Hello and welcome back to the computer forensics boot camp, in this module, we're going to prepare our forensic workstation to examine evidence. We're going to acquire open source forensic software and we're going to acquire the path image file. The first step is to open our web browser. The second step is we're going to download the document containing the URLs of the software needed for this path and the path VMDK file. These are the software URLs. We're going to download the sleuth kit by autopsy. We're going to download the add on modules for the sleuth kit. We are going to download 7-Zip because we're going to need that to extract the Zimmerman tools. We're going to go to the website with the Zimmerman tools. We're going to download the am cache Parser, the app compact cache Parser, the register explorer, shellbag explorer, jump list explorer, timeline explorer, MFTE explorer and WxTcmd. We're also going to download kill disk. We are going to download HDX which is a hex editor. We're going to download active disk editor which is also a hex editor but I'm going to show you where we're going to use both of these tools. Were also going to download for discoveries link Parser. We're going to download access data, ftk-imager, the latest version we are going to download dcode, which is going to help us when we're decoding some hex values. We are going to download the exil tool by Phil Harvey so we can view exif data in image files. And we're going to download a software tool to view Windows prefetch. So let's get started. The first site we're going to go to is the sleuth kit dot org by autopsy. You can cut that from the document and paste it into your browser. When you get here, you're going to hit the download now button and you're going to be presented with a screen with a 64 bit or a 32 bit for Windows or Linux. Once you hit choose one and you hit download, a download window will pop up and you can go ahead and save that where you would like on your computer. The next website, we're going to go to GitHub for the add on modules for autopsy. You're going to see this clone or download button depending on what type of file system you're on. If you're on a Windows system, download zip. If you're in Linux, you would need to clone it. Follow the instructions here on how to install the third party modules if you would like to do so. The next website we're going to go to is 7-Zip again, cut and paste on your browser when you come you're also going to be presented with a 32 bit version and a 64 bit version pick whichever is applicable to your computer. You would hit the download link and again you would save that to where you want it on your computer. We're going to go to Eric Zimmerman's website for the Zimmerman tools. There's several tools down here. These are all free and open source so you can download whatever you would like what we're going to be using for the course is we're going to want the M cache parser. And again, you just click the link and download the tool, the app compact, cache parser, the MFT Explorer, registry Explorer, shell bag Explorer, timeline Explorer in the Windows 10 timeline database parser. We're also going to download Jumplist Explorer. The GUI version. There is a command line version and you can go ahead and download both if you would like. And if I didn't tell you already, we definitely want this timeline Explorer dyed hair. We're going to use that throughout the class. Next we're going to go to KillDisk.com and we're going to download the free reversion of active KillDisk. This is for Windows and this is for Mac. So whichever computer you have, you click on the link and then download the file and again you save it where you like and install it. Next one is HxD. HxD is a hex viewer, which we're going to use when we do some of our file system work. You do want to go with the latest release. There are plug ins on GitHub. We're not going to need that for what we're doing. You would just simply click the download button and download the software. We're going to go to ActiveDisk editor next and again we have for Windows or for Linux depending on your operating system download, which is appropriate. We're going to use this tool to view file structures within the operating system. We're going to download 4discovery link parser and this will be used when we look at link files throughout the course, you would hit the download now button and you simply download and save the file. FTK imager. It's a little different when you hit this download button, before access data will let you download it. They require, you do fill out some information, you do have to opt into the emails or you will not be able to download the tool. You can go back and opt out at a later date if you'd like, but if you don't check, yes, you won't get an email with a link to download FTK imager. So you're going to have to check this submit. And they will send you they will send you an email to whatever email address you put in here and that email will contain a link to download FTK imager and we are going to need this throughout the course so it's important that you do download it. DCODE, we're going to use this to translate some hexi decimal values and you simply download dcode and save it. It will be a zip file. Go ahead and use 7-Zip to extract it and you must use 7-Zip. When you're extracting the Zimmerman tools, they will not extract properly. So please download 7-Zip if you don't have it and use that 7-Zip to extract these software tools. The next tool we're going to download is going to be the Exif tool by Phil Harvey again go with the latest version download the Windows or the Mac OS, whichever is appropriate for you and install the tool. We are going to download NirSoft win prefetch viewer because we're going to take a good look at Windows prefetch, there is some information about the tool itself if you'd like to read through that and the download button is down here at the bottom. And again they have a 32 and a 64 bit version of the tool and they also have an MD five hash show one shot 52 to 56. So you can check your download to make sure it downloaded properly. And we're going to talk about how you will kind of use hash values to validate files later on in this course. In our next module we are going to start exploring some forensic basics. We're going to talk about hexi decimal, decimal and binary and how we deal with those types of data structures. I just want to make you aware when you're downloading the course, VMDK file, the path, VMDK file. It may take a while, so allow yourself some time to download that. You can either pause the video and do it or do it when the video is not running, that is totally up to you and a block.
