I have a case that possibly involves child injury/neglect.
I need to see as much as I can involving the suspect's search history.
I have made an Image of the HDD using imager and have brought that into FTK
I'm a newbie and would appreciate any help
Thanks
I haven't got experience using ftk
But I would recommend you do some training before you present evidence in a case
Because you need to know what you're doing before you affect someone's life…
There are a number of different options for training ranging from iacis bcfe and sans for 500 tool agnostic training to encase and ftk specific training
Either way, that should be a priority before presenting evidence…
You may find the following blog post provides some useful background information on where searches are stored by Chrome and Firefox, and how to parse search terms from URLs found in any part of web browser history.
https://
I haven't got experience using ftk
But I would recommend you do some training before you present evidence in a case
Because you need to know what you're doing before you affect someone's life…
+1
If you are a newbie, mawk, start with forensics by analyzing common malware. Once you are more technical experienced and made some trainings for evidence handling, you can work on more critical cases.
regards,
Robin
Because you need to know what you're doing before you affect someone's life…
exactly.
First create a “Key Word” list based upon people’s names, cell phone numbers, email addresses and other potentially relevant terms.
Your Key Word list should be shared with counsel for input and revisions.
Run your Key Word searches in FTK and tag potentially relevant hits.
Review your tagged potentially relevant hits with counsel.
Revise, refine, rinse and repeat until you have reasonably identified all potentially relevant evidence to your matter.