How to Capture memory | Analyse Disk Image | Custom Encryption & Decryption in FTK Imager Software ✔

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

foreign software to download the software go to this optic extra website download the software from there today's topic like how are we covering today how to create the disk scheme as mounting and mounting process and capture memory analyzing the restroom panel and what I have I will suggest you one thing like a created schemas of for like 2GB or 1GB in which uh performs all these operations of ftk measures else folder contains too much too many files so it will take too many much times to perform some actions and all so I will suggest you to play create a different Discord driver for like some limited size of 1GB or 2GB let us look at our first topic how to create the disk image go to the ftk images software this is how it looks like okay so to create a dischemist click on the file then create this image choose the logical wrap then next choose the e Drive like I have just told you that I will perform the various operation inside that only click on finish now click on ADD button then raw data Roddy click on this case number like I will give anything any random number I will give description as any examiner as my name and I will give notes as a first disk okay and click on the next browse the file like to where I want to create and you remember one thing like you will always have to uh you should always create the file different from this in that e folder I will browse the then click on the uh this PC I will inside the D I will make a new folder like first capture okay and then click on OK foreign I will give this size as 50. then click on finish click on start it will take some time and it will create the disk image so you can see the creation of disk image has been uh like in the process it is getting completed uh it will show the different kinds of properties and all click on close and then you can see it is a completed click on close and I will check that where it is uh like created so inside the D I have given the name as first capture so you can see here all these files are available here what is this so this is uh inside the e Drive like inside the e Drive I have taken the I have created the D schemas of these files okay these are the files which is available inside my idra now let us look at how to unmount and unmount our disk drive okay for uh to unmount click on the file then image mounting then choose the uh path of the uh you have just created the like in the first capture I will choose this first file then click on OK and keep it as by default click on mount button so uh it will do the mounting of the file like what is mounting so it will create the different disk like removable disk drive and in which all the files will be available there you can see earlier it was my drivers only in c d and e but now the F Drive is there okay whatever files was there in the e Drive so all these things are there in the app drive also okay so this is this is the image mounting now uh I will do the unmounting of that disk drive like f Drive which is just created I will do the amount so choose that file inside the mapped image list and click on unmount okay when you will click then uh it will get removed you can see here in the file uh CD only CD and E is there earlier it was there f f was there but now it is not okay so this is how we do unmounting now let us look at our our next topic which is how to capture the memory so to capture the memory click on the files then capture memory then browse and you can browse inside the any folder like in the days PC I will choose e then OK and then give the any name like I have given here mem dump by default it is there now click on capture memory so it will take uh too much time so I will not do that you can check by yourself and it will create create the memory dump name as the memdom.net okay now let us look at our next topic which is uh analyzing the image Dom so to analyze them as them like imagine we have just created the inside that D like here you can see this is first capture so I will Analyze This go to the optic images software click on file and then click on the add evidence item then choose the mouse jump like okay choose image file then next then browse and inside the D inside the first capture choose the first file then click on open and click on finish you can see our tree is there okay in which all the datas are there like orphan recycle bin is there like whatever it will get deleted it will present here uh inside the below foot you can see the file which was there inside my e Drive so it is present here also okay So This Is How We Do analyze and what you will do if you want to remove the tree you can right click and remove the video it will remove now let us look at our next topic which is a custom content ad encryption and decryption encryption like I will make a file like password protected okay and after that I will do the decryption of that image like I will remove the password and I will show you how to decrypt and all let us look at the encryption part what we'll do uh for encryption file then add evidence item choose them as file then click on next choose the click on browse file then this first file I will choose then open then finish okay after that uh from the tree uh what I will do I encrypt this MLM as mlms.png file is there so I will encrypt that for encrypting the file what you will do uh you will right click then add to custom content image ad1 two we will choose that option what I will do it will display the file here custom content Source let me show you click the on add custom content you can see here it is getting added now choose that file from here click on create image then this window will appear then click on ADD then add the details like 101 evidence number as uh number is also like 100 encryption as a I will give him file image encrypt examiner I will give as my names and I will give like this is file this is file now we'll click on next and I will give the folder where I want to uh means take that encrypted file I will choose the a drive inside that I will make a new folder like encrypted I will keep the folder name as encrypted click on OK then image file has a first encrypt okay and fragments either like 50 so it will not take too much time after filling all the process do not forget to add to tick this button use Ed encryption click this then click on okay tick that button make sure and click on finish and it will ask you for the password now I will give password as one two three four simple password I will keep okay click on OK now click on start it will encrypt the file like a ml file I have just encrypted it it will show the details click on close and it is completed now click on close now let me show you inside the file like in the e Drive I have just created a folder name encrypted go to that folder and you can see this is encrypted file this is like text file is there and our second one is encrypted file name what is that that is the image ml image I have added the password and now let's see how to decrypt the file uh choose the now let me remove this tree for decrypting the file click on file add evidence item click on image file then browse and then I choose the file like inside the E drive it was encrypted okay now choose that file click on open and now click on finish it will ask you for the password so the password you have just uh given during the encryption time you will choose that password only one two three four like I will show you and I click on OK now you can see the trees present here and when you will extend that tree you can see here the ml image is there after the decryption so this is how we decrypt the file now let us see the next uh a topic like obtaining the system files how to obtain the system file for obtaining uh click on files then obtain protected files click on browse and choose any file like I will choose edrad then click on password registry for our registry files and click on OK so it will take some time and it will give you the like all the files details and all of the e Drive so this was all about the like topics of the ftk measure software like I have created like so this was all about the application software uh and the details so if you have any uh issue uh during the performing any operations and all right [Music] [Laughter] so I was just joking so you can put down your queries in the comment box if you have any problem and let us meet in the next video like if you have any suggestions you can put down your queries and all thank you [Music] foreign [Music] foreign [Music] [Music]

Info

Channel: 𝕰𝖆𝖘𝖊𝕷𝖔𝖌𝖎𝖈

Views: 1,044

Rating: undefined out of 5

Keywords: Capture Memory with FTK Imager, Analyse Disk Image using FTK imager, Custom Encryption & Decryption in FTK Imager, FTK IMAGER - Capturing Memory, Mount and Unmount Disk in Ftk imager, Forensic Memory Acquisition in Windows - FTK Imager, Access Data - Forensic Tool Kit (FTK) Imager - Capture Memory, Forensic Acquisition in Windows - FTK Imager, FTK imgager, Forensics, YOutube, Hacking, wifi driver issue in laptop, wifi driver window 10, window 10 ftk imager, ftk imager install, ftk, shiv

Id: NCIadN05XhQ

Channel Id: undefined

Length: 13min 5sec (785 seconds)

Published: Tue May 02 2023