For faster services, inquiry about  new assignments submission or  follow ups on your assignments please text us/call us on +1 (251) 265-5102

WhatsApp Widget

Purpose: To introduce some of the FTK Imager features which include some of the core functions related to acquiring case evidence. Application location: Virtual Computing Lab Preparation: Review user guide and lab video/slides (on Blackboard) Evidence file: Washer.E01 file (located in \144.175.196.12Forensic DataWasher.E01) Questions to answer: 1. Who was the examiner for this drive and what software was used to acquire this image? 2. How many sectors are on this drive? 3. What is the volume serial number for t

Purpose: To introduce some of the FTK Imager features which include some of the core
functions related to acquiring case evidence.
Application location: Virtual Computing Lab
Preparation: Review user guide and lab video/slides (on Blackboard)
Evidence file: Washer.E01 file (located in \144.175.196.12Forensic DataWasher.E01)
Questions to answer:
1. Who was the examiner for this drive and what software was used to acquire this
image?
2. How many sectors are on this drive?
3. What is the volume serial number for the WASHER volume?
4. When was the [root] directory created? Provide the full timestamp.
5. What is the file system and operating system of Partition 1?
6. What is the purpose of the pagefile.sys file?
7. What is the starting cluster for the pagefile.sys file?
8. What is the Master File Table (MFT)? Why is it important?
9. What is the MFT record number of the MFT?
10. What is the MFT record number for the WINDOWS directory?
11. Convert Washer.E01 into the AFF format. Password protect the image with the
password “password123”. Save it on the desktop and call it Washer. Put
your last name in place of . Insert a picture of the new file(s) using the
Snipping Tool.
12. Load the new image into FTK Imager to verify that the password is set. Insert a picture
of the window asking for the password using the Snipping Tool.
13. Mount the Washer.E01 image. Attach a picture of the hard disk drives connected to
the computer showing the mounted image. Unmount the image.

WhatsApp
Hello! Need help with your assignments?

For faster services, inquiry about  new assignments submission or  follow ups on your assignments please text us/call us on +1 (251) 265-5102

Submit Your Questions to Writers for FREE!!

X
GET YOUR PAPER DONE