*Install FTK Imager
1. Create a folder called C5Prj04(example) on your USB drive and then start Notepad
2. In An new text file type THIS IS TEST OF HASH VALUE................
3.Save the file as hash1.txt in the folder you created on ypur USB drive and then exit notepad
4.Start FTK Imager and click File> Add Evidence Item from the menu.In the select source
dialog box click Logical Drive option button and then click Next,
5.In the select Drive dialog box click the Drive Selection list arrow click select your USB drive and then click Finish.
6.In the upper-left pane ,click to expand your USB drive and continue expanding until you can click the C5Prjo4(folder your create in USB),In the upper-right Pane you should see the hash1.txt file your created
7.Right-click the file and Export file hash list .save the file as original hash in the C5Prjo4 folder on your USB drive.FTK Imager save it as a.csv file.Exit Ftk Imager and start Notepad.
* example hash value for original text file your create
8. open hash1.txt in the Notepad ,add one letter to the end of the file ,save it and exit notepad.
9.Start FTK Imager again .Repeat step 4 to 7 (but without starting notepad ) but this is time when you export the file hash list save the file as changes hash
10.open the original hash and changes hash file on your USB drive in excel.compare the hash value in both whether they are different
No comments:
Post a Comment