Glad it was helpful! Thanks for visiting

thanks for the feedback We are starting new course on Cloud Computing / Network Security & Penetration Testing soon You will find lots of new stuff weekly :)

@@FreeEduHub In Sha Allah .. May Allah bless you and keep it up..

look for its related plugins

its best to try at home on your usb and harddrives

Sure I will

thats a default behavior

@@FreeEduHub Yes, but my FTK imager didn't generate the other .001 other than the txt to be mounted in the FTK imager later on, instead it generate a ZIP folder, do you know about this problem on how to solved this issue?

check file format settings in FTK Imager, it should generate .E01 or DD or RAW files etc Manually open the file .TXT file with FTK Imager as it seems like file association issue Did you check if there is anything in the zip file?

@@FreeEduHub so apparently inside the zip file there is another file with size of almost 30gb called 001_Evidences (which is my name format settins), and when I try to mount it, turns out it's the .001 file but in zip file, yet still I can't mount it

try OSFMount to mount and check, further 001 indicates there will be other sequenced files also

you can know the details when it was saved or created To know origin of the photo, you will have to drill down forensics of image / video itself you will get recording date and camera etc

yes you can, make sure you lock the harddisk first so that the contents are not changed

it will create several 001 002 003 files etc. Its normal

But sir it's not creating me any new disk ! I had the same problem !

Glad you enjoyed it!

resources issue on your host computer

And the Directory listing expor does not have the file in the DVD but i can see it in the logical drive that was mounted! ¿?

it could be due to multiple issues from version to hidden files, health, permissions and how is it exported

We usually use HEX to ASCII converters. For recovery of documents etc you can use Recuva free version, it would show you content of the files and recovery process Software like FTK are used for forensics analysis by professionals where the hash code of it is more important than the data in those documents

@@FreeEduHub So for example if I want to prove that somebody downloaded a classified document on their computer that they shouldn't have and then subsequently deleted it, I would just use FTK imager, locate the image of that document in unallocated space, then the once I find the document, compare the hashes of that item found to the hash of the actual document? I wouldn't actually recover the human readable contents of the document itself?

@@samael1981 You can even recover the entire document Whatever you do make sure you image the entire system first and then work on the image But its recoverable

@@FreeEduHub One last question. Would I recover the entire document in human readable format using FTK or would I need a third party program like Autopsy or Recuva?

@@samael1981 It has plugins and ad-ons to be added which are not free So if a free software works, use it

You're welcome

Very welcome

i am showing how to recover deleted files from USB and HDD

you are most welcome

there are different tools for android