Scribd
Upload
2 views

cyberforensicspract

cf

Uploaded by

krutikaruke9869
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
2 views

cyberforensicspract

cf

Uploaded by

krutikaruke9869
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 12

Cyber Forensics

PRACTICAL 1
Aim : Creating a Forensic Image using FTK Imager/Encase Imager :

- Creating Forensic Image

- Check Integrity of Data

- Analyze Forensic Image

a. Creating Forensic Image

Click File, and then Create Disk Image

Select the source evidence type you want to make an image of and click
Next.

CS-5133
TYCS
Cyber Forensics

Select source evidence file with path and click on finish

Click on “add” to add image destination

CS-5133
TYCS
Cyber Forensics

Click Next, In the Image Destination Folder field, type the location path
where you want to save the image file, or click Browse to find to the desired
location.

CS-5133
TYCS
Cyber Forensics

After adding image destination path click on finish and start image processing

b. Check Integrity
Click on image summary

After the images are successfully created, click Image Summary to view
detailed file information, including MD5 and SHA1 checksums.

CS-5133
TYCS
Cyber Forensics

c. Analyze Forensic Image


Click on evidence item to add evidence from disk, image file or folder

Now select the source evidence type as image file

CS-5133
TYCS
Cyber Forensics

Open created evidence image file and click on finish

Now select Evidence Tree and analyse the image file

CS-5133
TYCS
Cyber Forensics

Practical 3
Aim: Forensic Case Study: Solve the Case Study (Images File)
provided in lab using Encase Investigator or Autopsy.
Step 1: Open Autopsy and Create a New Case.

Step 2: Enter Case Name and Base Directory where case will be stored.

CS-5133
TYCS
Cyber Forensics

Step 3: Enter other details and Click on Finish.

Step 4: Add Data Source on which Case Study is to be done.

CS-5133
TYCS
Cyber Forensics

Step 5: Add Data Source Type and Select Local Disk for entire Disk or Logical
files for a particular file or folder. Select Logical Files in our Case.

Step 6: Select the Disk and Click on Finish.

CS-5133
TYCS
Cyber Forensics

Step 7: Select different operations to be performed on the disk and Click on


Next.

Step 8: Click on Finish.

CS-5133
TYCS
Cyber Forensics

Step 9: You can see all the files including deleted files and all details
regarding the files.

CS-5133
TYCS
Cyber Forensics

CS-5133
TYCS

You might also like