Skip to content

Forensic Workstation

Forensic tools and setup

Info

The best OS platform for this module is probably Windows 10 at the time of writing. Technically both MacOS and Linux are supported and possible, but if you choose to do so, it is on you to figure out how to make it happen.

You have multiple pathways to set up your workstation.

Working on the machines in the lab

Welcome to the EC building and the security labs! For the large majority of you this will be a new experience to read the material from campus. If you decide to do so there are some ground rules using EC1-14(EH Lab)💻 and EC1-13(Cisco Disco)🕺. If you never heard those ground rules ask your lecturer in the labs.

FTK

FTK Requires a valid license to work. In the lab we have a licensing server set up on the LAN that can issue licenses for a maximum 72 machines at any given time. That should be more than enough as we are usually running no more than 42 at the same time.

🐌FTK Starts Slowly even so if you are using it in a VM. After the double click it can seem like nothing happens for a good 30 seconds, so patience is definitely required. When you start FTK it will either start with a banner or it will complain about a "security device".

If you need the location of the security device, set 192.168.2.200 (the local licensing server) as the address. After this your instance should get a license and start up in another 30 seconds or so.

If this does not work, try to ping 192.168.2.200 just to double check if the server is actually up.

Once you get to the authenticate window the credentials should be admin admin

If you are using your own laptop, you could theoretically plug in or use the lab WIFI. For remote licensing options please ask your Tutor.