is a court-accepted, digital investigations software that includes many features and capabilities... Read more

This path will cover the basic tools within the FTK suite - FTK Imager, Registry Viewer and Password Recovery Toolkit (PRTK.) Then dive into use cases and analysis with FTK Suite.


  1. AccessData Forensic Toolkit (FTK) Imager
  2. AccessData Registry Viewer
  3. AccessData Password Recovery Toolkit (PRTK)
  4. Build a Case with the AccessData Forensic Toolkit (FTK) Suite
  5. Conduct Analysis with the AccessData Forensic Toolkit (FTK) Suite

Pre-requisites

  • No prerequisites needed for this path

AccessData Forensic Toolkit (FTK)

This path will cover the basic tools within the FTK suite - FTK Imager, Registry Viewer and Password Recovery Toolkit (PRTK.) Then dive into use cases and analysis with FTK Suite.

AccessData Forensic Toolkit (FTK) Imager

by Phil Chapman

Dec 23, 2020 / 1h 27m

1h 27m

Start Course
Description

FTK Imager is a widely used tool in forensic investigation. In this course, AccessData Forensic Toolkit (FTK) Imager, you’ll learn to how to quickly and accurately acquire and examine evidence as part of a computer related investigation. First, you’ll explore how to install and configure FTK Imager. Next, you’ll discover how to acquire a variety of image types and maintain the integrity of the original data. Finally, you’ll learn how to safely mount and examine the collected data and analyze captured evidence. When you’re finished with this course, you’ll have the skills and knowledge of using FTK Imager needed to be confident in the process of forensically imaging and analyzing collected data as part of an investigation.

Table of contents
  1. Course Overview
  2. Installation and Familiarization of the FTK Imager Interface
  3. Capturing Volatile and Protected Data Using FTK Imager
  4. Capturing a Forensic Image with FTK Imager
  5. Examining Evidence with FTK Imager

AccessData Registry Viewer

by Larry Glusman

Aug 19, 2021 / 1h 10m

1h 10m

Start Course
Description

Registry Viewer can be used to explore any captured registry and access the registry’s protected storage. In this course, AccessData Registry Viewer, you’ll learn to view and create reports about Windows registry files. First, you’ll explore Registry Viewer’s interface, so you can become comfortable with using the program. Next, you’ll discover how to use Registry Viewer to examine and search Windows registry files. Finally, you’ll learn how to create reports to show what you’ve found, in a standard format that other experts will understand. When you’re finished with this course, you’ll have the skills and knowledge of an AccessData Registry Viewer expert needed to view, search and report on a suspect’s Windows registry.

Table of contents
  1. Course Overview
  2. Understanding and Initializing Registry Viewer
  3. Exploring the Windows Registry
  4. Using Registry Viewer Search
  5. Creating Registry Viewer Reports

AccessData Password Recovery Toolkit (PRTK)

by Larry Glusman

Jun 15, 2021 / 1h 58m

1h 58m

Start Course
Description

If you need to gain access to password protected files, then PRTK is the tool for you. In this course, AccessData Password Recovery Toolkit (PRTK), you’ll learn to recover passwords so you can decrypt a variety of different file types. First, you’ll explore the Password Recovery Toolkit interface, so you’ll be comfortable with using the product. Next, you’ll discover how to create custom dictionaries and profiles to help find passwords in different situations. Finally, you’ll learn how to recover passwords from encrypted files and containers. When you’re finished with this course, you’ll have the skills and knowledge of a password recovery expert needed to discover and decrypt a wide variety of encrypted file types.

Table of contents
  1. Course Overview
  2. Understanding and Initializing Password Recovery Toolkit for First Use
  3. Identify Encrypted Files with FTK
  4. Use the Dictionary Tool in PRTK
  5. Use Rules and Profiles to Optimize Your Password Recovery Attacks
  6. Decrypting Files and Containers with PRTK