Homework answers / question archive / Lab 6 Introduction to FTK Purpose: To introduce some basic features of FTK

Lab 6 Introduction to FTK Purpose: To introduce some basic features of FTK

Computer Science

Share With

---

Lab 6

Introduction to FTK

Purpose: To introduce some basic features of FTK.

Preparation: Review user guide and lab video/slides (on Blackboard).

Application location: Virtual Computing Lab: FTK 5.0 / Windows 7

Evidence file: Mantooth.E01 (located in Forensic Data folder on VCL desktop)

Questions to answer:

1) What sector does Partition 1 begin in?

2) What is the physical size of Partition 2?

3) What is the volume serial number for Partition 1?

4) What is Wes Mantooth’s SID unique identifier?

5) When was the last time Wes Mantooth logged on?

6) How many times has Dracula logged on?

7) Which control set is being used?

8) What is the current time zone setting? Is the system set for Daylight Saving Time?

9) What Windows operating system (OS) is installed on the system?

What is the OS install date (UTC)?

10) What is Wes Mantooth’s Run MRU (Most Recently Used) list?

11) What is Jim Jobob’s screen name?

12) Who is the registered owner and what is the registered organization of this system?

13) Wes Mantooth mentions his dad and includes a picture of him in a letter to someone called “Sweetie.” Attach the picture of his dad that was included in the letter.

14) Wes Mantooth shared a letter to multiple email addresses. What country is the letter from and how much money do they say they want to transfer?

15) Wes Mantooth has an appointment titled “Combating Fraud and Corruption in the Public Sector.” What is the location of this appointment?

16) Wes Mantooth has written a confession and deleted the file. What are the contents of this file?