Introduction

Welcome to this week’s exploration of digital forensics and current trends in cybersecurity. I’ll be delving into the intricacies of the Forensic Toolkit (FTK) software, offering insights into its features and applications in digital investigations.

Major Topic: Forensic Toolkit (FTK) – A Digital Forensics Deep Dive

Overview: FTK, developed by AccessData, an Exterro Company, is a pivotal tool in digital forensics, compatible with a range of imaging sources. This overview will illuminate its interface, evidence handling capabilities, and versatile processing options.

In the realm of digital forensics, the Forensic Toolkit (FTK) by AccessData stands as a beacon of utility and adaptability. Developed by an Exterro Company, FTK is renowned for its ability to process images from a plethora of device imaging sources, underscoring its importance in the industry. This week, we dive into the multifaceted features of FTK, exploring its interface, the process of adding evidence, and the myriad possibilities it offers forensic investigators.

Upon launching FTK, users are greeted with a clean, intuitive interface that lists the cases on the FTK server. The main menu, comprising five headings — “File”, “Database”, “Case”, “Tools”, and “Help” — guides users through its functionalities. Of these, the ‘Database’ and ‘Case’ menus are most frequently used, with ‘Case’ being particularly pivotal for case management. Creating a new case is straightforward: one simply needs to provide a Case Name, reference, description, and case directory, with more options available under ‘disabled options’.

Adding evidence to a case reveals FTK’s versatility. The software accepts a wide range of evidence types, catering to various investigative needs. Whether the focus is on picture or video processing, or a more comprehensive forensic processing which examines digital artefacts common to digital forensics, FTK offers tailored processing profiles to suit the specifics of each investigation.

As the investigation progresses, the main window opens up, presenting seven main menu headers, each with its unique role in the investigative process. Among these, ‘View’, ‘Evidence’, and ‘Filter’ are particularly useful. Below these menus, additional tools like buttons and a filter drop-down aid in narrowing down the investigation focus. The ‘Define’ button, for instance, allows for the creation of custom filters, while the ‘Quick Pick’ feature facilitates the selection of a folder and its sub-folders in one click — a boon when a parent folder of interest is identified.

FTK’s layout includes three viewing areas: ‘File Content’, ‘File List’, and ‘Evidence Items’, each offering a different perspective on the data. The ‘File Content’ window, with tabs for Hex, Text, Filtered, and Natural views, provides a detailed examination of the selected file. The ‘File List’ displays files based on selection or filtering in the ‘Evidence Items’ window, incorporating colour coding for quick reference — for example, red for encrypted files and purple for bookmarked ones. Understanding these colour codes is crucial, especially when adjusting to different organisational standards.

The ‘Evidence Items’ window is where FTK’s versatility truly shines. It hosts various tabs that change depending on the file types present in the evidence. Standard tabs like ‘Explore’, ‘Overview’, and ‘Bookmarks’ are complemented by search functions like ‘Live Search’ and the faster ‘Index Search’, enhancing the investigative process.

This broad overview of FTK barely scratches the surface of its extensive features, such as data carving, deleted file retrieval, timeline analysis, and advanced filtering. These powerful capabilities make FTK a vital tool in the arsenal of any digital forensic investigator, offering insights and efficiency in equal measure. Stay tuned for more detailed tutorials on these features in future posts.

Podcasts I Listened To

• Business Wars: Toys “R” Us vs KB Toys Episode 3 https://open.spotify.com/episode/5cf4jGS0i53dr2RKdOJI1q?si=z999GA-STHu8wFZVfmG8ZQ
• Business Wars: Toys “R” Us vs KB Toys Episode 4 https://open.spotify.com/episode/5RhrTvcxuY1cr9kmUiknTo?si=V7BguY-cTVaMPuDaUJg9Xw
• Business Wars: Toys “R” Us vs KB Toys Episode 5 https://open.spotify.com/episode/2peSekWJ6BaB8gQoNSkoir?si=nrMS6gxlTAC1LF682V7cwQ

Interesting General News Headlines

1. https://www.bbc.co.uk/news/world-us-canada-67861852 A warm cheese burger as  the first meal after being rescued is very curious to me. The potentials of Cyber Kidnapping though especially with OSINT is quite scary
2. https://source.android.com/docs/security/bulletin/2023-12-01 Android December security bulletin 
3. https://www.wired.com/story/worst-hacks-2023/ Worst Hacks of 2023
4. https://www.wired.com/story/most-dangerous-people-2023/ Most Dangerous people of 2023 by wired
5. https://www.wired.com/story/google-100-android-security-issues-critical-update/#intcid=_wired-verso-hp-trending_172f5dca-a61a-4f0e-bce2-44bfb13a1670_popular4-1 
6. https://cybermagazine.com/articles/rapid7-predictions-for-the-world-of-cyber-in-2024 Predictions for 2024
7. https://thehackernews.com/2024/01/russian-hackers-had-covert-access-to.html how many systems are currently passively compromised? 
8. https://www.securityweek.com/ripe-account-hacking-leads-to-major-internet-outage-at-orange-spain/ 
9. https://techcrunch.com/2024/01/04/orrick-law-firm-data-breach/  would a data breach law firm also hire a data breach law firm, sinister but funny

Conclusion

In the upcoming week, I’m excited to explore the potential risks associated with Picture Generative AI and the phenomenon of cyber-kidnapping which can be found here.

Stay tuned for more in-depth discussions on emerging technologies and their implications for cybersecurity. For further interaction and updates, follow me on my social media channels.