👹
Sleuthifer
  • What is this?
  • Digital Forensics
    • Cipher (Anti-forensics)
    • PowerShell History
    • File Carving
      • FAT32 File Carving
    • FTK Imager
      • Imaging & Verifying
    • Wireshark
      • Protocol Summary and DHCP
      • Follow TCP Stream and SMTP
  • Memory Analysis
    • Part 1: Memory and Volatility
  • Incident Response
    • You've been hit, popped or breached?
    • Threat Intelligence & Intrusion Analysis
  • Tools
  • Useful Links
Powered by GitBook
On this page
  • Intro
  • What is FTK Imager

Was this helpful?

  1. Digital Forensics

FTK Imager

A brief intro to FTK Imager

PreviousFAT32 File CarvingNextImaging & Verifying

Last updated 1 year ago

Was this helpful?

Intro

The idea of this article is to provide an overview of FTK Imager and some of the features it has and how to use them. You can download FTK Imager for free from and view the documentation at .

What is FTK Imager

FTK Imager is a digital forensics tool that allows you to preview and forensically image devices.

FTK utilizes a simple layout for imaging, mounting devices, hashing and memory capture. It is also a great wee tool if your are on scene and need to do some live acquisitions as it is small enough to be stored on a USB and be used to create logical acquisitions although best to do physical acquisitions back at the lab is possible.

If you are wondering FTK stands for it's... Forensic Toolkit.

https://accessdata.com/products-services/forensic-toolkit-ftk/ftkimager
https://support.accessdata.com/hc/en-us/articles/204056525-FTK-User-Guide