Digital Forensics investigation using FTK-Imager and Active Disk Editor
This report was written for the Digital Forensics Analysis coursework, specifically the first assignment. In which, steps and screenshots for each investigation process are recorded.
Throughout this investigation, the process was divided mainly into 4 sections. The first section is where the programs FTK and Active are introduced and the investigation is overviewed. The second section is concerned with building evidence, a virtual Hard disk drive image, and justifying why it was chosen. The third section presents the creation of a Virtual Hardisk Drive, and its partitions (primary and extended), then deleting two of them. The fourth section is about Evidence and file recovery.
- Using FTK Imager
- Using Active Disk Editor
