FTK Imager – Toolkit to Acquire Forensic Image

Creating an image to investigate a security incident is the first step that Incident responder will perform to not lose any artifact or evidence about the attack. If you are looking for a toolkit to preview data and creating an image or to acquire data (evidence) in a forensically sound manner without making changes to the original evidence you can check FTK Imager.

FTK Imager - Toolkit to Acquire Forensic Image

FTK Imager – Toolkit to Acquire Forensic Image

Some of the features for FTK Imager are:

  • Create forensic images of local hard drives, CDs and DVDs, thumb drives or other USB devices, entire folders, or individual files from various places within the media.
  • Preview files and folders on local hard drives, network drives, CDs and DVDs, thumb drives or other USB devices.
  • Preview the contents of forensic images stored on the local machine or on a network drive.
  • Mount an image for a read-only view that leverages Windows Internet Explorer® to see the content of the image exactly as the user saw it on the original drive.
  • Export files and folders from forensic images.
  • See and recover files that have been deleted from the Recycle Bin, but have not yet been overwritten on the drive.
  • Create hashes of files to check the integrity of the data by using either of the two hash functions available in FTK Imager: Message Digest 5 (MD5) and Secure Hash Algorithm (SHA-1).
  • Generate hash reports for regular files and disk images (including files inside disk images) that you can later use as a benchmark to prove the integrity of your case evidence. When a full drive is imaged, a hash generated by FTK Imager can be used to verify that the image hash and the drive hash match after the image is created, and that the image has remained unchanged since acquisition.

There are several options to run the tool one of them is a light version portable on USB stick or run the full installation on the required system.

You can read more and download the latest version over here: https://accessdata.com/product-download/ftk-imager-version-4.2.0

Notify of
Inline Feedbacks
View all comments