Scribd Logo
Upload

Welcome to Scribd!

  • 99 views

    ACE Certification Study Guide

    Uploaded by

    dumkoliveira
    The document provides a study guide for the ACE exam, listing topics in FTK Imager, Registry Viewer, PRTK, and the FTK Examiner application that an examiner needs to be familiar with to pass the exam. It also lists practical forensic abilities an examiner needs to demonstrate, such as analyzing registry files, decrypting files using PRTK, searching, and understanding how to find different types of artifacts using the various forensic tools.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd

    ACE Certification Study Guide

    Uploaded by

    dumkoliveira
    99 views2 pages
    The document provides a study guide for the ACE exam, listing topics in FTK Imager, Registry Viewer, PRTK, and the FTK Examiner application that an examiner needs to be familiar with to pass the exam. It also lists practical forensic abilities an examiner needs to demonstrate, such as analyzing registry files, decrypting files using PRTK, searching, and understanding how to find different types of artifacts using the various forensic tools.

    Original Description:

    ACE Certification Study Guide

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    The document provides a study guide for the ACE exam, listing topics in FTK Imager, Registry Viewer, PRTK, and the FTK Examiner application that an examiner needs to be familiar with to pass the exam. It also lists practical forensic abilities an examiner needs to demonstrate, such as analyzing registry files, decrypting files using PRTK, searching, and understanding how to find different types of artifacts using the various forensic tools.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Download as pdf or txt
    99 views2 pages

    ACE Certification Study Guide

    Uploaded by

    dumkoliveira
    The document provides a study guide for the ACE exam, listing topics in FTK Imager, Registry Viewer, PRTK, and the FTK Examiner application that an examiner needs to be familiar with to pass the exam. It also lists practical forensic abilities an examiner needs to demonstrate, such as analyzing registry files, decrypting files using PRTK, searching, and understanding how to find different types of artifacts using the various forensic tools.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Download as pdf or txt
    of 2

    ACE

    Study
    y Guide
    e
     

    **Thhe below stu udy guide is ddesigned to list the knowwledge topiccs 
    the e
    examiner ne eeds to be faamiliar with tto successfu
    ully pass the 
    exam
    m.  Also, liste
    ed at the botttom, are th practical ability 
    he topics of p
    an exxaminer willl need to passs the exam.  

    FTK Im
    mager 
    ‐ Encryption off image files 
    ‐ mage mountting 
    Im
    ‐ File Hash List creation 
    ‐ RAM Capture e 
    ‐ Im
    mage creatioon capabilitie
    es and formats 
    ‐ Drive identific
    D cation by Im
    mager 
    ‐ Im
    mage Summary output d details 

    Registrry Viewer 
    ‐ Difference be
    D etween Add to Report an nd Add to Reeport with C
    Children 
    ‐ Common Are eas 
    ‐ Registry View
    wer report crreation 
    ‐ Se
    earching witthin a registrry file using Registry Viewer 
    ‐ In
    nterface/pan
    ne descriptio ons and capaabilities 

    PRTK (Password
    d Recove
    ery Tool K
    Kit) 
    ‐ Golden Dictio
    G onary 
    ‐ Attack types 
    A
    ‐ Profiles and p
    profile creatiion 
    ‐ Dictionary ge
    D eneration 
    ‐ Custom profile creation 
    ‐ Stteps for adding files for decryption 

     
    FTK Examiner Application/Case Management Window 
    ‐ UTK tool integration  
    o Registry Viewer from within FTK 
    o PRTK/DNA from within FTK 
    ‐ KFF hash importing 
    ‐ Evidence processing options 
    ‐ Additional analysis abilities 
    ‐ Bookmarking 
    ‐ Index Searching 
    ‐ Live Searching 
    ‐ Interface 
    o Tab information and abilities to view data on specific tabs 
    o Dropdown menu options 
    o Right click menu options 
    o File Content pane abilities 
    o Toolbars 
    ‐ Ability to describe concepts described in question text, graphic or displayed video 
    ‐ Case Management Window abilities 
    ‐ Processing Profile Creation 
    ‐ Data carving abilities and output 
    ‐ FTK Reporting 
    ‐ FTK user assignment to cases and ability permissions 
    ‐ Filtering 

    Practical Usage of FTK abilities 
    Examiners will need to be able to do the following functions in FTK, RV, Imager, PRTK.  
    Examiners should also have basic to moderate forensic knowledge to be able to understand 
    what artifacts are being asked about and how to leverage FTK, RV, Imager or PRTK to find those 
    artifacts. 

    ‐ View and analyze Registry files 
    ‐ Decrypt files using PRTK 
    ‐ Use Live and Index Searching 
    ‐ Run all tab functionality 
    ‐ Use the KFF 
    ‐ Apply, create and/or import filters and column settings 
    ‐ Know how to find OCR data, Geolocation Data, and Metadata 

    You might also like