I am working on a class assignment where we have a USB drive that we have to forensically analyze. FTK was one of the forensics tools that was mentioned to us; however, the free version will not analyze if there are more than 5,000 files.
I am in that situation right now. Is there other software that I can use in order to complete my assignment?
Thanks.
Is there other software that I can use in order to complete my assignment?
I would have expected the assignment to be created to be doable with a tool that you had access to. That is, I'd start from your course and your course instructor.
There is free software, but if they will take you through your assignment, I can't say.
For one list, try the 'Tools' entry on ForensicWiki, particularly the 'Open Source' subentry. Autopsy may be a starting point, as may the SANS SIFT Kit (which is not listed there, but is easily found through most web search engines).
Is there other software that I can use in order to complete my assignment?
I would have expected the assignment to be created to be doable with a tool that you had access to. That is, I'd start from your course and your course instructor.
There is free software, but if they will take you through your assignment, I can't say.
For one list, try the 'Tools' entry on ForensicWiki, particularly the 'Open Source' subentry. Autopsy may be a starting point, as may the SANS SIFT Kit (which is not listed there, but is easily found through most web search engines).
The school lab computers have a license for FTK. Just that they are in a VM which pass the USB files in at USB 1.0 speeds. I am trying to find something that I can use to do this analysis on my custom PC at home.
It might be helpful if you explain what you are trying to achieve?
I am working on a class assignment where we have a USB drive that we have to forensically analyze.
Can you describe what you mean by this? Recover deleted files? A USB drive does not normally have a valid operating system on it…though it can…so, what is it that you're trying to achieve?
Also, what school & class is it for?
FTK was one of the forensics tools that was mentioned to us;
What are the names of the other tools?
jaclaz
FTK was one of the forensics tools that was mentioned to us; however, the free version will not analyze if there are more than 5,000 files.
As others have stated, it's difficult to give good advice if we don't know what the assignment is. Nevertheless, the following observation may be helpful. When I assigned my class to download and use FTK Imager (and even embedded the link), some students misunderstood and attempted to install and use the full FTK product. You may want to check with your instructor what was meant by FTK.
I am working on a class assignment where we have a USB drive that we have to forensically analyze. FTK was one of the forensics tools that was mentioned to us; however, the free version will not analyze if there are more than 5,000 files.
I am in that situation right now. Is there other software that I can use in order to complete my assignment?
Thanks.
Why not use this opportunity to learn how to research and discover tools, rather than being spoon fed a list of programs for conducting examinations?
The CF community is a great resource, but it is not an answer machine either. Sometimes you have to go it alone.
By not giving you a list of programs to use (or even previously in the course), that may be the teacher's intention.
Then again, maybe the teacher assumes you will do the assignment at school, where they have the FTK licenses, and not at home.
The USB was meant to be a bootable drive. In this case, the USB I am analyzing was a Windows drive.
I used Autopsy and found alternate text in a file on the Desktop referring to encrypted files being stored.
I also found an e-mail history with 5 or 6 image files attached to the message. I pulled out "Key is SHA1 Five Character Hash" and then a reference to a "WHITE RABBIT."
There is also a mention of a program which I discovered to be Invisible Secrets. It seems like those image files will lead me to the keyphrase I need to unlock whatever is being hidden inside Invisible Secrets.
I am not sure how to proceed from where I currently stand though. Any advice on the next steps?