Forensic Imaging Activity

ForensicImaging Activity

Aforensic image includes multiple or single hard drive (s), CD(s),DVD(s) and floppy disk(s)[ CITATION Lev10 l 1033 ].Imaging the subject media is referred to as forensic imaging.The creation of forensic image entails detailed process[ CITATION Cou13 l 1033 ].Therefore, this paper presents the methodology for imaging hard diskthrough use of FTK Imager.

Methodologyfor imaging a hard disk using FTK Imager

  1. Download the FTK imager from http://accessdata-ftk-imager.software.informer.com/3.1/ and run it to get it installed in the windows.

Afterthe installation is complete, this window will open

  1. Click the “Add Evidence Item” button and choose “Physical Drive” from “Select Source” dialogue box.

  1. From the drop down menu displayed, select the drive that corresponds with the thumb drive to image

Uponclicking the finish button, the drive selected is added to theinterface of FTK Imager.

  1. Right-click on PHYSICALDRIVE object within the Evidence Tree and select “Export Disk Image…”

  1. Click “Add” from “Create Image” dialogue box, click “Raw (dd)” from the resulting “Select Image Type” dialogue box, and fill in different administrative data in “Evidence Item Information” dialogue box.

  1. Click “Next” as shown above, use “Select Image Destination” dialogue box and perform the following tasks:

    1. Use “Browse” button to set the desktop as image destination.

    2. Give the name of the image (without file extension).

    3. The image fragment should be set to “0”.

    4. Click “Finish”.

  1. Check the boxes “Verify images after they are created” and “Precalculate Progress Statistics” options and click “Start” on “Create Image” dialogue box.

  1. Screenshot

References

Coudyzer, W. (2013). Forensic Imaging and More. Journal of Forensic Radiology and Imaging 1(2), 81.

Levy, A., &amp Theodore, H. (2010). Essentials of Forensic Imaging: A Text-atlas. Boca Raton (Fla.): CRC.