Lab 1.1 – Installing OSForensics
Step – 1. Extract the software package and run the osf.exe application to start the installation setup.
Step – 2. Follow the setup for installation, accept the license agreement.
Step – 3. Select the destination where application will be installed.
Step – 4. Click Install.
Step – 5. On completion of the setup click Finish and launch the application.
OSForensics Application –
Step – 6. To import hashsets in the application, extract the hashsets to C:ProgramDataPassMarkOSForensicshashSets.
Hands-on Project 1.1 – Investigation of a USB drive to find probable evidences related with case involving a suspicious death.
Step – 1. Open ProDiscover Basic and enter the case details.
Step – 2. Import the image of the USB drive.
Step – 3. Expand content view in the tree view on the left side to explore all the files present in the image.
Step – 4. Right click on the file and click view to open the file and find possible evidences.
Step – 5. Export the file by right clicking on the file and click copy file.
Exported file –
Step – 6. Save the project and exit ProDiscover Basic.
From the provided image, a suicide note and a list of assets of the deceased in an excel file.
Hands-on Project 1.2 – Investigation of an USB drive of an ex-employee to find possible evidences of any sensitive information present on the drive.
Step – 1. Open ProDiscover Basic and enter the case details.
Step – 2. Import the image of the USB drive.
Step – 3. Expand content view in the tree view on the left side to explore all the files present in the image.
Step – 4. Click search in the tree view, type ‘book’ in the search toolbar. Select the image that needs to be searched and click OK.
Step – 5. In the tree view click Search Content View to view the search results.
Step – 6. Explore the file returned in the search result to find possible evidence.
Step – 7. Open the search dialogue box again, click on the cluster search tab. Enter the keyword in the search toolbar and select the image that needs to be searched.
Step – 8. Click on Cluster Search Results in the tree view to analyse the results returned.
One .xls file was returned in Content search and 27 hits were received when the keyword ‘book’ was searched in clusters.
Lab – 1.2 Installing FTK Imager
Step – 1 Browse to https:\accessdataproduct-download and search for FTK Imager. Download the application.
Step – 2. Open the .exe file to initialize the setup.
Step – 3. Accept the license agreement’s terms and conditions and select the path where the application will be installed. Click Install.
FTK Imager –
Lab – 1.3 Installing ProDiscover Basic.
Step – 1. Extract the 64-bit version of ProDiscover Basic.
Step – 2. Open the .exe file to start the setup.
Step – 3. Follow the setup to install the application.
Step – 4. Click finish to complete the installation.
ProDiscover Basic –
Lab – 1.4 Installing AccessData Registry Viewer.
Step – 1. Browse to https:\accessdataproduct-download and search for Registry Viewer. Download the application.
Step – 2. Open the .exe file and follow the setup.
Step – 3. Click install after accepting the license agreements and selecting the destination folder for installation of application.
AccessData Registry Viewer –
