Notifications
Clear all

Google Searches  

  RSS
mawk
 mawk
(@mawk)
New Member

I have a case that possibly involves child injury/neglect.
I need to see as much as I can involving the suspect's search history.
I have made an Image of the HDD using imager and have brought that into FTK

I'm a newbie and would appreciate any help

Thanks

Quote
Posted : 14/11/2018 7:15 pm
randomaccess
(@randomaccess)
Active Member

I haven't got experience using ftk
But I would recommend you do some training before you present evidence in a case
Because you need to know what you're doing before you affect someone's life…

There are a number of different options for training ranging from iacis bcfe and sans for 500 tool agnostic training to encase and ftk specific training

Either way, that should be a priority before presenting evidence…

ReplyQuote
Posted : 15/11/2018 5:25 am
FoxtonForensics
(@foxtonforensics)
New Member

You may find the following blog post provides some useful background information on where searches are stored by Chrome and Firefox, and how to parse search terms from URLs found in any part of web browser history.

https://www.foxtonforensics.com/blog/post/building-a-history-of-search-terms

ReplyQuote
Posted : 15/11/2018 8:00 pm
Bunnysniper
(@bunnysniper)
Active Member

I haven't got experience using ftk
But I would recommend you do some training before you present evidence in a case
Because you need to know what you're doing before you affect someone's life…

+1
If you are a newbie, mawk, start with forensics by analyzing common malware. Once you are more technical experienced and made some trainings for evidence handling, you can work on more critical cases.

regards,
Robin

ReplyQuote
Posted : 15/11/2018 9:18 pm
jpickens
(@jpickens)
Active Member

Because you need to know what you're doing before you affect someone's life…

exactly.

ReplyQuote
Posted : 16/11/2018 9:08 pm
UnallocatedClusters
(@unallocatedclusters)
Senior Member

First create a “Key Word” list based upon people’s names, cell phone numbers, email addresses and other potentially relevant terms.

Your Key Word list should be shared with counsel for input and revisions.

Run your Key Word searches in FTK and tag potentially relevant hits.

Review your tagged potentially relevant hits with counsel.

Revise, refine, rinse and repeat until you have reasonably identified all potentially relevant evidence to your matter.

ReplyQuote
Posted : 17/11/2018 4:19 pm
Share: