1. All tutorial files should be downloaded onto your hard drive. While you can 'left click' and view them over the Internet, you might have problems viewing them with your browser (the video stream might be slow or choppy). Our recommendation is to 'right-click' the link and 'save target as' onto your Hard Drive. Your team "Computer Expert" should view each of these tutorials. The first item is a PowerPoint presentation. The remainder are videos demonstrating screen by screen steps for completing the skills and steps needed for success in the computer forensics component of the 2010 CSI Challenge. These materials were prepared by Professor Malinowski, at C.W. Post, Long Island University, to assist you. You will find them to be very helpful.
   Please note that mouse clicks in the videos are 'color coded.'
   • red for the LEFT mouse button
   • blue for the RIGHT mouse button.
   A right click, as with many other applications in Windows, pulls down a context-sensitive menu specific to what you right-clicked.

   Video tutorials are packaged with their own "player" included and should play normally under Windows. If prompted about "letting an unknown program run" or "running a program from an unverified publisher," it's OK to do so. The player's screen will allow you to pause, rewind, or fast-forward the video as well as adjst the volume.
   

2. You are directed to view the Power Point presentation (item #1) and the video tutorials in the order they are listed below:
   1. General information PowerPoint. View before trying avi files below.
      
      • Download the PowerPoint Viewer (2003) here if you do not have PowerPoint installed on your computer. This wil allow you to play the PowerPoint presentation.
   2. Creating a Case in FTK (39 Mb)
   3. Exploring your case in FTK (39 Mb)
   4. Exporting files of interest from your case (17 Mb)
   5. Searching for specific text strings using FTK (16 Mb)
   6. Opening a file using its associated program in FTK (8 Mb)
   7. Introduction to S-Tools (80 Mb)
   8. Revealing hidden information in a picture or sound file (cont.) (40 Mb)
   9. Extracting and saving stego'd information from a picture or sound file. (30 Mb)

   Practice finding a stego'd image with this file.

3. Files have timestamps. Learn more about timestamps in this "M-A-C times" PowerPoint.

4. Many cases involve emails. Click here to view a short video on email headers

Back to the CSI Challenge Computer Forensic Page Go To the CSI Challenge Computer Forensic Tools Page