FTK is pretty cool, you can also use it create hashes of files/tools for comparison before and after moving them to another location (ie from your forensic workstation to an evidence collection hard drive)
First time using FTK Imager for me to. Learned alot! As always great tasks and easy to follow along with the text. Didn´t even need to watch your video to solve the tasks. Hopefully I can go back to school again this spring and start my career at cybersecurity for real. You have been a big inspiration for me to start learning more.
Lol i always try and solve and then watch the walktrough.. I did the exact same steps you took even the first png what didnt contain it. only i veryvied via the menu option. Was fun! Only downside, the countdown of the virtual machine begins after starting it. so it takes 4 minutes from your play time to complete. ofcourse this one didn't need much time, but could be a problem for some people in other challeges.
FTK imager is a great free tool that is not only used for initial viewing the evidence files but it is powerful when it comes to make an image of a physical device like HD or USB , and also you can create a memory (RAM) Dump using FTK imager. Also, you can export the windows protected files (Windows Registry) from running Windows machine. And many more.
I remember trying to plug in malware infected thumb drives into a company computer. They had antivirus immediately delete and cleaned every file on the thumb drive before I even opened up My Computer windows to go to the thumb drive 😂
Fyi. You can change the RDP resolution by right clicking on the RDP file, selecting edit, and going to the display tab. You do need to be disconnected first. Hit save to keep the setting saved to the RDP file you were editing. Or editing it in notepad works as well. Doesn't work well when doing videos, of course. This is more for the noobies than anything.
As you can see in the video, the file is not really "deleted", it is only dereferenced. You could just export it out. But to carve you would just search for the file header signature and the file footer.
![decompile the halls | TryHackMe Advent of Cyber 2023 Day 9 [Malware Analysis]](http://i.ytimg.com/vi/aHKTfJJ3I5k/mqdefault.jpg)
First time using FTK Imager. I put it on the list to add to my toolkit. Thanks for bringing it to light, it was fun!
FTK is pretty cool, you can also use it create hashes of files/tools for comparison before and after moving them to another location (ie from your forensic workstation to an evidence collection hard drive)
The world should learn how to analyze a hacking incident through computer forensics softwares (FTK, Encase, AXIOM, FEX, NUIX, UFED, Oxygen, etc...)
First time using FTK Imager for me to. Learned alot! As always great tasks and easy to follow along with the text. Didn´t even need to watch your video to solve the tasks. Hopefully I can go back to school again this spring and start my career at cybersecurity for real. You have been a big inspiration for me to start learning more.
Today's task has been awesome with John Hammond... can't wait for for the next one...
Was really timing it today since the it's all about DFIR
FTK Imager is super sweet!
thank you for the walkthrough!
That was plain easy task for John. FTK is a basic stuff every DFIR begginer should now from the ground up :)
I love FTK Imager!!
Lol i always try and solve and then watch the walktrough.. I did the exact same steps you took even the first png what didnt contain it.
only i veryvied via the menu option.
Was fun!
Only downside, the countdown of the virtual machine begins after starting it. so it takes 4 minutes from your play time to complete.
ofcourse this one didn't need much time, but could be a problem for some people in other challeges.
Advent of Cyber is awesome!
Totally digging advent of cyber 23. I think they get better every year
This tool, is really cool and now is part of my toolkit really interesting forensics thanks!
FTK imager is a great free tool that is not only used for initial viewing the evidence files but it is powerful when it comes to make an image of a physical device like HD or USB , and also you can create a memory (RAM) Dump using FTK imager. Also, you can export the windows protected files (Windows Registry) from running Windows machine. And many more.
Thanks for the tips, I was wondering today how to do a RAM dump
Thanks. The task was simple and fun.
I remember trying to plug in malware infected thumb drives into a company computer. They had antivirus immediately delete and cleaned every file on the thumb drive before I even opened up My Computer windows to go to the thumb drive 😂
You make it so simple. Thank you.
Helping me again, as always John. Much appreciation, as always!
A grest teacher with so much love
John Hammond is the GOAT! Thanks for making these videos!
Fyi. You can change the RDP resolution by right clicking on the RDP file, selecting edit, and going to the display tab. You do need to be disconnected first. Hit save to keep the setting saved to the RDP file you were editing. Or editing it in notepad works as well. Doesn't work well when doing videos, of course.
This is more for the noobies than anything.
Good one
great quality
Cool topic for a challenge!
Feel sorry for whoever needed to use the walkthrough on this
WOW sir excellent ❤
Coming here to say that I didn't watch any walkthrough. Progress compared to last year
Thanks A LOOOOT ❤
Grady Mission
We need file carving please, I mean carve the deleted file from the disc
As you can see in the video, the file is not really "deleted", it is only dereferenced. You could just export it out. But to carve you would just search for the file header signature and the file footer.
@@cv1849 yeah sorry, I posted the comment right before watching the video, I taught he just gonna show the disc that can be act as rubber ducky
Thanks just finished it now/ let's get it😅
@john Hammond sir where did learn Ethical hacking course suggest me guide me sir
Denesik Port
First comment
B4DM755, maybe bad mode 755, a file with wrong unix access rights?
Please help me sir 😭
pin me Merry Christmas for you all
you may find this useful, it could be used for other ways, John, watch?v=qAuPoAQImo0