FTK Case Analysis
Use the Mantooth image for this assignment. (http://sceweb.sce.uhcl.edu/abeysekera/ITEC4381/images/Mantooth.E01 )
- Create a new user named Alex Smith with password 123. Let Alex have access to the Mantooth case.
- Login as Alex and process the mantooth case in order to do the rest of the questions.
- Create a new global filter named ‘Emails from Washer’ that will show all the emails that were sent from John Washer. What went into the properties/operators/criteria fields? How many emails get listed?
- Create a new global nested filter named ‘Emails with Many Attachments’ that will show all the that have more than one attachment. What went into the properties/operators/criteria fields? How many emails get listed? How can you check if your output is correct? (hint: column settings)
- What is the difference between a global filter and a compound filter?
- Create a compound filter to the root directory of partition 1 to find out how many actual, deleted files there are in that and its sub directories. How many were listed?
- Create a compound filter to the root directory of partition 1 to find out how many actual, deleted files there are in that and its sub directories, but this time, exclude all folders. How many were listed?
- When Wes Mantooth was giving his deposition, he said that it was someone who met through a friend who was upto no good. However, he could not remember the name. He just remembered something associated with the guys had the word kidd in it. What is the associate’s name?
- What are the TR1 Regular Expression searches for the following? How many hits in how many files?
- The word “vampire” and a year that begins with 18xx
- “police” should occur within 5 words of “swoop”
- Other than looking at a video from the “overview” tab, how many other lists can you view the video file from?