Creating a Forensic Image using FTK Imager/Encase Imager | Cyber Forensic practical 1

Aim : Creating a Forensic Image using FTK Imager/Encase Imager :
- #CreatingForensicImage
- Check Integrity of Data
- Analyze Forensic Image


Creating Forensic Image
1. Click File, and then Create Disk Image, or click the button on the tool bar.
2. Select the source evidence type you want to make an image of and click Next.
3. Select the source evidence file with path.
Click on “add” to add image destination
4. In the Image Destination Folder field, type the location path where you want to save the image file, or click Browse to find to the desired
Location.

Note: If the destination folder you select is on a drive that does not have sufficient free space to store the entire image file, FTK Imager prompts for a new destination folder when all available space has been used in the first location. In the Image Filename field, specify a name for the image file but do not specify a file extension.

5. After adding the image destination path click on finish and start the image processing.
6. After the images are successfully created, click Image Summary to view detailed file information, including MD5 and SHA1 checksums.


#AnalyzeForensicImage:
Click on Add Evidence Item to add evidence from disk, image file or folder.

Now select the source evidence type as image file.

Open the created evidence image file

Now select Evidence Tree and analyze the image file.