Day 8 - “Have a Holly, Jolly Byte!”
The primary objectives of this challenge were :
- Analyse digital artefacts and evidence.
- Recover deleted digital artefacts and evidence.
- Verify the integrity of a drive/image used as evidence.
In this task we used FTK imager to recover deleted files and folders, and to verify drive/image integrity
FTK Imager is a forensics tool that allows forensic specialists to acquire computer data and perform analysis without affecting the original evidence, preserving its authenticity, integrity, and validity for presentation during a trial in a court of law.
FTK Imager presents three distinct modes for displaying file content, arranged sequentially from left to right, each represented by icons enclosed in yellow:
- Automatic mode: Selects the optimal preview method based on the file type. It utilises Internet Explorer (IE) for web-related files, displays text files in ASCII/Unicode, and opens unrecognised file types in their native applications or as hexadecimal code.
- Text mode: Allows file contents to be previewed as ASCII or Unicode text. This mode is useful for revealing hidden text and binary data in non-text files.
- Hex mode: Displays files in hexadecimal format, providing a detailed view of file data at the binary (or byte) level.
Here is the walkthrough of Day 8.
No comments:
Post a Comment