Get full access to Windows Forensics Cookbook and 60K+ other titles, with a free 10-day trial of O'Reilly.

There are also live events, courses curated by job role, and more.

How to do it...

There are various possible uses for the visualization tool, so we will go through them one at a time:

Firstly, you can change the theme of FTK should you wish to do so. You can do this by going to CaseManager|Tools|Preferences in FTK, which will then open up a box which lists several options. These correspond closely to the options that used to be available in older versions of Windows, so it should be familiar to many.
One of the most useful items in the visualization toolset is the timeline feature, which allows a user to view actions on a device over a specific time period.
1. First you must tell FTK which dates you want to focus on. You can do this by selecting a range of dates in the timeline section.
2. Once your date range ...

Get Windows Forensics Cookbook now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Don’t leave empty-handed

Get Mark Richards’s Software Architecture Patterns ebook to better understand how to design components—and how they should interact.

It’s yours, free.

Get it now

Check it out now on O’Reilly

Dive in for free with a 10-day trial of the O’Reilly learning platform—then explore all the other resources our members count on to build skills and solve problems every day.

Start your free trial Become a member now