Thanks to visit codestin.com
Credit goes to www.scribd.com

Scribd
Upload
3K views13 pages

Digital Forensics Autopsy

Autopsy is a digital forensics software that makes it easier to deploy open source forensic tools. It provides a graphical user interface to display search results from analyzing file systems, hashing files, unpacking archives, and extracting metadata. Users can search indexed files for recent activity and generate reports in HTML or PDF format summarizing findings. Key features include identifying known files using hash sets, file type identification, flagging extension mismatches, extracting EXIF data, keyword searches, and more. The document then provides steps to start a case in Autopsy and analyze a sample file.

Uploaded by

Saloni Anand 18BCE2276
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
3K views13 pages

Digital Forensics Autopsy

Autopsy is a digital forensics software that makes it easier to deploy open source forensic tools. It provides a graphical user interface to display search results from analyzing file systems, hashing files, unpacking archives, and extracting metadata. Users can search indexed files for recent activity and generate reports in HTML or PDF format summarizing findings. Key features include identifying known files using hash sets, file type identification, flagging extension mismatches, extracting EXIF data, keyword searches, and more. The document then provides steps to start a case in Autopsy and analyze a sample file.

Uploaded by

Saloni Anand 18BCE2276
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 13

DIGITAL FORENSICS

LAB DIGITAL ASSIGNMENT - 1

SALONI ANAND Submitted to:


18BCE2276 Mr. Aju D.

Study and learning of Digital Forensics Tool: Autopsy

Autopsy is computer software that makes it simpler to deploy many of the open source programs and
plugins used in the Sleuth kit. The graphical user interface displays the results from the forensic search
of the underlying volume making it easier for investigators to flag pertinent sections of data.

Process:

Autopsy analyses major file systems (NTFS, FAT, ExFAT, HFS+, Ext2/Ext3/Ext4, YAFFS2) by hashing all
files, unpacking standard archives (ZIP, JAR etc.), extracting any EXIF values and putting keywords in an
index. Some file types like standard email formats or contact files are also parsed and catalogued.

Users can search these indexed files for recent activity or create a report in HTML or PDF summarizing
important recent activity.

FEATURES:

1. Recent Activity: Extracts recent user activity, such as Web Browsing, recently used documents
and installed programmes.

2. Hash Lookup: Identifies known and notable files using supplied hash sets and calculates and
validates hashes of data sources.

3. File Type Identification: Matches files type based on binary signatures.

4. Extension Mismatch Detector: Flags files that have non-standard extension based on their
filetype.

5. EXIF Parser: Extracts geo location and camera information from JPEG files.

6. Keyword Search: Text extraction and index searched modules enable you to find files that
mention specific terms and find regular expression patterns.

7. Correlation Engine: Saves properties to the central repository for later correlation.

8. Android Analyzer: Extracts data from SMS, call logs, contacts, Tango, Words with Friends, and
more.
Start the Autopsy software and choose between New Case, Open Recent Case or Open Case

Enter the Case Information like the case number and location it is to be saved in (if it is a new case).
The case number and examiner details may also be entered for further convenience.
Select the type of data source to add, select the Data Source. Next step involves configuring the ingest
modules that is choosing which aspects of the file/folder you want to investigate

INDEPTH STUDY OF THE FILE MANTOOTH


The devices attached can be viewed

The mail from and to along with the subject can be viewed
The email details can be seen when double clicked
Graphs can be made to understand the timeline by autopsy which helps the user understand better
Local Area Connection can be seen

Web Search can be viewed


One advantage of Autopsy is that it can view and import Hash sets and hence identify them later.
The Images and videos can be viewed

A report can be generated of the file Mantooth


Click on generate report option in the navbar and then choose the format of report to be generated
Report generation for washer disk

You might also like