Professor Davis' Website



5816600-45960500FTK Labs – Lab 2: Backup / Restore CaseAccess Data Forensics – Training Manual: lab on page 6-38 (2019 Version)*lab on pages 5-41 (2016 Version)lab on pages 265 to 266 (2013 Version)Associated Reading in Training Manual: pages 4-17 to 4-21 (2019 Version)pages 4-21 to 4-27 (2016 Version)pages 259 to 264 (2013 Version)*Note: The steps below are similar to the steps in the lab but have been modified slightly to reflect the RMU FTK environmentBacking Up (i.e., Saving) a Case: (You must do these steps at the end of every lab session in VMWare View, or your work will not be saved)Open Forensic Toolkit (FTK) and start in the FTK Case Manager screen (Note: you must CLOSE all open cases in order to access the Case Manager screen).Select the case that you want to save (from the list of cases on left half of screen).91199518859500Select Case/Backup/BackupClick the icon to the right of the Backup Folder field, choose your RMU Network U:\ Drive as the save location.Enter a Folder Name for the backup files (It is recommended that you use the “{Case Name} Backup” for the folder name). Click Save and then click OK.When the backup procedure finishes, click Close and confirm that backup folder was saved to your desktop.Select the case (i.e., the case that was just “Backed-Up”) and then select Case/DeleteClick Yes to accept the warning to delete the case (the case should no longer be listed in the Case Manager screen).Close Case Manager and return to your Desktop.You now have a Case Backup saved to your RMU network drive. You may now safely log off your lab PC or log out of VMWare View.(Case Restore Procedures & Lab Questions listed on back)Restoring (i.e., Opening) a Case:Open Forensic Toolkit (FTK). 305675517589500On the Case Manager screen, choose Case/Restore/Restore.When the Case Restore dialog box opens, click the icon and then navigate to your RMU Network U:\ Drive and select the “{Case Name} Backup” folder (saved during Backup procedure) and click OK. (Note: You may need to copy your backup folder to your local desktop for the restore procedure to work properly).Check the box next to Specify the location of the DB filesCheck the box next to In the case folder. Click OK, and then click OK again.When prompted to specify a different location for the case folder, click Yes. Click Make a New Folder. Create a folder called {Case Name} on the Desktop (Note: Do not include the word “Backup”). Click OK to restore the case (You may get a “Failed” message, but the case should still restore).The case should now be listed within the Case Manager (on left half of screen).Questions to Answer from Lab (submit responses to these using the red submission link in Blackboard):Were you able to successfully Backup and Restore your Wes Mantooth Case from FTK Lab 1?Why did you enter the word “Backup” at the end of the Case Name in Step #5?When should you perform the Case Backup procedures?What happens if you exit VMWare View without performing the Case Backup procedures on the reverse side of this sheet?List the edits/additions to a forensic case that are saved as part of the Case Backup procedures. ................
................

In order to avoid copyright disputes, this page is only a partial summary.

Google Online Preview   Download