P03 FTK Install
What You Need for This Project
A virtual machine (VM). While you could install FTK on a real machine, you might have a problem when you hit the limitation of 5000 evidence items for the trial version. I therefore recommend using a VM so you can easily start over with a clean machine if necessary.
The instructions below assume you are using a host of Windows 7, VMware Workstation, and a guest of Windows XP, as set up in the S214 lab.
Starting Your VM (Virtual Machine)
1. Double-click the VMware Workstation icon on the desktop. In the VMware Workstation window, from the menu bar, click View, Go to Home Tab.
2. On the Home tab, click the Open Existing VM or Team icon. Navigate to the VMs: drive, open your folder, open the Win XP SP3 folder, and double-click the Windows XP Professional.vmx file. You should see a Windows XP Professional VM in the Powered Off state, as shown to the right on this page.
3. Power on or resume the virtual machine.
Downloading Forensic Toolkit (FTK)
4. In your host machine, open Firefox and go to accessdata.com
5. On the upper right of the page, click SUPPORT. Click "AD Downloads". In the "Forensic Toolkit (FTK) version 1.81.6" section, click "Download", as shown to the right on this page.
6. Save the file on your desktop.
Installing FTK in your VM
7. Move your VM window so you can see both the host machine's desktop and the VM's desktop. Then drag the FTK installer from your host machine's desktop, and drop it on the VM's desktop. It should copy quickly--it's only 60 MB.
8. In your VM, double-click the installer and install the software with the default options.
Starting FTK in your VM
9. After installation, FTK will launch.
10. When you get an Error box saying "No security device was found…", click No.
11. When you get an Error box saying "The KFF Hash library file was not found…", click OK.
12. When a box pops up explaining the limitations of the demonstration version, click OK.
Starting a New Case
13. In the
A virtual machine (VM). While you could install FTK on a real machine, you might have a problem when you hit the limitation of 5000 evidence items for the trial version. I therefore recommend using a VM so you can easily start over with a clean machine if necessary.
The instructions below assume you are using a host of Windows 7, VMware Workstation, and a guest of Windows XP, as set up in the S214 lab.
Starting Your VM (Virtual Machine)
1. Double-click the VMware Workstation icon on the desktop. In the VMware Workstation window, from the menu bar, click View, Go to Home Tab.
2. On the Home tab, click the Open Existing VM or Team icon. Navigate to the VMs: drive, open your folder, open the Win XP SP3 folder, and double-click the Windows XP Professional.vmx file. You should see a Windows XP Professional VM in the Powered Off state, as shown to the right on this page.
3. Power on or resume the virtual machine.
Downloading Forensic Toolkit (FTK)
4. In your host machine, open Firefox and go to accessdata.com
5. On the upper right of the page, click SUPPORT. Click "AD Downloads". In the "Forensic Toolkit (FTK) version 1.81.6" section, click "Download", as shown to the right on this page.
6. Save the file on your desktop.
Installing FTK in your VM
7. Move your VM window so you can see both the host machine's desktop and the VM's desktop. Then drag the FTK installer from your host machine's desktop, and drop it on the VM's desktop. It should copy quickly--it's only 60 MB.
8. In your VM, double-click the installer and install the software with the default options.
Starting FTK in your VM
9. After installation, FTK will launch.
10. When you get an Error box saying "No security device was found…", click No.
11. When you get an Error box saying "The KFF Hash library file was not found…", click OK.
12. When a box pops up explaining the limitations of the demonstration version, click OK.
Starting a New Case
13. In the