Digital Forensics with FTK Imager (TryHackMe Advent of Cyber Day 8)
j-h.io/christmas || Jump into the TryHackMe Advent of Cyber -- play for free and win prizes! j-h.io/aoc23
Free Cybersecurity Education and Ethical Hacking
🔥KZread ALGORITHM ➡ Like, Comment, & Subscribe!
🙏SUPPORT THE CHANNEL ➡ jh.live/patreon
🤝 SPONSOR THE CHANNEL ➡ jh.live/sponsor
🌎FOLLOW ME EVERYWHERE ➡ jh.live/discord ↔ jh.live/twitter ↔ jh.live/linkedin ↔ jh.live/instagram ↔ jh.live/tiktok
💥 SEND ME MALWARE ➡ jh.live/malware
Пікірлер: 43
First time using FTK Imager. I put it on the list to add to my toolkit. Thanks for bringing it to light, it was fun!
@hrajrhakobjan5258
7 ай бұрын
Autopsy is FTK imager on steroids
First time using FTK Imager for me to. Learned alot! As always great tasks and easy to follow along with the text. Didn´t even need to watch your video to solve the tasks. Hopefully I can go back to school again this spring and start my career at cybersecurity for real. You have been a big inspiration for me to start learning more.
FTK is pretty cool, you can also use it create hashes of files/tools for comparison before and after moving them to another location (ie from your forensic workstation to an evidence collection hard drive)
The world should learn how to analyze a hacking incident through computer forensics softwares (FTK, Encase, AXIOM, FEX, NUIX, UFED, Oxygen, etc...)
That was plain easy task for John. FTK is a basic stuff every DFIR begginer should now from the ground up :)
FTK Imager is super sweet! thank you for the walkthrough!
Today's task has been awesome with John Hammond... can't wait for for the next one...
@nervesecurityco
7 ай бұрын
Was really timing it today since the it's all about DFIR
Lol i always try and solve and then watch the walktrough.. I did the exact same steps you took even the first png what didnt contain it. only i veryvied via the menu option. Was fun! Only downside, the countdown of the virtual machine begins after starting it. so it takes 4 minutes from your play time to complete. ofcourse this one didn't need much time, but could be a problem for some people in other challeges.
Helping me again, as always John. Much appreciation, as always!
This tool, is really cool and now is part of my toolkit really interesting forensics thanks!
You make it so simple. Thank you.
I remember trying to plug in malware infected thumb drives into a company computer. They had antivirus immediately delete and cleaned every file on the thumb drive before I even opened up My Computer windows to go to the thumb drive 😂
I love FTK Imager!!
Totally digging advent of cyber 23. I think they get better every year
FTK imager is a great free tool that is not only used for initial viewing the evidence files but it is powerful when it comes to make an image of a physical device like HD or USB , and also you can create a memory (RAM) Dump using FTK imager. Also, you can export the windows protected files (Windows Registry) from running Windows machine. And many more.
@ancestrall794
7 ай бұрын
Thanks for the tips, I was wondering today how to do a RAM dump
John Hammond is the GOAT! Thanks for making these videos!
Thanks. The task was simple and fun.
Advent of Cyber is awesome!
Fyi. You can change the RDP resolution by right clicking on the RDP file, selecting edit, and going to the display tab. You do need to be disconnected first. Hit save to keep the setting saved to the RDP file you were editing. Or editing it in notepad works as well. Doesn't work well when doing videos, of course. This is more for the noobies than anything.
A grest teacher with so much love
Cool topic for a challenge!
great quality
Good one
Coming here to say that I didn't watch any walkthrough. Progress compared to last year
Thanks just finished it now/ let's get it😅
Feel sorry for whoever needed to use the walkthrough on this
WOW sir excellent ❤
Thanks A LOOOOT ❤
@john Hammond sir where did learn Ethical hacking course suggest me guide me sir
We need file carving please, I mean carve the deleted file from the disc
@cv1849
7 ай бұрын
As you can see in the video, the file is not really "deleted", it is only dereferenced. You could just export it out. But to carve you would just search for the file header signature and the file footer.
@hehehehme6293
7 ай бұрын
@@cv1849 yeah sorry, I posted the comment right before watching the video, I taught he just gonna show the disc that can be act as rubber ducky
B4DM755, maybe bad mode 755, a file with wrong unix access rights?
Please help me sir 😭
First comment
pin me Merry Christmas for you all
you may find this useful, it could be used for other ways, John, watch?v=qAuPoAQImo0