Forensic ToolKit V3.x (Gov 或 Corporate) 版本
AccessData Forensic Boot Camp 教育訓練課程
Forensic ToolKit V3.x (Gov 或 Corporate) 版本
FTK是數位鑑識領域中,非常有名的一套軟體,為AccessData公司生產,該公司成立於1987年,為早期就已在電腦鑑識領域從事開發研究的專業公司,目前FTK已普遍被各國的執法單位所採用,其直覺式的操作介面很適合閞始接觸電腦鑑識的人員所使用,FTK支援各種作業系統及檔案系統,且採用全文檢索式的資料搜尋技術可快速找到所需的關建數位證據檔案。
功能介紹:
Forensics report (產生鑑識報告)
各類檔案的分類檢索 (可快速針對不同格式的檔案進行瀏覽)
View Registry (檢視登錄檔)
Oracle Database (內建資料庫系統,支援強大的資料搜尋機制)
Password recovery (密碼破解,為PRTK選購模組)
Keyword search (關鍵字搜尋)
E-mail search (電子郵件搜尋)
NTFS support ( 支援NTFS格式)
FAT 16/32 support (支援FAT16/32格式)
EXT2/3 support (支援EXT2/3格式)
File Recovery (刪除檔案復原)
Imaging (映像檔製作及驗證)
Wipe Disk (清理磁碟紀錄)
Web History/Cookie/Cache/URLtyped (網路瀏覽紀錄檢視)
Files indexing (檔案建立索引)
支援KFF Hash library (內建4千5百萬個Hash資料供鑑識比對)
AccessData Forensic Boot Camp 教育訓練課程
AccessData Forensic Boot Camp 教育訓練課程為 AccessData 公司的專業認證課程,學員只要接受完此課程並擁有FTK合法授權,即可參加 ACE 的國際認證考試,本門課程的上課時間為5天, 參加本公司所規劃的訓練課程後,本公司將免費提供 ACE 認證的準備摘要電子檔。
Forensics Boot Camp 課程摘要:
Install and configure FTK and its components, FTK Imager, PRTK and its components, Registry Viewer and LicenseManager.
Use FTK Imager to preview evidence, export evidence files, create forensic images and convert existing images
Create and add evidence to a case in FTK
Use FTK to process and analyze documents, metadata, graphics and e-mail
Use bookmarks and check marks to efficiently manage and process case data
Update and customize the KFF database
Conduct Live, Indexed, Internet Keyword and Regular Expression searches in FTK
Import search lists for Indexed searches in FTK
Create reports that include exported files, custom logos and external information such as hash lists, search results, or PRTK password lists.
Use custom dictionaries and dictionary profiles to recover passwords in PRTK
Use the FTK Data Carving feature to recover BMP, GIF, JPEG, EMF, PDF, HTML and Microsoft Office documents
Utilize the index in FTK to create custom dictionaries for PRTK
Create regular expressions
Use the Registry Viewer to locate evidentiary information in Windows 9x, 2K and XP registry files
Use PRTK to recover user logon passwords from the Windows SAM file and decrypt files with extended ASCII passwords.
Integrate Registry Viewer with FTK
Use FTK and PRTK to recover EFS encrypted files on Windows 2000 and XP systems, including Windows XP SP1 and higher
Recover forensic information from Recycle Bin INFO2 files
Recover forensic information from Windows link files
Use PRTK to recover passwords from Microsoft Office documents, decrypt them, and display them in an FTK report in adecrypted format
The training includes hands-on labs that allow students to apply what they have learned to a mock case. These performancebased simulations are designed to help participants retain information learned during the training
