Guide
Running & Imaging from USB with
FTK IMAGER
Mohammed Aldossary - FCM 760
What is FTK imager?
ForensicToolkit (FTK) imager is a tool from AccessData to create forensic images of local hard drives, CDs and DVDs, USB flash drives, the entire folders, or separate files from several locations in the computer without making any changes to the original evidence that is being imaged. The forensic image is a perfect replica of the original one in every way, including file slack and unallocated space or drive free space. This will allow you to preserve the original media somewhere safe from harm while the investigation uses the forensic image.
Download & Installation
- Required Operating System: Windows OS - at least 4GB of RAM.
Go to FTK website on
Step 1:
- Download the tool from Exterro:
www.exterro.com/ftk-imager
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Nulla sit
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Nulla sit
Step 2:
- Run the installation Wizard.
- Click on "Next".
- Choose the destination folder.
- Click on "Next" and the installation will run and be completed.
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Nulla sit
Using FTK Imager
Here, we are going to learn how to add an evidence to create the image later.
(2) Click on the File menu and choose add Evidence Item to select the source evidence:
(1) Run FTK Imager.exe to start the tool:
* Here, you choose the source of your image, in this guide, we chose Physical drive. You can choose logical drive, image file, or entire folder.
* The dashboard of FTK Imager tool
Using FTK Imager
(3) Here, select the drive you want to image:
(4) Click on Finish button, then you will see the content of the drive:
* All the connected drives to the computer
* The partions of the imaged drive will be visible in "Evidence Tree".
Creating image
After adding the evidence, do the following steps in order to create an image of the evidence:
(2) Here, you select the image type and click on Next:
(3) Then, fill out evidence info and select image destination path:
(1) From the File menu, click on Export Disk Image:
* Click on "Verify images after they are created"
* Next, click on Finish to complete the Wizard and click on Start to begin the acquision.
Create USB bootable FTK Imager
After inserting the USB Flash Drive to the computer, we have to format the USB flash drive by doing the following steps:
(2) Select File system as NTFS, Name the USB and click on Start:
(3) Pop-up window shows Format Complete:
(1) Right-click the USB flash drive, and click on Format:
Create USB bootable FTK Imager
(4) Go to the following path: C:\Program Files\AccessData And copy the full folder
(5) Past the full "FTK Imager" folder inside the USB flash drive
(6) Inside the folder, click on FTK Imager.exe to run the tool from the USB.
Now, you can plug the USB on any computer and run FTK Imager without installation.
FTK Imager
MMM AAD
Created on February 14, 2023
Start designing with a free template
Discover more than 1500 professional designs like these:
View
January School Calendar
View
Genial Calendar 2026
View
Annual calendar 2026
View
School Calendar 2026
View
2026 calendar
View
January Higher Education Academic Calendar
View
School Year Calendar January
Explore all templates
Transcript
Guide
Running & Imaging from USB with
FTK IMAGER
Mohammed Aldossary - FCM 760
What is FTK imager?
ForensicToolkit (FTK) imager is a tool from AccessData to create forensic images of local hard drives, CDs and DVDs, USB flash drives, the entire folders, or separate files from several locations in the computer without making any changes to the original evidence that is being imaged. The forensic image is a perfect replica of the original one in every way, including file slack and unallocated space or drive free space. This will allow you to preserve the original media somewhere safe from harm while the investigation uses the forensic image.
Download & Installation
Go to FTK website on
Step 1:
- Download the tool from Exterro:
www.exterro.com/ftk-imagerLorem ipsum dolor sit amet, consectetur adipiscing elit. Nulla sit
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Nulla sit
Step 2:
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Nulla sit
Using FTK Imager
Here, we are going to learn how to add an evidence to create the image later.
(2) Click on the File menu and choose add Evidence Item to select the source evidence:
(1) Run FTK Imager.exe to start the tool:
* Here, you choose the source of your image, in this guide, we chose Physical drive. You can choose logical drive, image file, or entire folder.
* The dashboard of FTK Imager tool
Using FTK Imager
(3) Here, select the drive you want to image:
(4) Click on Finish button, then you will see the content of the drive:
* All the connected drives to the computer
* The partions of the imaged drive will be visible in "Evidence Tree".
Creating image
After adding the evidence, do the following steps in order to create an image of the evidence:
(2) Here, you select the image type and click on Next:
(3) Then, fill out evidence info and select image destination path:
(1) From the File menu, click on Export Disk Image:
* Click on "Verify images after they are created"
* Next, click on Finish to complete the Wizard and click on Start to begin the acquision.
Create USB bootable FTK Imager
After inserting the USB Flash Drive to the computer, we have to format the USB flash drive by doing the following steps:
(2) Select File system as NTFS, Name the USB and click on Start:
(3) Pop-up window shows Format Complete:
(1) Right-click the USB flash drive, and click on Format:
Create USB bootable FTK Imager
(4) Go to the following path: C:\Program Files\AccessData And copy the full folder
(5) Past the full "FTK Imager" folder inside the USB flash drive
(6) Inside the folder, click on FTK Imager.exe to run the tool from the USB.
Now, you can plug the USB on any computer and run FTK Imager without installation.