Practice Lab Nov 26
In this lab we will work with ACE Image.AD1 file from FTK Certification Exam website.
Document your finding in Word file and submit on Canvas
Process the ACE Image.AD1 file with the Standard Processing (FTK Standard) profile.
Process and display with time zone (Eastern with Daylightsavings). ADD ADDITIONAL PROCESSING
ITEMS - Follow the Processing Options posted on Canvas
Answer the following questions
Go to the Overview Tab and check File Status > KFF Alert Files. At this point you MUST
HAVE 0 files in that category. CONFIRM!
Use Thumbhashes.csv file (see on Canvas) to perform KFF analysis
Follow the lab on pages 509-510 #4 - #22 and using file above that you just saved
instead of Thumbdrive Hashes in #7 and #17.
After KFF lookup is complete, go to the Overview Tab again and check File Status > KFF Alert Files.
List the number of files you currently have in KFF Alert
Import Filter file (see on Canvas). Filter the case with the imported filter. How many files are filtered?
Click the Overview Tab(reference pages: 332 - 337)
- Expand File Status
- How many Bad Extensions files are found?
Still in File Status, look on Encrypted Files. How many Encrypted Files are in this
image? How many EFS (Encryption File System) encrypted files? (Hint: look on the brown key
next to the file name and in the Category Column)
Expand File Category Container
Follow page 397 to view registry files and find the information below:
Confirm operating system
Number of users and SID for one user of your choice
Find Time Zone
Click the EMAIL Tab
- Expand Email Status container
- How many Email Reply are found
- Expand Email by Date
- List the year and month of submitted and delivered e-mails
- How many email attachments are in this image?
Decrypt the following file: Daniel Ocean Bio.doc. Document all
steps and the found password. Submit decrypted file along with Word
summary file.