FTK101 Syllabus 2022

Exterro Forensic Toolkit 101
Four-Day Instructor-Led Course

For more information contact: training@Exterro.com
The Exterro Forensic Toolkit 101 four-day course provides the knowledge and skills necessary to install,
configure and effectively use Forensic Toolkit® (FTK™). This course is focused on understanding the features
of FTK and the methods necessary to use those features effectively. Forensic Toolkit 101 sets the foundation
for the more advanced tool functions in Forensic Toolkit 201 and Forensic Toolkit 301.
Prerequisites
This hands-on class is intended for new and experienced forensic professionals who use Exterro forensic
software to examine, analyze, and classify digital evidence.
To obtain the maximum benefit from this course, you should meet the following requirements:
• Able to understand course curriculum presented in English

• Perform basic operations on a personal computer
• Have a basic knowledge of computer forensic investigations and acquisition procedures
• Be familiar with the Microsoft Windows environment
It is recommended that the student have taken the following Exterro courses prior to Forensic Toolkit 101: FTK Imager 100,
Registry Viewer 100, and Password Recovery Toolkit 100. While not required these courses will teach core concepts that
will benefit students in this course.
Class Materials and Software

The course manual, hands on instructions, and review questions are available for download from the class page on the
Exterro training website.
All Software, demonstration forensic images, and hardware required for the class will be provided.
The class includes multiple hands-on labs that allow students to apply what they have learned in the workshop.
Some topics and items in this class syllabus are subject to change. This document is for information purposes only. Exterro makes no warranties, express or implied, in this document. Exterro,
Exterro Certified Examiner, ACE, Distributed Network Attack, DNA, Forensic Toolkit, FTK, LAB, Password Recovery Toolkit, PRTK, Registry Viewer, and Ultimate Toolkit are registered
trademarks of the Exterro Group, LLC. in the United States and/or other countries. Other trademarks referenced are property of their respective owners.
Module 1: Installation of FTK Module 4: Introduction to the FTK Interface

Topics: Objectives:
• Installation of FTK Suite and associated tools
• Learn each tab and the specific features available
• FTK Basic Install in each.
• FTK Advanced Install o System Summary
• Using the Exterro License Manager o Explore
• Database configuration and user admin o Overview
o Bookmarks
Lab: o Email
Participants will install FTK and associated o Graphics
software, and configure the database in o Video
preparation for case creation. o Internet
o Mobile Data
Module 2: Creating Cases in FTK
• Customize the FTK Interface to meet the
Objectives:
examiners needs and style
• Reviewer permissions and privileges
• Configuring Time Zone settings within the case
• Creation and modification of pre-case
• Modifying column settings
Processing Profiles
• Selecting evidence using Check marks, keyboard
• Configuring Evidence Processing Options
shortcuts, and Quick Picks
• Configuring Evidence and Index Refinement
• Use the various view options and panes available
• Overview of FTK Lab and eDiscovery
to analyze evidence
processing options
• Creating Custom File Identification settings
Lab:
Lab:
Participants will navigate through each tab using
Students will create a case and learn about
the features in each to view various evidence
the various evidence processing options
types.
available in FTK and how to use them
effectively. Participants will create
Module 5: Searching with FTK
processing profiles in preparation for
Objectives:
adding evidence.
• In depth coverage on using FTK’s robust
searching options.
Module 3: Managing Evidence for FTK Cases
• Index Searching
Objectives:
o Configuring Index Search
• Supported Evidence Sources and the Options
process of adding evidence to a case o Field and Date Recognition
• Creating Evidence Groups
o Operators
• Configuring pre-case Time zone settings
o TR1 Expressions
• Create case and database backups and o Result Comparisons
archives. o OCR and Abby OCR
• Restore previously detached cases to FTK. • Live Search
o ASCII and Unicode Searches
Lab:
o Searching with Filters
Students will configure and add evidence to o Pattern Searching using Regular
a case. Expressions
Lab:
Students will conduct in-depth searches of all
types.
Module 9: Known File Filter (KFF)

Module 6: Filtering in FTK Objectives:
Topics:
• Install and configure the Known File Filter
• One Rule Filtering and using Live Preview
database.
• Multi-Rule Filtering • Understand how to create hash lists
• Nested Filters • Learn the process of importing hash lists into the
• Compound Filters KFF database and hash set groups.
• Persons of Interest • Understand some of the situations in which KFF
• Managing, Saving, and Sharing Filters can be used and how FTK can facilitate those
uses.
Lab: • Know the various ways to view KFF marked files,
This in-depth module will introduce users to the and know the difference between the two types:
powerful features associated with FTK filtering. ignore and alert.
• Discuss the NSRL hash list, and how to use the
Module 7: FTK Manage Menu
KFF Import Tool to load and configure the NSRL
Objectives:
list.
• Use the Manage menu to control
• While specific to Law Enforcement, discuss the
o Labels Project Vic implementation within KFF.
o Columns
o Filters Lab:
o Carvers Participants will install, configure, and run various
Known File Filter processes.
Lab:
Students will manage the various items
available in FTK.
Module 8: Exporting Items from FTK

Objectives:
• Understand and apply the various
options found in the Export option Window
• Learn the features associated with
exporting the information in the file list.
• Export files and directories directly to a forensic
image.
Lab:
Participants will export various files, in
various formats to gain an understanding of
the options.
Module 10: Reporting Module 11: Portable Case

Objectives: Basic Review
Objectives:
• Utilize the Reporting tool to deliver the
findings of a case in the most effective • Selecting Files
format • Making bookmarks and labels
• Use Portable Case to create a robust • Creating Portable Case
review tool for end users to search, label, • Reviewing Portable case Interface
bookmark, and export files from.
Module 12: FTK Plus
Lab: Basic Review
Objectives:
Participants will create reports of various
formats. Participants will also create a • Selecting Files
Portable case and view the options and • Making bookmarks and labels
features associated with it. • Creating Portable Case
• Reviewing Portable case Interface
Some topics and items in this class syllabus are subject to change. This document is for information purposes only. Exterro makes no warranties, express or implied, in
this document. Exterro, Exterro Certified Examiner, ACE, Distributed Network Attack, DNA, Forensic Toolkit, FTK, LAB, Password Recovery Toolkit, PRTK,
Registry Viewer, and Ultimate Toolkit are registered trademarks of the Exterro Group, LLC. in the United States and/or other countries. Other trademarks referenced
are property of their respective owners.

FTK101 Syllabus 2022

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

FTK101 Syllabus 2022

Uploaded by

Copyright:

Available Formats

Exterro Forensic Toolkit 101

Four-Day Instructor-Led Course

• Able to understand course curriculum presented in English

Class Materials and Software

Module 1: Installation of FTK Module 4: Introduction to the FTK Interface

Module 9: Known File Filter (KFF)

Module 8: Exporting Items from FTK

Module 10: Reporting Module 11: Portable Case

You might also like