Hello, and welcome back to the Computer Forensics Boot Camp. In this module, we're going to prepare our forensic workstation to examine evidence. We're going to acquire open-source forensic software and we're going to acquire the path image file. The first step is to open our web browser. The second step is we're going to download the document containing the URLs of the software needed for this path and the path, VMDK file. These are the software URLs. We're going to download The Sleuth Kit by Autopsy. We're going to download the add-on module Sleuth Kit. We're going to download 7-Zip because we're going to need that to extract the Zimmerman tools. We're going to go to the website with the Zimmerman tools. We're going to download the AmcacheParser, the AppCompatCacheParser, Registry Explorer, ShellBag Explorer, JumpList Explorer, Timeline Explorer, MFT Explorer, and WxTCmd. We're also going to download KillDisk. We're going to download HDX, which is a hex editor. I'm going to download Active Disk Editor, which is also a hex editor. But I'm going to show you where we're going to use both of these tools. We're also going to download 4Discoveries Link Parser. We're going to download Access Data's FTK Imager , the latest version. We're going to download DCode, which is going to help us when we're decoding some hex values. We're going to download the ExifTool by Phil Harvey. We can view EXIF data and image files. We're going to download a software tool to view Windows prefetch. Let's get started. The first site we're going to go to is the sleuthkitorg by Autopsy. You can cut that from the document and paste it into your browser. When you get here, you're going to hit the "Download Now" button and you're going to be presented with a screen with a 64-bit or a 32-bit for Windows or Linux. Once you choose one and hit "Download", a download window will pop up and you can go ahead and save that where you would like on your computer. The next website we're going to go to GitHub for the add-on modules for Autopsy. You're going to see this "Clone or download" button, depending on what type of file system you're on. If you're on a Windows system, download zip. If you're in Linux, you would need to clone it. Follow the instructions here on how to install the third-party modules, if you would like to do so. The next website we're going to go to is 7-Zip. Again, cut and paste into your browser. When you come, you're also going to be presented with a 32-bit version and a 64-bit version. Pick whichever is applicable to your computer. You would hit the "Download" link. Again, you would save that to where you want it on your computer. We're going to go to Eric Zimmerman's website for the Zimmerman tools. The several tools down here, these are all free and open source. You can download whatever you would like. What we're going to be using for the course is we're going to want the AmcacheParser. Again, you just click the link and download the tool, the AppCompatCacheParser, the MFT Explorer, Registry Explorer, ShellBag Explorer, Timeline Explorer. In Windows 10, Timeline database parser. We're also going to download JumpList Explorer, the GUI version. There is a command line version and you can go ahead and download both if you'd like. If I didn't tell you already, we definitely want this Timeline Explore down here. We're going to use that throughout the class. Next we're going to go to killdisk.com. We're going to download the freeware version of Active KillDisk. This is for Windows and this is for Mac. Whichever computer you have, you click on the link and then download the file. Again, you save it where you'd like install it. Next one is HxD. HxD is a hex viewer, which we're going to use when we do some of our file system work. You do want to go with the latest release. There are plugins on GitHub. We're not going to need that for what we're doing. You would just simply click the "Download" button and download the software. We're going to go to Active Disk Editor next. Again, we have for Windows or for Linux, depending on your operating system download which is appropriate. We're going to use this tool to view file structures within the operating system. We're going to download 4Discovery Link Parser. This will be used when we look at link files throughout the course. You would hit the "Download Now" button and you simply download and save the file. FTK Imager. It's a little different when you hit this "Download" button, before access data will let you download it they require you do fill out some information. You do have to opt into the emails or you will not be able to download the tool. You can go back and opt out at a later date if you'd like. But if you don't check, yes, you won't get an email with a link to download FTK Imager. You're going to have to check this submit and they will send you an email to whatever email address you put in here and that email will contain a link to download FTK Imager. Then we are going to need this throughout the course, so it's important that you do download it. DCode. We're going to use this to translate some hexadecimal values and you simply download DCode and save it. It will be a ZIP file. Go ahead and use 7-Zip to extract it. You must use 7-Zip when you're extracting the Zimmerman tools or they will not extract properly. Please download 7-Zip if you don't have it, and use that 7-Zip to extract these software tools. The next tool we're going to download is going to be the ExifTool by Phil Harvey. Again, go with the latest version, download the Windows or the Mac OS, whichever is appropriate for you. Install the tool. We're going to download NirSoft win prefetch viewer, because we're going to take a good look at Windows prefetch. There is some information about the tool itself. If you'd like to read through that. The Download button is down here at the bottom. Again they have 32 and a 64-bit version of the tool. They also have an MD5 Hash so I want to try 256, so you can check your download to make sure it downloaded properly. We're going to talk about how you use hash values to validate files later on in this course. In our next module, we are going to start exploring some forensic basics. We're going to talk about hexadecimal, decimal and binary and how we deal with those type of data structures. I just want to make you aware when you are downloading the path VMDK file. It may take awhile, so allow yourself some time to download that. You can either pause the video and do it or do it when the video is not running, that is totally up to you. End of block.
