SlideShare uma empresa Scribd logo

Digital Forensics Software Autopsy 3.0 Extensible Open Source

Transferir como PPTX, PDF
J
Jason Letourneau

This document provides an overview of Autopsy 3.0 digital forensics software from Basis Technology. It discusses Autopsy's extensible framework that allows new modules to be added, its easy-to-use graphical interface, and how it provides fast results through automated ingest modules. The document demonstrates Autopsy's main features including ingest modules for hashing, keyword search, and web browser analysis, as well as content viewer modules and an external timeline viewer. It promotes upcoming training and a module writing competition, and encourages users and developers to get involved with the open source project.

Tecnologia
1 de 41
© 2013, Basis Technology 1 Autopsy 3.0 Extensible Desktop Digital Forensics It’s not your father’s open source software Brian Carrier VP of Digital Forensics Basis Technology
© 2013, Basis Technology 2 • Software and services technology company • Roughly 80 people • Offices in Cambridge, DC, Tokyo, and London • Two technology areas: – Text Analytics – Digital Forensics Quick Intro To Basis Technology
© 2013, Basis Technology 3 • Conduct investigations • Research and development • Custom software development • Open Source Software – Autopsy module development – Commercial support – Training Digital Forensics at Basis
© 2013, Basis Technology 4 • What comes to your mind first? Open Source Software
© 2013, Basis Technology 5 • What comes to your mind first? • Autopsy 3 is different Open Source Software
© 2013, Basis Technology 6 • Open source software that allows you to forensically analyze disk images and local drives Context: What Is The Sleuth Kit?
© 2013, Basis Technology 7 • Original method for using TSK • Over 25 different tools (!) • mmls example: # mmls tsk1.img Slot Start End Length Description 00: ----- 0000000 0000000 0000001 Primary Table 01: ----- 0000001 0000062 0000062 Unallocated 02: 00:00 0000063 0032129 0032067 NTFS (0x07) 03: 00:01 0032130 0064259 0032130 DOS FAT16 (0x06) TSK Command Line Tools
© 2013, Basis Technology 8 • Software libraries allow functionality to be embedded in a bigger program. • Many commercial, open source, and govn’t systems use TSK as a library. • Looks like: tsk_img_open(1, “C:imgsimage1.E01”, TSK_IMG_TYPE_DETECT, 512); TSK Library Interface
© 2013, Basis Technology 9 TSK Framework Talk to me after if you are building a system that needs this.
© 2013, Basis Technology 10 • Powerful volume and file system analysis tools. • Extensible framework. • Not user friendly for the 99%. TSK Take Away
© 2013, Basis Technology 11 • Graphical digital forensics interface. • Brief History: – 2001: First Open Source Release • Interface to The Sleuth Kit • Linux and OS X only – 2010: Started v3 from scratch as a platform • Based on OSDFCon discussions • Windows-based & automated • Some US Army funding (with 42Six Solutions) • 3.0.0 released in September, 2012. Autopsy
© 2013, Basis Technology 12 • Extensible – Several frameworks and plug-in modules • Easy to use – Simple UI concepts – More details during the demo • Fast results – Provided as soon as they are found • Cost Effective – Free Autopsy 3 Key Points
© 2013, Basis Technology 13 Autopsy 3 Main Screen
© 2013, Basis Technology 14 Autopsy Ingest Modules MD5/SHA1 Hash Calculation Hash Lookup Add Text to Keyword Index ... Web Browser Analysis E01 File MBOX Thunderbird EXIF Extraction Registry Analysis Run automatically as media is added to Case. • Remembers what you ran last time. • Anyone can write new modules. • Can tweak knobs based on investigation type and available time.
© 2013, Basis Technology 15 • Hash Lookup: – NSRL, EnCase, Hashkeeper support • Keyword Search: – Lucene SOLR index – Extract text (better for HTML and PDF) – Import / export lists – Regular expressions – Can support more advanced text analytics Standard Ingest Modules
© 2013, Basis Technology 16 • Recent Activity Module: – Browser artifacts: • History, cookies, downloads, bookmarks • Firefox, Chrome, Safari, IE – Recent user documents – Recent devices – Runs regripper behind the scenes • EXIF from JPEGs • MBOX email • ZIP Archive Standard Ingest Modules
© 2013, Basis Technology 17 • More file formats / P2P logs • Anti-virus / Malware • Volume shadow / file system journals • Cryptography and steganography detection • Text analytics (language detection) • Object identification in pictures • Skin tone detection Future Ingest Module Ideas
© 2013, Basis Technology 18 • Display a file in a given way. • Text: Hex and Strings • Media: Pictures and video Content Viewer Modules
© 2013, Basis Technology 19 Content Viewer: Video Triage
© 2013, Basis Technology 20 • Not part of open source package • Name finder and translator – Uses Basis Technology text analytics Content Viewer: Text Gisting
© 2013, Basis Technology 21 External Viewer Module: Timeline
© 2013, Basis Technology 22 Demo
© 2013, Basis Technology 23 • Easy to install and use – Less training and confusion. • Extensible and open – Can be adapted to your needs – Updated by community • Low cost • No cost Takeaway
© 2013, Basis Technology 24 • 4th Annual Open Source Forensics Conference – Free for government employees! – http://www.osdfcon.org/ – Nov 4 and 5 in Northern VA. Open Source Conference
© 2013, Basis Technology 25 • Cash prizes for best new module. – $1500 for first prize • Voting by attendees at OSDFCon. • Any module type is eligible. • See issue tracker for ideas. • Submission details: http://www.basistech.com/about- us/events/open-source-forensics- conference/contest/ Module Writing Competition
© 2013, Basis Technology 26 • 2 Day Autopsy training courses: – November 6 & 7 in DC (after OSDFCon) • ½ Day Developer Training at OSDFCon Autopsy Training
© 2013, Basis Technology 27 • Users: – Use it and spread the word – Provide feedback on features – Help with documentation and support • Developers: Write modules instead of stand- alone apps. Contact us with feature changes. • We’re looking for law enforcement users. What You Can Do
© 2013, Basis Technology 28 • Download from: – http://www.sleuthkit.org/autopsy/ • Questions: brianc@basistech.com • We’re hiring engineers…. • We have stickers Conclusion
© 2013, Basis Technology 29 Demo Highlights (In Case Demo Fails)
© 2013, Basis Technology 30 Easy To Use
© 2013, Basis Technology 31 Splash Screen • User is always guided to next step in process
© 2013, Basis Technology 32 Add Image Wizard • Detects image format • Detects volume and file systems
© 2013, Basis Technology 33 Ingest Manager in Wizard • Uses previous settings for modules.
© 2013, Basis Technology 34 Intuitive Interface • All results on left, history buttons, keyword search box
© 2013, Basis Technology 35 Single Place for All Results
© 2013, Basis Technology 36 View By File Type
© 2013, Basis Technology 37 View Final Days of Activity
© 2013, Basis Technology 38 • View directories of keyword and hash hits • Tag and bookmark files • Extract files or launch external viewers Right Click Actions
© 2013, Basis Technology 39 Ingest Inbox • Shows users what has been found in background tasks
© 2013, Basis Technology 40 HTML Report • Report modules can be customized
© 2013, Basis Technology 41 Contact Info Brian Carrier Basis Technology brianc@basistech.com

Recomendados

OSDF 2013 - Autopsy 3: Extensible Desktop Forensics by Brian Carrier
OSDF 2013 - Autopsy 3: Extensible Desktop Forensics by Brian CarrierOSDF 2013 - Autopsy 3: Extensible Desktop Forensics by Brian Carrier
OSDF 2013 - Autopsy 3: Extensible Desktop Forensics by Brian CarrierBasis Technology
 
CNIT 126: Ch 2 & 3
CNIT 126: Ch 2 & 3CNIT 126: Ch 2 & 3
CNIT 126: Ch 2 & 3Sam Bowne
 
CNIT 50: 1. Network Security Monitoring Rationale
CNIT 50: 1. Network Security Monitoring RationaleCNIT 50: 1. Network Security Monitoring Rationale
CNIT 50: 1. Network Security Monitoring RationaleSam Bowne
 
CNIT 125 6. Identity and Access Management
CNIT 125 6. Identity and Access ManagementCNIT 125 6. Identity and Access Management
CNIT 125 6. Identity and Access ManagementSam Bowne
 
CNIT 128 3. Attacking iOS Applications (Part 2)
CNIT 128 3. Attacking iOS Applications (Part 2)CNIT 128 3. Attacking iOS Applications (Part 2)
CNIT 128 3. Attacking iOS Applications (Part 2)Sam Bowne
 
CNIT 123 Ch 8: OS Vulnerabilities
CNIT 123 Ch 8: OS VulnerabilitiesCNIT 123 Ch 8: OS Vulnerabilities
CNIT 123 Ch 8: OS VulnerabilitiesSam Bowne
 
Bit Torrent Technology
Bit Torrent TechnologyBit Torrent Technology
Bit Torrent Technologyguestc67adeb
 
BitTorrent - sharing files has never been easier
BitTorrent - sharing files has never been easierBitTorrent - sharing files has never been easier
BitTorrent - sharing files has never been easierMohd253
 

Recomendados

OSDF 2013 - Autopsy 3: Extensible Desktop Forensics by Brian Carrier
OSDF 2013 - Autopsy 3: Extensible Desktop Forensics by Brian CarrierOSDF 2013 - Autopsy 3: Extensible Desktop Forensics by Brian Carrier
OSDF 2013 - Autopsy 3: Extensible Desktop Forensics by Brian CarrierBasis Technology
 
CNIT 126: Ch 2 & 3
CNIT 126: Ch 2 & 3CNIT 126: Ch 2 & 3
CNIT 126: Ch 2 & 3Sam Bowne
 
CNIT 50: 1. Network Security Monitoring Rationale
CNIT 50: 1. Network Security Monitoring RationaleCNIT 50: 1. Network Security Monitoring Rationale
CNIT 50: 1. Network Security Monitoring RationaleSam Bowne
 
CNIT 125 6. Identity and Access Management
CNIT 125 6. Identity and Access ManagementCNIT 125 6. Identity and Access Management
CNIT 125 6. Identity and Access ManagementSam Bowne
 
CNIT 128 3. Attacking iOS Applications (Part 2)
CNIT 128 3. Attacking iOS Applications (Part 2)CNIT 128 3. Attacking iOS Applications (Part 2)
CNIT 128 3. Attacking iOS Applications (Part 2)Sam Bowne
 
CNIT 123 Ch 8: OS Vulnerabilities
CNIT 123 Ch 8: OS VulnerabilitiesCNIT 123 Ch 8: OS Vulnerabilities
CNIT 123 Ch 8: OS VulnerabilitiesSam Bowne
 
Bit Torrent Technology
Bit Torrent TechnologyBit Torrent Technology
Bit Torrent Technologyguestc67adeb
 
BitTorrent - sharing files has never been easier
BitTorrent - sharing files has never been easierBitTorrent - sharing files has never been easier
BitTorrent - sharing files has never been easierMohd253
 
HABS, HAER, and HALS Recording
HABS, HAER, and HALS RecordingHABS, HAER, and HALS Recording
HABS, HAER, and HALS Recordingpreservationcombination
 
Bittorrent Seminar by dhananjay pardeshi
Bittorrent Seminar by dhananjay pardeshiBittorrent Seminar by dhananjay pardeshi
Bittorrent Seminar by dhananjay pardeshidhananjaypardeshi13
 
Uma introdução ao Scrum
Uma introdução ao ScrumUma introdução ao Scrum
Uma introdução ao ScrumEvandro Agnes
 
Guia para la elaboracion de la Ruta de Mejora
Guia para la elaboracion de la Ruta de MejoraGuia para la elaboracion de la Ruta de Mejora
Guia para la elaboracion de la Ruta de MejoraAmerica Magana
 
Curso Scrum - Turma Visie
Curso Scrum - Turma VisieCurso Scrum - Turma Visie
Curso Scrum - Turma VisieRicardo P. Silva
 
Bit torrent Technology ppt
Bit torrent Technology pptBit torrent Technology ppt
Bit torrent Technology pptAkshay K Sajan
 
BitTorrent
BitTorrentBitTorrent
BitTorrentmaheshmohanmu
 
Bit torrent ppt
Bit torrent pptBit torrent ppt
Bit torrent pptSantosh Kumar
 
Open source softrware, group 5 final
Open source softrware, group 5 finalOpen source softrware, group 5 final
Open source softrware, group 5 finalbigrouge
 
Software Analytics - Achievements and Challenges
Software Analytics - Achievements and ChallengesSoftware Analytics - Achievements and Challenges
Software Analytics - Achievements and ChallengesTao Xie
 
Debugging TV Frame 0x19
Debugging TV Frame 0x19Debugging TV Frame 0x19
Debugging TV Frame 0x19Dmitry Vostokov
 
Component Based Model Driven Development of Mission Critical Defense Applicat...
Component Based Model Driven Development of Mission Critical Defense Applicat...Component Based Model Driven Development of Mission Critical Defense Applicat...
Component Based Model Driven Development of Mission Critical Defense Applicat...Remedy IT
 
Lick my Lollipop
Lick my LollipopLick my Lollipop
Lick my LollipopTamara Momčilović
 
Autopsy 3.0 - Open Source Digital Forensics Conference
Autopsy 3.0 - Open Source Digital Forensics ConferenceAutopsy 3.0 - Open Source Digital Forensics Conference
Autopsy 3.0 - Open Source Digital Forensics ConferenceBasis Technology
 
Utilisation de la plateforme virtuelle QEMU/SystemC pour l'IoT
Utilisation de la plateforme virtuelle QEMU/SystemC pour l'IoTUtilisation de la plateforme virtuelle QEMU/SystemC pour l'IoT
Utilisation de la plateforme virtuelle QEMU/SystemC pour l'IoTPôle Systematic Paris-Region
 
Intro to open source - 101 presentation
Intro to open source - 101 presentationIntro to open source - 101 presentation
Intro to open source - 101 presentationJavier Perez
 
Project SOLOS
Project SOLOSProject SOLOS
Project SOLOSSiddharth Shanbhogue
 
Documentation
DocumentationDocumentation
DocumentationRajesh Seendripu
 
Emerging standards and support organizations within engineering simulation
Emerging standards and support organizations within engineering simulation Emerging standards and support organizations within engineering simulation
Emerging standards and support organizations within engineering simulation Modelon
 
Choosing the right Technologies for your next unicorn.
Choosing the right Technologies for your next unicorn.Choosing the right Technologies for your next unicorn.
Choosing the right Technologies for your next unicorn.Gladson DSouza
 
Eca online-seminar-session-1.pptx
Eca online-seminar-session-1.pptxEca online-seminar-session-1.pptx
Eca online-seminar-session-1.pptxGoran Djonovic
 
Application Virtualization, University of New Hampshire
Application Virtualization, University of New HampshireApplication Virtualization, University of New Hampshire
Application Virtualization, University of New HampshireTony Austwick
 

Mais conteúdo relacionado

Destaque

Bittorrent Seminar by dhananjay pardeshi
Bittorrent Seminar by dhananjay pardeshiBittorrent Seminar by dhananjay pardeshi
Bittorrent Seminar by dhananjay pardeshidhananjaypardeshi13
 
Uma introdução ao Scrum
Uma introdução ao ScrumUma introdução ao Scrum
Uma introdução ao ScrumEvandro Agnes
 
Guia para la elaboracion de la Ruta de Mejora
Guia para la elaboracion de la Ruta de MejoraGuia para la elaboracion de la Ruta de Mejora
Guia para la elaboracion de la Ruta de MejoraAmerica Magana
 
Bit torrent Technology ppt
Bit torrent Technology pptBit torrent Technology ppt
Bit torrent Technology pptAkshay K Sajan
 

Destaque (8)

HABS, HAER, and HALS Recording
HABS, HAER, and HALS RecordingHABS, HAER, and HALS Recording
HABS, HAER, and HALS Recording
 
Bittorrent Seminar by dhananjay pardeshi
Bittorrent Seminar by dhananjay pardeshiBittorrent Seminar by dhananjay pardeshi
Bittorrent Seminar by dhananjay pardeshi
 
Uma introdução ao Scrum
Uma introdução ao ScrumUma introdução ao Scrum
Uma introdução ao Scrum
 
Guia para la elaboracion de la Ruta de Mejora
Guia para la elaboracion de la Ruta de MejoraGuia para la elaboracion de la Ruta de Mejora
Guia para la elaboracion de la Ruta de Mejora
 
Curso Scrum - Turma Visie
Curso Scrum - Turma VisieCurso Scrum - Turma Visie
Curso Scrum - Turma Visie
 
Bit torrent Technology ppt
Bit torrent Technology pptBit torrent Technology ppt
Bit torrent Technology ppt
 
BitTorrent
BitTorrentBitTorrent
BitTorrent
 
Bit torrent ppt
Bit torrent pptBit torrent ppt
Bit torrent ppt
 

Semelhante a Digital Forensics Software Autopsy 3.0 Extensible Open Source

Open source softrware, group 5 final
Open source softrware, group 5 finalOpen source softrware, group 5 final
Open source softrware, group 5 finalbigrouge
 
Software Analytics - Achievements and Challenges
Software Analytics - Achievements and ChallengesSoftware Analytics - Achievements and Challenges
Software Analytics - Achievements and ChallengesTao Xie
 
Component Based Model Driven Development of Mission Critical Defense Applicat...
Component Based Model Driven Development of Mission Critical Defense Applicat...Component Based Model Driven Development of Mission Critical Defense Applicat...
Component Based Model Driven Development of Mission Critical Defense Applicat...Remedy IT
 
Autopsy 3.0 - Open Source Digital Forensics Conference
Autopsy 3.0 - Open Source Digital Forensics ConferenceAutopsy 3.0 - Open Source Digital Forensics Conference
Autopsy 3.0 - Open Source Digital Forensics ConferenceBasis Technology
 
Utilisation de la plateforme virtuelle QEMU/SystemC pour l'IoT
Utilisation de la plateforme virtuelle QEMU/SystemC pour l'IoTUtilisation de la plateforme virtuelle QEMU/SystemC pour l'IoT
Utilisation de la plateforme virtuelle QEMU/SystemC pour l'IoTPôle Systematic Paris-Region
 
Intro to open source - 101 presentation
Intro to open source - 101 presentationIntro to open source - 101 presentation
Intro to open source - 101 presentationJavier Perez
 
Emerging standards and support organizations within engineering simulation
Emerging standards and support organizations within engineering simulation Emerging standards and support organizations within engineering simulation
Emerging standards and support organizations within engineering simulation Modelon
 
Choosing the right Technologies for your next unicorn.
Choosing the right Technologies for your next unicorn.Choosing the right Technologies for your next unicorn.
Choosing the right Technologies for your next unicorn.Gladson DSouza
 
Eca online-seminar-session-1.pptx
Eca online-seminar-session-1.pptxEca online-seminar-session-1.pptx
Eca online-seminar-session-1.pptxGoran Djonovic
 
Application Virtualization, University of New Hampshire
Application Virtualization, University of New HampshireApplication Virtualization, University of New Hampshire
Application Virtualization, University of New HampshireTony Austwick
 
Open source caqdas what is in the box and what is missing
Open source caqdas what is in the box and what is missingOpen source caqdas what is in the box and what is missing
Open source caqdas what is in the box and what is missingMerlien Institute
 
Netflix Open Source: Building a Distributed and Automated Open Source Program
Netflix Open Source: Building a Distributed and Automated Open Source ProgramNetflix Open Source: Building a Distributed and Automated Open Source Program
Netflix Open Source: Building a Distributed and Automated Open Source Programaspyker
 
Building a Distributed & Automated Open Source Program at Netflix
Building a Distributed & Automated Open Source Program at NetflixBuilding a Distributed & Automated Open Source Program at Netflix
Building a Distributed & Automated Open Source Program at NetflixAll Things Open
 
Iot development from prototype to production
Iot development from prototype to productionIot development from prototype to production
Iot development from prototype to productionMender.io
 
SFSCON23 - Frank Karlitschek - What the AI revolution means for Open Source, ...
SFSCON23 - Frank Karlitschek - What the AI revolution means for Open Source, ...SFSCON23 - Frank Karlitschek - What the AI revolution means for Open Source, ...
SFSCON23 - Frank Karlitschek - What the AI revolution means for Open Source, ...South Tyrol Free Software Conference
 
Programming languages and techniques for today’s embedded andIoT world
Programming languages and techniques for today’s embedded andIoT worldProgramming languages and techniques for today’s embedded andIoT world
Programming languages and techniques for today’s embedded andIoT worldRogue Wave Software
 

Semelhante a Digital Forensics Software Autopsy 3.0 Extensible Open Source (20)

Open source softrware, group 5 final
Open source softrware, group 5 finalOpen source softrware, group 5 final
Open source softrware, group 5 final
 
Software Analytics - Achievements and Challenges
Software Analytics - Achievements and ChallengesSoftware Analytics - Achievements and Challenges
Software Analytics - Achievements and Challenges
 
Debugging TV Frame 0x19
Debugging TV Frame 0x19Debugging TV Frame 0x19
Debugging TV Frame 0x19
 
Component Based Model Driven Development of Mission Critical Defense Applicat...
Component Based Model Driven Development of Mission Critical Defense Applicat...Component Based Model Driven Development of Mission Critical Defense Applicat...
Component Based Model Driven Development of Mission Critical Defense Applicat...
 
Lick my Lollipop
Lick my LollipopLick my Lollipop
Lick my Lollipop
 
Autopsy 3.0 - Open Source Digital Forensics Conference
Autopsy 3.0 - Open Source Digital Forensics ConferenceAutopsy 3.0 - Open Source Digital Forensics Conference
Autopsy 3.0 - Open Source Digital Forensics Conference
 
Utilisation de la plateforme virtuelle QEMU/SystemC pour l'IoT
Utilisation de la plateforme virtuelle QEMU/SystemC pour l'IoTUtilisation de la plateforme virtuelle QEMU/SystemC pour l'IoT
Utilisation de la plateforme virtuelle QEMU/SystemC pour l'IoT
 
Intro to open source - 101 presentation
Intro to open source - 101 presentationIntro to open source - 101 presentation
Intro to open source - 101 presentation
 
Project SOLOS
Project SOLOSProject SOLOS
Project SOLOS
 
Documentation
DocumentationDocumentation
Documentation
 
Emerging standards and support organizations within engineering simulation
Emerging standards and support organizations within engineering simulation Emerging standards and support organizations within engineering simulation
Emerging standards and support organizations within engineering simulation
 
Choosing the right Technologies for your next unicorn.
Choosing the right Technologies for your next unicorn.Choosing the right Technologies for your next unicorn.
Choosing the right Technologies for your next unicorn.
 
Eca online-seminar-session-1.pptx
Eca online-seminar-session-1.pptxEca online-seminar-session-1.pptx
Eca online-seminar-session-1.pptx
 
Application Virtualization, University of New Hampshire
Application Virtualization, University of New HampshireApplication Virtualization, University of New Hampshire
Application Virtualization, University of New Hampshire
 
Open source caqdas what is in the box and what is missing
Open source caqdas what is in the box and what is missingOpen source caqdas what is in the box and what is missing
Open source caqdas what is in the box and what is missing
 
Netflix Open Source: Building a Distributed and Automated Open Source Program
Netflix Open Source: Building a Distributed and Automated Open Source ProgramNetflix Open Source: Building a Distributed and Automated Open Source Program
Netflix Open Source: Building a Distributed and Automated Open Source Program
 
Building a Distributed & Automated Open Source Program at Netflix
Building a Distributed & Automated Open Source Program at NetflixBuilding a Distributed & Automated Open Source Program at Netflix
Building a Distributed & Automated Open Source Program at Netflix
 
Iot development from prototype to production
Iot development from prototype to productionIot development from prototype to production
Iot development from prototype to production
 
SFSCON23 - Frank Karlitschek - What the AI revolution means for Open Source, ...
SFSCON23 - Frank Karlitschek - What the AI revolution means for Open Source, ...SFSCON23 - Frank Karlitschek - What the AI revolution means for Open Source, ...
SFSCON23 - Frank Karlitschek - What the AI revolution means for Open Source, ...
 
Programming languages and techniques for today’s embedded andIoT world
Programming languages and techniques for today’s embedded andIoT worldProgramming languages and techniques for today’s embedded andIoT world
Programming languages and techniques for today’s embedded andIoT world
 

Último

Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...gurkirankumar98700
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...HostedbyConfluent
 

Último (20)

Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
 

Digital Forensics Software Autopsy 3.0 Extensible Open Source

  • 1. © 2013, Basis Technology 1 Autopsy 3.0 Extensible Desktop Digital Forensics It’s not your father’s open source software Brian Carrier VP of Digital Forensics Basis Technology
  • 2. © 2013, Basis Technology 2 • Software and services technology company • Roughly 80 people • Offices in Cambridge, DC, Tokyo, and London • Two technology areas: – Text Analytics – Digital Forensics Quick Intro To Basis Technology
  • 3. © 2013, Basis Technology 3 • Conduct investigations • Research and development • Custom software development • Open Source Software – Autopsy module development – Commercial support – Training Digital Forensics at Basis
  • 4. © 2013, Basis Technology 4 • What comes to your mind first? Open Source Software
  • 5. © 2013, Basis Technology 5 • What comes to your mind first? • Autopsy 3 is different Open Source Software
  • 6. © 2013, Basis Technology 6 • Open source software that allows you to forensically analyze disk images and local drives Context: What Is The Sleuth Kit?
  • 7. © 2013, Basis Technology 7 • Original method for using TSK • Over 25 different tools (!) • mmls example: # mmls tsk1.img Slot Start End Length Description 00: ----- 0000000 0000000 0000001 Primary Table 01: ----- 0000001 0000062 0000062 Unallocated 02: 00:00 0000063 0032129 0032067 NTFS (0x07) 03: 00:01 0032130 0064259 0032130 DOS FAT16 (0x06) TSK Command Line Tools
  • 8. © 2013, Basis Technology 8 • Software libraries allow functionality to be embedded in a bigger program. • Many commercial, open source, and govn’t systems use TSK as a library. • Looks like: tsk_img_open(1, “C:imgsimage1.E01”, TSK_IMG_TYPE_DETECT, 512); TSK Library Interface
  • 9. © 2013, Basis Technology 9 TSK Framework Talk to me after if you are building a system that needs this.
  • 10. © 2013, Basis Technology 10 • Powerful volume and file system analysis tools. • Extensible framework. • Not user friendly for the 99%. TSK Take Away
  • 11. © 2013, Basis Technology 11 • Graphical digital forensics interface. • Brief History: – 2001: First Open Source Release • Interface to The Sleuth Kit • Linux and OS X only – 2010: Started v3 from scratch as a platform • Based on OSDFCon discussions • Windows-based & automated • Some US Army funding (with 42Six Solutions) • 3.0.0 released in September, 2012. Autopsy
  • 12. © 2013, Basis Technology 12 • Extensible – Several frameworks and plug-in modules • Easy to use – Simple UI concepts – More details during the demo • Fast results – Provided as soon as they are found • Cost Effective – Free Autopsy 3 Key Points
  • 13. © 2013, Basis Technology 13 Autopsy 3 Main Screen
  • 14. © 2013, Basis Technology 14 Autopsy Ingest Modules MD5/SHA1 Hash Calculation Hash Lookup Add Text to Keyword Index ... Web Browser Analysis E01 File MBOX Thunderbird EXIF Extraction Registry Analysis Run automatically as media is added to Case. • Remembers what you ran last time. • Anyone can write new modules. • Can tweak knobs based on investigation type and available time.
  • 15. © 2013, Basis Technology 15 • Hash Lookup: – NSRL, EnCase, Hashkeeper support • Keyword Search: – Lucene SOLR index – Extract text (better for HTML and PDF) – Import / export lists – Regular expressions – Can support more advanced text analytics Standard Ingest Modules
  • 16. © 2013, Basis Technology 16 • Recent Activity Module: – Browser artifacts: • History, cookies, downloads, bookmarks • Firefox, Chrome, Safari, IE – Recent user documents – Recent devices – Runs regripper behind the scenes • EXIF from JPEGs • MBOX email • ZIP Archive Standard Ingest Modules
  • 17. © 2013, Basis Technology 17 • More file formats / P2P logs • Anti-virus / Malware • Volume shadow / file system journals • Cryptography and steganography detection • Text analytics (language detection) • Object identification in pictures • Skin tone detection Future Ingest Module Ideas
  • 18. © 2013, Basis Technology 18 • Display a file in a given way. • Text: Hex and Strings • Media: Pictures and video Content Viewer Modules
  • 19. © 2013, Basis Technology 19 Content Viewer: Video Triage
  • 20. © 2013, Basis Technology 20 • Not part of open source package • Name finder and translator – Uses Basis Technology text analytics Content Viewer: Text Gisting
  • 21. © 2013, Basis Technology 21 External Viewer Module: Timeline
  • 22. © 2013, Basis Technology 22 Demo
  • 23. © 2013, Basis Technology 23 • Easy to install and use – Less training and confusion. • Extensible and open – Can be adapted to your needs – Updated by community • Low cost • No cost Takeaway
  • 24. © 2013, Basis Technology 24 • 4th Annual Open Source Forensics Conference – Free for government employees! – http://www.osdfcon.org/ – Nov 4 and 5 in Northern VA. Open Source Conference
  • 25. © 2013, Basis Technology 25 • Cash prizes for best new module. – $1500 for first prize • Voting by attendees at OSDFCon. • Any module type is eligible. • See issue tracker for ideas. • Submission details: http://www.basistech.com/about- us/events/open-source-forensics- conference/contest/ Module Writing Competition
  • 26. © 2013, Basis Technology 26 • 2 Day Autopsy training courses: – November 6 & 7 in DC (after OSDFCon) • ½ Day Developer Training at OSDFCon Autopsy Training
  • 27. © 2013, Basis Technology 27 • Users: – Use it and spread the word – Provide feedback on features – Help with documentation and support • Developers: Write modules instead of stand- alone apps. Contact us with feature changes. • We’re looking for law enforcement users. What You Can Do
  • 28. © 2013, Basis Technology 28 • Download from: – http://www.sleuthkit.org/autopsy/ • Questions: brianc@basistech.com • We’re hiring engineers…. • We have stickers Conclusion
  • 29. © 2013, Basis Technology 29 Demo Highlights (In Case Demo Fails)
  • 30. © 2013, Basis Technology 30 Easy To Use
  • 31. © 2013, Basis Technology 31 Splash Screen • User is always guided to next step in process
  • 32. © 2013, Basis Technology 32 Add Image Wizard • Detects image format • Detects volume and file systems
  • 33. © 2013, Basis Technology 33 Ingest Manager in Wizard • Uses previous settings for modules.
  • 34. © 2013, Basis Technology 34 Intuitive Interface • All results on left, history buttons, keyword search box
  • 35. © 2013, Basis Technology 35 Single Place for All Results
  • 36. © 2013, Basis Technology 36 View By File Type
  • 37. © 2013, Basis Technology 37 View Final Days of Activity
  • 38. © 2013, Basis Technology 38 • View directories of keyword and hash hits • Tag and bookmark files • Extract files or launch external viewers Right Click Actions
  • 39. © 2013, Basis Technology 39 Ingest Inbox • Shows users what has been found in background tasks
  • 40. © 2013, Basis Technology 40 HTML Report • Report modules can be customized
  • 41. © 2013, Basis Technology 41 Contact Info Brian Carrier Basis Technology brianc@basistech.com