AccessData FTK Administration
15 Questions
0 Views

Choose a study mode

Play Quiz
Study Flashcards
Spaced Repetition
Chat to Lesson

Podcast

Play an AI-generated podcast conversation about this lesson

Questions and Answers

Which FTK component directly interacts with the database?

  • Application Administrator
  • FTK Graphical User Interface (GUI) (correct)
  • Known File Filter Server
  • Case/Database Manager

What is the primary role of the Known File Filter Server in FTK?

  • Maintaining Data Sets (hash values) for file filtering. (correct)
  • Managing user permissions and privileges.
  • Interacting directly with the user through a graphical interface.
  • Storing and managing the case database.

Upon creating a case backup in FTK, what action must the user ensure they complete to have a fully functional backup?

  • Copy the associated evidence files to the backup location. (correct)
  • Detach the case from the database following the backup.
  • Restore the case archive to verify the integrity of the data.
  • Create a backup folder before initiating the backup process.

What level of access do Case Reviewers have to cases?

<p>Restricted access as defined by the Case Administrator. (A)</p> Signup and view all the answers

What is the key difference between archiving a case and deleting a case in FTK?

<p>Archiving retains the case folder, while deletion removes both the case from the database and the case folder. (D)</p> Signup and view all the answers

What action can an Application Administrator take regarding user accounts in FTK?

<p>Change any user's password without knowing the original password. (B)</p> Signup and view all the answers

A colleague informs you that they have a 'Trusted User' account in FTK. What does this imply about their login process?

<p>They use Windows login credentials for FTK access. (A)</p> Signup and view all the answers

An Application Administrator needs to ensure a user cannot access FTK temporarily. What action should they take?

<p>Disable the user account. (C)</p> Signup and view all the answers

Which of the following actions can potentially resolve a stalled Processing Job in FTK?

<p>Selecting the processing job and choosing the 'Restart' option. (A)</p> Signup and view all the answers

Which database preferences are available for adjustment within FTK?

<p>Temporary file path, visualization themes, DB Optimization and KFF Configuration. (D)</p> Signup and view all the answers

What objects can a Case Administrator manage within the global objects in FTK?

<p>Only KFF sets, with the ability to make them shared from within a case. (A)</p> Signup and view all the answers

What best describes the availability and management of global objects in FTK?

<p>Global objects are available in all cases and generally managed by the Application Administrator; Case Administrators can manage by making them shared from within a case. (C)</p> Signup and view all the answers

What is the primary purpose of the KFF install utility within FTK?

<p>To import NSRL data for use in identifying known files during processing. (B)</p> Signup and view all the answers

What is the primary benefit of using a Processing Profile in FTK?

<p>It provides a saved list of frequently used processing options, improving efficiency and ensuring consistency in casework. (C)</p> Signup and view all the answers

What is the key characteristic of custom processing profiles in FTK?

<p>They can be case-specific or tailored to a forensic examiner and can be exported for use of other FTK installations. (A)</p> Signup and view all the answers

Flashcards

FTK Database

Holds the forensic data processed by FTK.

FTK Graphical User Interface (GUI)

Allows users to interact with the FTK database and manage cases.

Known File Filter Server

Used to identify known files based on hash values to filter out irrelevant data.

Case/Database Manager

Manages databases, users, case creation, tools, and object configuration.

Signup and view all the flashcards

Application Administrator

The first user account, which has full control over FTK.

Signup and view all the flashcards

Trusted User

A user who uses Windows login for FTK access.

Signup and view all the flashcards

Administrator Case Access

Full access to the case.

Signup and view all the flashcards

Reviewer Case Access

Restricted access to the case.

Signup and view all the flashcards

Recover Processing Job

If a processing job gets stuck, FTK allows you to attempt to recover and restart it.

Signup and view all the flashcards

Database Preferences

Settings like temporary file paths, visualization themes, and database optimization for KFF can be configured.

Signup and view all the flashcards

Manage Global Objects

Objects created here are available in all cases and generally managed by the Application Administrator. Case Administrators can manage KFF.

Signup and view all the flashcards

Server for KFF

A utility is needed to import the NSRL (National Software Reference Library) data for KFF (Known File Filter).

Signup and view all the flashcards

Processing Profile

A saved configuration of frequently used processing options to streamline and standardize casework.

Signup and view all the flashcards

Custom Processing Profile

Processing profiles tailored for specific cases or forensic examiners. They can be set as defaults and exported.

Signup and view all the flashcards

FTK Module Review

FTK's various components, user management, global objects, KFF installation, and custom processing profiles.

Signup and view all the flashcards

Study Notes

  • AccessData FTK Administration

Module Objectives

  • FTK Components
  • Creating Users/Assigning Privileges
  • FTK Tools and Preferences
  • Global Objects
  • KFF Install
  • Custom Processing Profiles

FTK Components

  • Forensic Tool Kit is comprised of three main components: database, FTK Graphical User Interface (GUI), and Known File Filter Server
  • Database (PostgreSQL or Microsoft SQL) holds the data
  • FTK Graphical User Interface (GUI) interacts with the database
  • Known File Filter Server contains the Data Sets (hash values)

Case/ Database Manager

  • Manage Database
  • Create Users
  • Case Creation
  • Case Management
  • Tools and Preference Configuration
  • Object Management

Application Administrator

  • The first user account is the Application Administrator

Creating Users

  • Trusted User uses Windows login credentials for FTK access

Creating Users - User Roles

  • Application Administrator - has all privileges
  • Case Administrator - has all case privileges
  • Case Reviewer - has review rights only; modification of the evidence data is not permitted

Changing Passwords

  • Each user has the ability to change their own password
  • Application Administrators do not need to know the original password
  • Application Administrators can change any user password

Disable/Enable User Accounts

  • Application Administrators can disable and enable user accounts
  • Accounts can not be deleted

Assigning Users to a Case

  • Users are assigned by the Case Administrator or the Application Administrator:
  • Administrators have full access
  • Reviewers have restricted access

Backup a Case

  • Don't create Backup folder first; FTK will create folder during backup process
  • It's important not to forget to copy the evidence files

Archive a Case

  • It will create an archive in case folder
  • It's important not to forget to copy the evidence files

Archive/Detach a Case

  • Will conduct Archive action and then detach the case from the database
  • It's important not to forget to copy the evidence files

Delete a Case

  • Deletion will not only delete the case from the database but will also delete the case folder

Restore a Case Backup

  • Don't forget to replace evidence files!

Attach a Case Archive

  • Don't forget to replace evidence files!

Recover Processing Job

  • Processing Jobs which become stuck may be recovered/re-started:
    • Select desired job and choose Restart

Database Preference

  • Some database preferences that can be adjusted include:
  • Temporary file path
  • Visualization themes
  • DB Optimization and KFF Configuration

Manage Global Objects

  • Most Global objects must be managed by the Application Administrator
  • Case Administrators can only manage:
    • KFF
  • Objects created here are available in all cases
  • Objects can only be managed by Application Administrator
  • Case Administrators can manage objects by making them shared from within a case
  • Case Reviewers can not manage any objects

KFF Install

  • Server for KFF
  • Utility needed to import NSRL Data
  • Extract to Folder on local hard drive

What is a Processing Profile?

  • Saved list of frequently used processing options
  • Improves efficiency
  • Provides consistency in casework
  • Available for all cases

Custom Processing Profile

  • Can be case specific or specific to forensic examiner
  • Custom profiles can be also set as default
  • Custom profiles can be exported for use on other installations of FTK

Module Review

  • FTK Components
  • Creating Users/Assigning Privileges
  • FTK Tools and Preferences
  • Global Objects
  • KFF Install
  • Custom Processing Profiles

Studying That Suits You

Use AI to generate personalized quizzes and flashcards to suit your learning preferences.

Quiz Team

Related Documents

AccessData FTK Administration - PDF

Description

This lesson covers FTK administration, including components, user creation, privileges, tools, preferences, global objects, KFF install, and custom processing profiles. It overviews the database, GUI, Known File Filter Server, Case/Database Manager, and Application Administrator.

More Like This

Microsoft Access Data Types Quiz
8 questions

Microsoft Access Data Types: Quiz and Flashcards

LargeCapacityAllusion avatar
LargeCapacityAllusion
AccessData: Case Creation and Processing
19 questions

AccessData: Case Creation and Processing

EasyToUseScholarship2314 avatar
EasyToUseScholarship2314
Use Quizgecko on...
Browser
Open
Browser
Browser