Escolar Documentos
Profissional Documentos
Cultura Documentos
Table of Contents
Preface
2
Methodology
Test Environment
Manual Best Use
Warning
Resources Needed
Steps 1, 2, 3, 4
Plug in USB
Open FTK Imager
Add Evidence
Steps 5, 6
4
Verify Drive
Steps 7, 8
5
Record Hash Values
Create Disk Image
Steps 9, 10
6
Select Drive
Steps 11, 12
Steps 15, 16
Steps 13, 14
Page | 1
Preface:
This instructional manual will provide the necessary procedures to create a bit for bit copy of a
storage media such as a USB flash drive or Hard Disk Drive. This procedure will specifically
explain how to acquire an image of a USB flash drive, but the procedure should work with any
storage device connected to a computer.
Methodology:
The basic methodology of this procedure will be to connect a USB flash drive to a computer and
use software to create a bit for bit copy of the data on the drive, and validate that the data is
the same.
Testing Environment:
This procedure will take place on a personal computer running Microsoft Windows 10 operating
system.
Manual Best Use:
It is best to review the procedure once before starting, and then follow the procedure step by
step to ensure the procedures are followed accurately.
Warning:
Although this procedure is relatively safe, take care to use caution while working with
electronic components that are powered on. Also ensure that the procedure is followed in a
static free environment to prevent damage to electronic components due to static electricity.
Resources Needed:
This procedure will require a computer running Microsoft Windows with an internet
connection, and FTK Imager 3.1.1. FTK Imager can be downloaded for free at accessdata.com.
Page | 2
Procedure Steps:
Step 1: Plug the USB storage device containing data into a USB port on the computer.
Step 3: From the menu bar of FTK Imager, click on File and select Add Evidence Item:
Page | 3
Step 5: Select the USB Drive from the drop down menu and click Finish:
Step 6: From the FTK Imager menu bar, select File then select Verify Drive/Image:
Page | 4
Step 7: Record the MD5 and SHA-1 hash values resulting from the verify drive process:
Step 8: From the FTK Imager menu bar, select File and Create Disk Image:
Page | 5
Step 9: Select Physical Drive and click the Next > button:
Step 10: Select the USB flash drive from the drop down menu and click Finish:
Page | 6
Step 12: Select Raw (dd) and click the Next > button:
Page | 7
Step 13: Fill out the appropriate text fields and click the Next > button:
Step 14: Set an appropriate path and filename to store the created image, set the fragment
size to 0, to create one image file and click Finish:
Page | 8
Step 16: Once the image process completes, compare the produced MD5 and SHA-1 hash
values to the values recorded in Step 7 to ensure that they are the same. This indicates that a
bit for bit copy of the USB flash drive has been successfully created.
Page | 9