Digital Forensics with FTK Imager (TryHackMe Advent of Cyber Day 8)

First time using FTK Imager. I put it on the list to add to my toolkit. Thanks for bringing it to light, it was fun!

famuellersman

First time using FTK Imager for me to. Learned alot! As always great tasks and easy to follow along with the text. Didn´t even need to watch your video to solve the tasks. Hopefully I can go back to school again this spring and start my career at cybersecurity for real. You have been a big inspiration for me to start learning more.

ToPPzi

FTK is pretty cool, you can also use it create hashes of files/tools for comparison before and after moving them to another location (ie from your forensic workstation to an evidence collection hard drive)

xxm

FTK Imager is super sweet!
thank you for the walkthrough!

wolfyyybandz

That was plain easy task for John. FTK is a basic stuff every DFIR begginer should now from the ground up :)

JAMikdiena

Helping me again, as always John. Much appreciation, as always!

westramey

Today's task has been awesome with John Hammond... can't wait for for the next one...

nervesecurityco

The world should learn how to analyze a hacking incident through computer forensics softwares (FTK, Encase, AXIOM, FEX, NUIX, UFED, Oxygen, etc...)

oguzbey

This tool, is really cool and now is part of my toolkit really interesting forensics thanks!

Roku

Lol i always try and solve and then watch the walktrough.. I did the exact same steps you took even the first png what didnt contain it.
only i veryvied via the menu option.
Was fun!

Only downside, the countdown of the virtual machine begins after starting it. so it takes 4 minutes from your play time to complete.
ofcourse this one didn't need much time, but could be a problem for some people in other challeges.

PandaBero

John Hammond is the GOAT! Thanks for making these videos!

hjaldrgegnir

Totally digging advent of cyber 23. I think they get better every year

ryanhernandez

I remember trying to plug in malware infected thumb drives into a company computer. They had antivirus immediately delete and cleaned every file on the thumb drive before I even opened up My Computer windows to go to the thumb drive 😂

Darkregen

FTK imager is a great free tool that is not only used for initial viewing the evidence files but it is powerful when it comes to make an image of a physical device like HD or USB, and also you can create a memory (RAM) Dump using FTK imager. Also, you can export the windows protected files (Windows Registry) from running Windows machine. And many more.

CyDig

Fyi. You can change the RDP resolution by right clicking on the RDP file, selecting edit, and going to the display tab. You do need to be disconnected first. Hit save to keep the setting saved to the RDP file you were editing. Or editing it in notepad works as well. Doesn't work well when doing videos, of course.
This is more for the noobies than anything.

CowBoy

Thanks just finished it now/ let's get it😅

TureIMasterEquality

Coming here to say that I didn't watch any walkthrough. Progress compared to last year

rianxFFF

Feel sorry for whoever needed to use the walkthrough on this

BD..

@john Hammond sir where did learn Ethical hacking course suggest me guide me sir

ManiKandan-umev

We need file carving please, I mean carve the deleted file from the disc

hehehehme