This project documents the process of creating a verified forensic image of a USB flash drive using FTK Imager. Completed as part of my self-learning journey in digital forensics.
- Create a forensic image of a USB device
- Verify image integrity using MD5 and SHA1 hash values
- Capture and document each step with screenshots
- Share findings and workflow for educational purposes
- FTK Imager
- Windows Snipping Tool
- Canva (for video editing)
- GitHub (for documentation)
All steps are documented in the screenshots/ folder:
- Launching FTK Imager
- Adding USB as evidence
- Creating disk image
- Filling evidence info
- Selecting destination
- Imaging progress
- Hash verification summary
A short 10-second walkthrough is available in the video/ folder.
- Importance of hash verification in digital evidence
- How FTK Imager preserves forensic integrity
- Basics of forensic imaging workflow
See notes.md for additional reflections and technical notes.
Feel free to fork or clone this repo if you're learning digital forensics or preparing for cybersecurity certifications.