Lab 2 - Forensic Imaging

This document provides instructions for a computer forensics lab involving acquiring memory and disk images using forensic tools. The objectives are to capture memory using DumpIt, create a forensic disk image of a USB drive using FTK Imager, and examine files within the disk image. Specific steps include using DumpIt to capture volatile memory, installing and using FTK Imager to create a disk image of a USB drive, recording metadata about the image, and exploring the image file structure to find previously copied files.

Uploaded by

Carlos Alberto Mendes Betinho

Available Formats

Download as PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

195 views

Lab 2 - Forensic Imaging

Uploaded by

Carlos Alberto Mendes Betinho

Available Formats

Download as PDF, TXT or read online on Scribd

You are on page 1/ 2

IFCI – Cybercrime Investigator Computer Forensics Course

Lab #2 – Forensic Acquisitions

Objectives:
 Use DumpIt.exe to capture memory from a live system
 Use FTK Imager to make a live forensic image of a USB drive
 Practice navigating and exporting files from a forensic image using FTK Imager.

1. Put the executable DumpIt in a directory that will serve as the storage location for the volatile
memory evidence. *Note: This location would normally be an external device because you
never want to write to your own evidence drive. However, for the purposes of this lab, feel free
to store the volatile memory on the host system.

2. Double click DumpIt and respond to the program’s question.

3. Install FTK Imager 3.01
4. Take a small USB drive (Preferably less than 1GB) and insert it into your computer.
5. Copy a folder containing some files of your choice onto the USB drive.
6. Open FTK imager.
7. Select File > Create Disk Image, choose Physical Image and click next.
8. Select the Physical Device that represents your USB device. (Likely \\.\PHYSICALDRIVE1). Click
Finish.
9. Under the Image Destination(s) box, click the Add… button.
10. Choose Raw (dd) and click Next.
11. Add case information of your own choosing.
12. Choose a Destination folder to save your forensic image in and give the image a file name.
13. Click Finish.
14. Remove the checkmark from Verify images after they are created. This will run a second hash of
your image file. In the real world, this is a good idea but it would increase the time it takes to do
this lab in class, so we will not verify the image.
15. Once your forensic image is completed, click the image summary box. Record the following
information:
MD5 Hash:
Source Data Size:
Sector Count:

w w w. c y b e r c r i m e i n v e s t i g a t o r s . c o m
1
IFCI – Cybercrime Investigator Computer Forensics Course
Lab #2 – Forensic Acquisitions

16. Select File > Add Evidence Item.

17. Check Image File and select Next.
18. Browse to your forensic image file. If it is multi‐segmented, then only select the first one (.001)
19. Explore the folder structure of the image, note the files that you saved there previously.

w w w. c y b e r c r i m e i n v e s t i g a t o r s . c o m
2

Black Hat Rust
83% (6)
Black Hat Rust
357 pages
Computer Hacking Forensic Investigator
100% (1)
Computer Hacking Forensic Investigator
20 pages
Forensic Analyses With FTK Imager PDF
0% (1)
Forensic Analyses With FTK Imager PDF
8 pages
As 400 Interview Questions
100% (2)
As 400 Interview Questions
50 pages
Intelligence Report Final
No ratings yet
Intelligence Report Final
145 pages
CF Lecture 07-Memory Forensics
100% (2)
CF Lecture 07-Memory Forensics
54 pages
Selenium L2
33% (3)
Selenium L2
81 pages
cyber forencis
No ratings yet
cyber forencis
60 pages
Cyber Forensics Shailesh
No ratings yet
Cyber Forensics Shailesh
74 pages
Lecture-6 Part 1 Windows Digital Forensics - Disk Imaging
No ratings yet
Lecture-6 Part 1 Windows Digital Forensics - Disk Imaging
2 pages
Cf-practical 1 - 6
No ratings yet
Cf-practical 1 - 6
51 pages
FTK Image
No ratings yet
FTK Image
27 pages
Digital Forensics Tutorials Acquiring An Image With FTK Imager
No ratings yet
Digital Forensics Tutorials Acquiring An Image With FTK Imager
10 pages
Certificacion Ad Forensics 5-Day Parte 2 de 2
No ratings yet
Certificacion Ad Forensics 5-Day Parte 2 de 2
6 pages
Computer Forensics
No ratings yet
Computer Forensics
62 pages
DFOR510 HW1 Imaging Sanitizing
No ratings yet
DFOR510 HW1 Imaging Sanitizing
6 pages
Practicle2-2022UIN3370
No ratings yet
Practicle2-2022UIN3370
8 pages
Image Acquisition Tutorial
No ratings yet
Image Acquisition Tutorial
13 pages
Dfprac Bhav
No ratings yet
Dfprac Bhav
12 pages
Assignment 2
No ratings yet
Assignment 2
5 pages
Experiment-1: Hardware Interface
No ratings yet
Experiment-1: Hardware Interface
23 pages
DF-CONTENTHALF[1]
No ratings yet
DF-CONTENTHALF[1]
14 pages
CF Munotes
No ratings yet
CF Munotes
70 pages
FTK Complete Practical Guide
No ratings yet
FTK Complete Practical Guide
43 pages
CF Code Final
No ratings yet
CF Code Final
6 pages
Company Name Employee Turnover Manual v1
No ratings yet
Company Name Employee Turnover Manual v1
17 pages
Static Malware Analysis Techniques
100% (1)
Static Malware Analysis Techniques
15 pages
Evidence Acquisition: Lab: Disk Imaging
No ratings yet
Evidence Acquisition: Lab: Disk Imaging
7 pages
DIgital Forensics DA 3
No ratings yet
DIgital Forensics DA 3
8 pages
CAP797
No ratings yet
CAP797
35 pages
SEM5 TYCS Cyber Forensic
No ratings yet
SEM5 TYCS Cyber Forensic
2 pages
Lab7.docx
No ratings yet
Lab7.docx
10 pages
Forensics and Incident Response-Question BANK - Fair For Students
No ratings yet
Forensics and Incident Response-Question BANK - Fair For Students
5 pages
IY467 Lab 2 - Imaging A Drive
No ratings yet
IY467 Lab 2 - Imaging A Drive
7 pages
NDG Forensicsv2 Lab 01
100% (1)
NDG Forensicsv2 Lab 01
34 pages
Multimedia Assignment
No ratings yet
Multimedia Assignment
11 pages
CF Lab File
No ratings yet
CF Lab File
27 pages
Forensic
No ratings yet
Forensic
18 pages
Computer Forensics Notes
No ratings yet
Computer Forensics Notes
7 pages
Memory Forensics
No ratings yet
Memory Forensics
8 pages
DF Team
No ratings yet
DF Team
4 pages
Order ID 420877749 Forensic Imaging and Virtual Machine Analysis
No ratings yet
Order ID 420877749 Forensic Imaging and Virtual Machine Analysis
8 pages
Memory forensic
No ratings yet
Memory forensic
5 pages
CHFI 9.0 Syllabus
No ratings yet
CHFI 9.0 Syllabus
19 pages
LO - 2 - Data Capture and Memory Forensics
No ratings yet
LO - 2 - Data Capture and Memory Forensics
51 pages
Chfi Computer Hacking Forensic Investigator Ec Chfi
No ratings yet
Chfi Computer Hacking Forensic Investigator Ec Chfi
4 pages
Comprehensive Guide On FTK Imager 1697449736
No ratings yet
Comprehensive Guide On FTK Imager 1697449736
30 pages
Current Computer Forensics Tools
No ratings yet
Current Computer Forensics Tools
65 pages
DFIR Lab Manual
No ratings yet
DFIR Lab Manual
27 pages
Cyber Security Da1 Name: Sreaya.V (21BIT0098) A1+TA1 Slot Cyber Forensics Workshop DAY 1 (12 April, 2024)
No ratings yet
Cyber Security Da1 Name: Sreaya.V (21BIT0098) A1+TA1 Slot Cyber Forensics Workshop DAY 1 (12 April, 2024)
19 pages
lab manual for digital forensics
No ratings yet
lab manual for digital forensics
43 pages
DF Final
No ratings yet
DF Final
24 pages
Digital_Forensics_Cheatsheet
No ratings yet
Digital_Forensics_Cheatsheet
2 pages
Forensics
No ratings yet
Forensics
3 pages
Day-19
No ratings yet
Day-19
5 pages
Guide To Computer Forensics and Investigations Fourth Edition
No ratings yet
Guide To Computer Forensics and Investigations Fourth Edition
67 pages
Computer Hacking Forensic Investigator Chfi v9
0% (2)
Computer Hacking Forensic Investigator Chfi v9
5 pages
DF Module 3
No ratings yet
DF Module 3
29 pages
1-Uses of FTK Imager
No ratings yet
1-Uses of FTK Imager
20 pages
Guide To Computer Forensics and Investigations Fourth Edition
No ratings yet
Guide To Computer Forensics and Investigations Fourth Edition
57 pages
Investigative Process
No ratings yet
Investigative Process
20 pages
Guide To Computer Forensics and Investigations: Data Acquisition
No ratings yet
Guide To Computer Forensics and Investigations: Data Acquisition
16 pages
Ultimate Hacking Challenge: Hacking the Planet, #3
From Everand
Ultimate Hacking Challenge: Hacking the Planet, #3
sparc Flow
5/5 (2)
Digispark HID Attacks 2020
100% (1)
Digispark HID Attacks 2020
68 pages
Creating Shellcodes in The Win32 Environment
No ratings yet
Creating Shellcodes in The Win32 Environment
34 pages
Lab4 Instruction Part2
No ratings yet
Lab4 Instruction Part2
22 pages
Netfilter and System Security Services
No ratings yet
Netfilter and System Security Services
22 pages
Entering The System by The Backdoor
No ratings yet
Entering The System by The Backdoor
8 pages
The Socialist Phenomenon
No ratings yet
The Socialist Phenomenon
325 pages
Analysis and Incident Response
No ratings yet
Analysis and Incident Response
12 pages
Hiding Files Using Kernel Modules
No ratings yet
Hiding Files Using Kernel Modules
22 pages
Practical Examples of Remote Attacks
No ratings yet
Practical Examples of Remote Attacks
20 pages
5 Ethical Hacking Malware Threats m5 Slides
No ratings yet
5 Ethical Hacking Malware Threats m5 Slides
22 pages
Vulnerability Assessment
No ratings yet
Vulnerability Assessment
20 pages
The Osint Cyber War 2021-02-22
No ratings yet
The Osint Cyber War 2021-02-22
26 pages
SQL Injection Slides
No ratings yet
SQL Injection Slides
8 pages
Raw Logs
No ratings yet
Raw Logs
14 pages
Security Concepts
No ratings yet
Security Concepts
15 pages
4.1 EtterCap-TCPdump-Wireshark
No ratings yet
4.1 EtterCap-TCPdump-Wireshark
2 pages
1.1 IDOR - Slides
No ratings yet
1.1 IDOR - Slides
12 pages
3 Ways To Hack CCTV Cameras
0% (1)
3 Ways To Hack CCTV Cameras
3 pages
Software Engineering: Phd. Trần Khánh Dung
No ratings yet
Software Engineering: Phd. Trần Khánh Dung
156 pages
Log
No ratings yet
Log
24 pages
MSSQL Interview Questions
100% (1)
MSSQL Interview Questions
32 pages
Netwrix Auditor For Exchange: Quick-Start Guide
No ratings yet
Netwrix Auditor For Exchange: Quick-Start Guide
28 pages
How Ansible Automation Can Improve DBA's Life?: Nicolas Penot, Dbi Services
No ratings yet
How Ansible Automation Can Improve DBA's Life?: Nicolas Penot, Dbi Services
10 pages
Peer-To-Peer File Sharing
No ratings yet
Peer-To-Peer File Sharing
6 pages
Magento 2 Quick Tips Ebook by Fooman
No ratings yet
Magento 2 Quick Tips Ebook by Fooman
25 pages
Queue Data Structure
No ratings yet
Queue Data Structure
25 pages
R12 Check Funds Results in Error PSA_BC_XLA_PUB.budgetary_Control Returns an Error Without Any Details to the Calling Procedure PO_ENCUMBRANCE_POSTPROCESSING.execute_gl_call (Doc ID 1556430.1)
No ratings yet
R12 Check Funds Results in Error PSA_BC_XLA_PUB.budgetary_Control Returns an Error Without Any Details to the Calling Procedure PO_ENCUMBRANCE_POSTPROCESSING.execute_gl_call (Doc ID 1556430.1)
2 pages
Dalchand Sharma: Company Designation Experience Role Technologies
No ratings yet
Dalchand Sharma: Company Designation Experience Role Technologies
3 pages
Oracledocs
No ratings yet
Oracledocs
6 pages
Video Citation & Indexing
No ratings yet
Video Citation & Indexing
1 page
Settings Provider
No ratings yet
Settings Provider
90 pages
Supplier Approval, Monitoring & Evaluation
100% (1)
Supplier Approval, Monitoring & Evaluation
3 pages
PHP PDF
No ratings yet
PHP PDF
17 pages
Java Chapter 1
No ratings yet
Java Chapter 1
11 pages
Assignment of UML Diagram of Library Management System
No ratings yet
Assignment of UML Diagram of Library Management System
10 pages
Sap Abap SQL Select Statements With Examaple
No ratings yet
Sap Abap SQL Select Statements With Examaple
5 pages
REST in Practice - Part I
No ratings yet
REST in Practice - Part I
76 pages
RPA Module 1 Notes
No ratings yet
RPA Module 1 Notes
21 pages
Towards Dynamic Execution Semantics in Semantic Web Services
No ratings yet
Towards Dynamic Execution Semantics in Semantic Web Services
9 pages
Cka - Practice Questions
No ratings yet
Cka - Practice Questions
7 pages
Ciprian Pustianu - DB Consolidation With Multitenant
No ratings yet
Ciprian Pustianu - DB Consolidation With Multitenant
36 pages
FCUBS FD01!01!01 Development Overview Guide
No ratings yet
FCUBS FD01!01!01 Development Overview Guide
25 pages
College Management System
67% (3)
College Management System
9 pages
Code Better With Abap in Eclipse: Exercises/Solutions Thomas Fiedler, Chris Swanepoel, Sebastian Wolf / SAP SE
100% (1)
Code Better With Abap in Eclipse: Exercises/Solutions Thomas Fiedler, Chris Swanepoel, Sebastian Wolf / SAP SE
52 pages
Scope of Work Cyber Audit 1
No ratings yet
Scope of Work Cyber Audit 1
21 pages
D365
No ratings yet
D365
8 pages

Lab 2 - Forensic Imaging

Uploaded by

Lab 2 - Forensic Imaging

Uploaded by

IFCI – Cybercrime Investigator Computer Forensics Course

Lab #2 – Forensic Acquisitions

2. Double click DumpIt and respond to the program’s question.

16. Select File > Add Evidence Item.

You might also like