KI
kingsman001-gfi/USB-Forensic-Imaging-FTK
Using FTK Imager to create and verify a forensic image of a USB drive.
USB Forensic Imaging with FTK Imager
This project documents the process of creating a verified forensic image of a USB flash drive using FTK Imager. Completed as part of my self-learning journey in digital forensics.
Objectives
- Create a forensic image of a USB device
- Verify image integrity using MD5 and SHA1 hash values
- Capture and document each step with screenshots
- Share findings and workflow for educational purposes
Tools Used
- FTK Imager
- Windows Snipping Tool
- Canva (for video editing)
- GitHub (for documentation)
Screenshots
All steps are documented in the screenshots/ folder:
- Launching FTK Imager
- Adding USB as evidence
- Creating disk image
- Filling evidence info
- Selecting destination
- Imaging progress
- Hash verification summary
Demo Video
A short 10-second walkthrough is available in the video/ folder.
Key Learnings
- Importance of hash verification in digital evidence
- How FTK Imager preserves forensic integrity
- Basics of forensic imaging workflow
File Structure
See notes.md for additional reflections and technical notes.
Feel free to fork or clone this repo if you're learning digital forensics or preparing for cybersecurity certifications.
On this page
Contributors
Created October 8, 2025
Updated February 12, 2026