CSI Forensics Worod Challenge Logo


Tools:
These files can be downloaded and used on a Windows platform PC (may not work on a MAC using "boot camp"). They include the demo version of the Forensics Toolkit, documentation from their site in PDF format, and two different sample images to practice with.
  1. The analysis at the 2010 CSI Challenge will be done using AccessData's FTK (Forensic Tool Kit version 1.8.1). FTK can be downloaded by clicking here to get to FTK from AccessData's website and you can run on it with Windows XP or Vista. While version 2.x is available, you will require a "dongle" in order to use it, as well as install a version of Oracle datbase on your computer.
    An easier alternative is to get FTK 1.8.1 from the our website using the links below:
  2. Download these sample files which will be used to get you familiar with FTK; these are "image" files. An "image" is a 'snapshot' of a disk or device (hard drive, floppy, CD, DVD, USB key, etc.) which contains all the information on that device.
    FTK allows you to add evidence directly from a disk, folder or file. The alternative is to add evidence which has been 'captured' forensically (so as not to alter data), and is provided on what is called a 'bit-for-bit' image.
    While you cannot directly read the image and make sense of it, the software tool FTK can read the image and 'interpret' or 'decipher' the "image" of the data you are analyzing.
    You should download these two files as they will be referenced in the tutorials below which will teach you how to use FTK and S-Tools.

    3. Steganography is a method used to 'hide' information. With Steganography, we have a file acting as a 'container', and we can use a piece of software and embed or hide another file inside the container file. Typically, a container file is a Windows BMP (bitmap image) file, or a GIF (another image format) file, or could even be an audio file. The 'hidden' files can be other images, documents, or just about any sort of file.
    It's been alleged that terrorist organizations use steganography in order to hide information "in plain sight." For example, an image on a computer, or even an image which is part of a web page, can contain other images, or even plans (in a text or Word document). The program below, S-Tools, complements FTK by allowing you to see if digital evidence has any hidden information.
    You should be familiar with this for the 2010 CSI Challenge.

Back to the CSI Challenge Computer Forensic Page. Go To the CSI Challenge Computer Forensic Tutorials Page.