Video Transcription

00:00
right. Welcome to the seventh in our series of ah cyber courses here. This is the ever met refile System bridge.
00:09
And that was really quick, but really important. Right? Because without that, that bit on the file system bridge, you weren't going to be able to open up your A f f four files, so it seems like it's a good idea. Um, also, before we go, what I just did there opening up my forensic image with F T k image or Ah,
00:28
I can't say enough nice things about people access data for
00:31
having provided all of us that tool for free for years. Um, that's something you should be doing at the end of every forensic image you make. So you're out there. You're imaging a bunch of drives. Things like this. Yeah. Okay. You got a verification hash and it matches and all that sort of stuff, and you recorded on your documentation,
00:50
But do you know that your forensic image is actually good? Can you actually see a file system on there and things like that? Well, you can if you don't check it. So
01:00
one of the procedures that we like to do at Atlantic Data forensics with all our images. You know, once we recorded that hash, someone goes ahead and mounts and opens up you every one of those friends of damages, usually using F t K imager, just to make sure we've got a good file system collection there where they open up in black bag or whatever it might be.
01:19
Just just to make sure you got a complete
01:22
and working collection cause there's nothing worse than you know this one opportunity to collect a forensic image off a computer. You know, there's a very small window of time. Everything looked good as soon as you finish is packed it up and go and then you discover, you know, the next day or two days later
01:38
Oh, yeah, had verified out, but it verified out a garbage image.
01:42
That's that's not good for anybody. You don't have to go back and talk to clients about that things like that. So something to add into your process is at the end. I'm closing up my documentation. Make sure you open up your forensic image and actually validate yet there's a real file system there. I see real files, everything looks the way I would expect.
02:01
Ah, forensic image of that type of of ah, of distal. Look,
02:06
um,
02:07
you know, saves a lot of tears and gnashing of teeth and people screaming at each other later on.
02:12
All right, So to summarize today's video Ah, we have the, uh we learned How about the elementary follow system bridge and how it gets used?
02:21
We used the elementary file system bridge to go and had access one of our previously acquired FF for forensic images.
02:29
Um, and then we take took a quick look at some of the the forensic programs out there commonly in use that air already natively incorporating FF four and is one of their supported forensic image formats.
02:42
Um, as always, get your forensic stuff together, Come on, run with us.

The Evimetry Filesystem Bridge:  Making Your AFF4 Forensic Images Available

In this free course we will cover the Evimetry Filesystem Bridge and do a quick review of the forensic tools that are now supporting AFF4 forensic images.

Instructed By

Instructor Profile Image
Brian Dykstra
CEO and President of Atlanta Data Forensics
Instructor