Introduction To Autopsy | An Open-Source Digital Forensics Tool

In this article we are going to learn about autopsy which is an open-source tool for digital forensics

In this article, we are going to learn about Autopsy, which is an open-source digital forensics tool. We are going to see What is Autopsy, Features of Autopsy, How to Use Autopsy with Demo, and many more questions like this.

What is Autopsy?

“Autopsy® is a digital forensics platform and graphical interface to The Sleuth Kit® and other digital forensics tools. It is used by law enforcement, military, and corporate examiners to investigate what happened on a computer. You can even use it to recover photos from your camera’s memory card.” — Official Website

Basically, the autopsy is a free open-source tool that supports a wide range of other digital forensics modules and tools.

The Autopsy is computer software that makes it simpler to deploy many of the open-source programs and plugins used in The Sleuth Kit.[1] The graphical user interface displays the results from the forensic search of the underlying volume making it easier for investigators to flag pertinent sections of data. The tool is largely maintained by Basis Technology Corp. with the assistance of programmers from the community.

Features

  • Multi-User Cases: Collaborate with fellow examiners on large cases. 
  • Timeline Analysis: Displays system events in a graphical interface to help identify activity. 
  • Keyword Search: Text extraction and index searched modules enable you to find files that mention specific terms and find regular expression patterns. 
  • Web Artifacts: Extracts web activity from common browsers to help identify user activity. 
  • Registry Analysis: Uses RegRipper to identify recently accessed documents and USB devices. 
  • LNK File Analysis: Identifies shortcuts and accessed documents 
  • Email Analysis: Parses MBOX format messages, such as Thunderbird. 
  • EXIF: Extracts geo location and camera information from JPEG files.
  • Media Playback and Thumbnail viewer. 
  • Robust File System Analysis: Support for common file systems, including NTFS, FAT12/FAT16/FAT32/ExFAT, HFS+, ISO9660 (CD-ROM), Ext2/Ext3/Ext4, Yaffs2, 
  • Unicode Strings Extraction: Extracts strings from unallocated space and unknown file types in many languages 
  • File Type Detection based on signatures and extension mismatch detection. 
  • Interesting Files Module will flag files and folders based on name and path. 
  • Android Support: Extracts data from SMS, call logs, contacts, Tango, Words with Friends, and more.

How to install Autopsy?

Autopsy Comes preinstalled in Kali Linux. Although, it is highly recommended that one use the autopsy in windows for a better GUI experience.

Official Website – https://www.autopsy.com/download/

You can download the autopsy for any architecture of Windows 64-bit or 32-bit. Also, there is a .deb package that you can use to install in Linux.

Download it for windows and install it like any other program with the installer.

Autopsy Demo

In this section, we are going to see a small demo on how to add the image source file and create a case in autopsy for further investigation.

For this demo, we are going to use a free memory sample.

You can find all the free memory samples here to test any of the digital forensics tools.

Autopsy Main Screen | Cybervie

This is how the autopsy screen will look like after running the program. Now we have to create a new case here.

New case autopsy | Cybervie

After clicking new case, fill in the required information like a case number and base directory and all the necessary information.

Add source autopsy | cybervie

Now, after filing the information we will be present at this screen where we have to select add source and then select the host. Use Generate new host to generate new host for new cases.

Data source type Autopsy | Cybervie

Now we have to select the type of source we are adding. In this demo, I am adding a Disk image file so I will select first. Then click next.

Select DATA Source| Cybervie

Here we have to select the location of the image file which we have to analyze. Then click next.

Configure Ingest | Cybervie

In this panel, we have to select the ingest or modules or the things we have to extract from the image files. and click next.

Note

Never select all the ingest when analyzing a big file because it may take a lot of time to Ingest.

Now it will analyze the ingest and give you the result.

So, this is how the results look like and here we can analyze all the things we need.

Like this how we can analyze the deleted files from the disk this process is known as File Carving and we can do it that easily on the autopsy.

This is the list of things we can extract and analyze from a disk image file.

So, This is it for this demo you can try downloading different images and try it yourself on the autopsy.

Extras

Memory Samples for testing – http://dftt.sourceforge.net/

File Carving blog – https://cybervie.com/blog/file-carving-in-digital-forensics-best-tools-for-it/

Autopsy official Documentation – http://sleuthkit.org/autopsy/docs/user-docs/4.19.1/

Share the Post...
WhatsApp

About Cybervie

Cybervie provides best cyber security training program in hyderabad, India.This cyber security course enables you to detect vulnerablities of a system, wardoff attacks and manage emergency situations. Taking a proactive approach to security that can help organisations to protect their data, Cybervie has designed its training module based on the cyber security industry requirements with three levels of training in both offensive and defensive manner, and use real time scenarios which can help our students to understand the market up-to its standard certification which is an add on advantage for our students to stand out of competition in an cyber security interview.

More Info – Click Here

Recent Posts

Follow Us on Youtube

CSEP : Certified Security Engineer Professional

Certified Security Engineer Professional (CSEP) certification is a comprehensive program designed for individuals aspiring to become cybersecurity engineers. It equips candidates with hands-on knowledge across various in-demand cybersecurity domains, ensuring they are well-prepared for current and future industry needs.

Organizations today seek candidates with a diverse set of skills beyond just one tool or area of expertise. The CSEP certification addresses this need by providing essential hands-on experience, making you proficient in multiple cybersecurity domains.

The program includes live classes featuring practical exercises, followed by a real-time project that offers valuable industrial knowledge.

Domains covered in the CSEP certification:

  • Cybersecurity Essentials
  • Penetration Testing
  • Application Security
  • Security Operations
  • AI in Cybersecurity
  • Multi-Cloud Security
  • Threat Intelligence

 

This certification is ideal for those looking to secure a role as a cybersecurity engineer and want to gain a competitive edge in the cybersecurity field.

For Further kindly feel free to fill out the profile form  for relevant information on our counselor will get in touch with you

Sign up for our Newsletter

Interested in Cyber Security Training Program 2024 – Click Here
Open chat
1
Hello 👋
How can we help you?