Scribd
Upload
14 views11 pages

Multimedia Assignment

Assignment

Uploaded by

koutilya209
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
14 views11 pages

Multimedia Assignment

Assignment

Uploaded by

koutilya209
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 11

MULTIMEDIA ASSIGNMENT

SUBMITTED BY: SIVIN MOHAN


ER.NO: 012301000030002016

A) Creating forensic image from a pen drive using


FTK Imager.
i) Go to “FTK imager” and open it.

ii) Go to “file” and choose “create disk images” from


the options.
iii) A dialogue box will appear with many options
choose “physical drive” from that.

iv)Then proceed to next button.


v) Then select the source drive, in which you will
have to select your particular pen drive which you
have inserted in your device.

vi)Then proceed to the “finish” button.


vii) Then a dialogue box will appear with many
options from which you have to select “E01”.

viii) Now select the desired image location and also


select the fragment size and compression both to
“0”
ix) Now enter the required information.
x) Image creating process will start now and it will
take some time depending on your pen drive’s
storage .

xi) Once the process is completed a box with hash


details will appear Infront of you.
B) Extraction of the data from the image created
using AUTOPSY.
1) Go to “Autopsy” and open it and then click on
the “new case” option from the screen.

2) Now fill the case information and select the


location where you earlier saved your image which
was created by FTK Imager and then click on
“finish” button.
3) After that a dialogue box will appear with optional
information fill that also and then proceed to the
“Finish button”.

4) Another dialogue box will appear in that select


“Generate new host name based on data source
name” and the click on “Next” Button.
5) Another dialogue box will appear from that select
“Disk image or VM file” and then click on
“Next” button.

6) After that another dialogues box will appear in


that you have to select the desired location where
you saved the created image and the click on
“Next” button.
7) Another box will appear in that select “Recent
activity” and the click on “Next” button.

8) After that a box will appear which will notify that


the process has started and the files are being
recovered and below there fill be “Finish” button
click on it.
9) Once the process is completed on the left hand
side of the screen you will see many options from
that select “Deleted files” , after that on the right
side you can see the restored files.

10) Click on the files you want to restore and the


select extract from the options.

11) After successfully restoring the deleted files now


close the file and tab.
C) Now I am attaching the recovered files here :

This the “image01” and another ppt with title


“SWGDE Best practices for computer forensics”
which I am attaching with this document.

IMPORTANT DETAILS:

1) Tools Used: FTK Imager and Autopsy


2) Case no: 2016
3) Evidence no:23-24
4) Examiner name: Sivin Mohan
5) Case name: CA-1
6) Files recovered: image01 and SWGDE Best
Practices for Computer Forensics.

THANK YOU !!!!!!!!!!!!

You might also like