SlideShare a Scribd company logo

Autopsy Digital forensics tool

Download as PPTX, PDF
S
Sreekanth Narendran

The document introduces Autopsy, an open source digital forensics platform. It provides an overview of Autopsy's features which allow users to efficiently analyze hard drives and smartphones through a graphical interface. Key capabilities include timeline analysis, keyword searching, web and file system artifact extraction, and support for common file systems. The document includes screenshots and references for additional information on Autopsy's functions and use in digital investigations.

Technology
1 of 17
AutopsySreekanth N
Agenda • Introduction • Features • Screenshots • Demo • Results • Conclusion • References
Introduction • Digital Forensics • Autopsy • Digital forensics is the scientific examination and analysis of data held on, or retrieved from, computer storage media in such a way that the information can be used as evidence in a court of law.
Introduction • Digital Forensics • Autopsy • Digital forensics activities commonly include: • the secure collection of computer data • the identification of suspect data • the examination of suspect data to determine details such as origin and content • the presentation of computer-based information to courts of law • the application of a country's laws to computer practice.
Introduction • Digital Forensics • Autopsy • Autopsy is an easy to use, GUI-based program that allows you to efficiently analyze hard drives and smart phones. It has a plug-in architecture that allows you to find add-on modules or develop custom modules in Java or Python. • It can analyze Windows and UNIX disks and file systems (NTFS, FAT, UFS1/2, Ext2/3, etc.).
Features • Multi-User Cases: Collaborate with fellow examiners on large cases. • Timeline Analysis: Displays system events in a graphical interface to help identify activity. • Keyword Search: Text extraction and index searched modules enable you to find files that mention specific terms and find regular expression patterns. • Web Artifacts: Extracts web activity from common browsers to help identify user activity. • Registry Analysis: Uses RegRipper to identify recently accessed documents and USB devices. • LNK File Analysis: Identifies short cuts and accessed documents • Email Analysis: Parses MBOX format messages, such as Thunderbird. • EXIF: Extracts geo location and camera information from JPEG files.
Features • Media Playback and Thumbnail viewer. • Robust File System Analysis: Support for common file systems, including NTFS, FAT12/FAT16/FAT32/ExFAT, HFS+, ISO9660 (CD-ROM), Ext2/Ext3/Ext4, Yaffs2, • Unicode Strings Extraction: Extracts strings from unallocated space and unknown file types in many languages • File Type Detection based on signatures and extension mismatch detection. • Interesting Files Module will flag files and folders based on name and path. • Android Support: Extracts data from SMS, call logs, contacts, Tango, Words with Friends, and more.
Screenshots
Results
References • https://www.sleuthkit.org/autopsy/ • https://www.autopsy.com/ • https://en.wikipedia.org/wiki/Autopsy_(software) • https://resources.infosecinstitute.com/category/computerforensics/i ntroduction/free-open-source-tools/autopsy-forensics-platform- overview/#gref
Autopsy Digital forensics tool

Recommended

Operating System Forensics
Operating System ForensicsOperating System Forensics
Operating System Forensics
ArunJS5
 
computer forensic tools-Hardware & Software tools
computer forensic tools-Hardware & Software toolscomputer forensic tools-Hardware & Software tools
computer forensic tools-Hardware & Software tools
N.Jagadish Kumar
 
CNIT 121: 8 Forensic Duplication
CNIT 121: 8 Forensic DuplicationCNIT 121: 8 Forensic Duplication
CNIT 121: 8 Forensic Duplication
Sam Bowne
 
Mobile Forensics
Mobile ForensicsMobile Forensics
Mobile Forensics
primeteacher32
 
mobile forensic.pptx
mobile forensic.pptxmobile forensic.pptx
mobile forensic.pptx
Ambuj Kumar
 
Memory forensics.pptx
Memory forensics.pptxMemory forensics.pptx
Memory forensics.pptx
9905234521
 
Analysis of digital evidence
Analysis of digital evidenceAnalysis of digital evidence
Analysis of digital evidence
rakesh mishra
 
Encase Forensic
Encase ForensicEncase Forensic
Encase Forensic
Megha Sahu
 

Recommended

Operating System Forensics
Operating System ForensicsOperating System Forensics
Operating System Forensics
ArunJS5
 
computer forensic tools-Hardware & Software tools
computer forensic tools-Hardware & Software toolscomputer forensic tools-Hardware & Software tools
computer forensic tools-Hardware & Software tools
N.Jagadish Kumar
 
CNIT 121: 8 Forensic Duplication
CNIT 121: 8 Forensic DuplicationCNIT 121: 8 Forensic Duplication
CNIT 121: 8 Forensic Duplication
Sam Bowne
 
Mobile Forensics
Mobile ForensicsMobile Forensics
Mobile Forensics
primeteacher32
 
mobile forensic.pptx
mobile forensic.pptxmobile forensic.pptx
mobile forensic.pptx
Ambuj Kumar
 
Memory forensics.pptx
Memory forensics.pptxMemory forensics.pptx
Memory forensics.pptx
9905234521
 
Analysis of digital evidence
Analysis of digital evidenceAnalysis of digital evidence
Analysis of digital evidence
rakesh mishra
 
Encase Forensic
Encase ForensicEncase Forensic
Encase Forensic
Megha Sahu
 
Network Forensics
Network ForensicsNetwork Forensics
Network Forensics
primeteacher32
 
Digital forensic tools
Digital forensic toolsDigital forensic tools
Digital forensic tools
Parsons Corporation
 
First Responder Officer in Cyber Crime
First Responder Officer in Cyber CrimeFirst Responder Officer in Cyber Crime
First Responder Officer in Cyber Crime
Applied Forensic Research Sciences
 
E-mail Investigation
E-mail InvestigationE-mail Investigation
E-mail Investigation
edwardbel
 
CS6004 Cyber Forensics
CS6004 Cyber ForensicsCS6004 Cyber Forensics
CS6004 Cyber Forensics
Kathirvel Ayyaswamy
 
Introduction to filesystems and computer forensics
Introduction to filesystems and computer forensicsIntroduction to filesystems and computer forensics
Introduction to filesystems and computer forensics
Mayank Chaudhari
 
Digital forensics
Digital forensicsDigital forensics
Digital forensics
yash sawarkar
 
Anti forensic
Anti forensicAnti forensic
Anti forensic
Milap Oza
 
CS6004 Cyber Forensics
CS6004 Cyber ForensicsCS6004 Cyber Forensics
CS6004 Cyber Forensics
Kathirvel Ayyaswamy
 
A brief Intro to Digital Forensics
A brief Intro to Digital ForensicsA brief Intro to Digital Forensics
A brief Intro to Digital Forensics
Manik Bhola
 
Mobile Forensics
Mobile Forensics Mobile Forensics
Mobile Forensics
abdullah roomi
 
cyber security and forensic tools
cyber security and forensic toolscyber security and forensic tools
cyber security and forensic tools
Sonu Sunaliya
 
Digital forensics
Digital forensics Digital forensics
Digital forensics
vishnuv43
 
Digital Forensics
Digital ForensicsDigital Forensics
Digital Forensics
Nicholas Davis
 
Computer forensics toolkit
Computer forensics toolkitComputer forensics toolkit
Computer forensics toolkit
Milap Oza
 
Computer forensics ppt
Computer forensics pptComputer forensics ppt
Computer forensics ppt
Nikhil Mashruwala
 
Mobile forensic
Mobile forensicMobile forensic
Mobile forensic
DINESH KAMBLE
 
Introduction to computer forensic
Introduction to computer forensicIntroduction to computer forensic
Introduction to computer forensic
Online
 
Digital Forensic
Digital ForensicDigital Forensic
Digital Forensic
Cleverence Kombe
 
Windows Memory Forensic Analysis using EnCase
Windows Memory Forensic Analysis using EnCaseWindows Memory Forensic Analysis using EnCase
Windows Memory Forensic Analysis using EnCase
Takahiro Haruyama
 
Computer Forensic Tools.pptx
Computer Forensic Tools.pptxComputer Forensic Tools.pptx
Computer Forensic Tools.pptx
KomalNagre4
 
CNIT 121: 14 Investigating Applications
CNIT 121: 14 Investigating ApplicationsCNIT 121: 14 Investigating Applications
CNIT 121: 14 Investigating Applications
Sam Bowne
 

More Related Content

What's hot

Anti forensic
Anti forensicAnti forensic
Anti forensic
Milap Oza
 
cyber security and forensic tools
cyber security and forensic toolscyber security and forensic tools
cyber security and forensic tools
Sonu Sunaliya
 
Computer forensics toolkit
Computer forensics toolkitComputer forensics toolkit
Computer forensics toolkit
Milap Oza
 
Windows Memory Forensic Analysis using EnCase
Windows Memory Forensic Analysis using EnCaseWindows Memory Forensic Analysis using EnCase
Windows Memory Forensic Analysis using EnCase
Takahiro Haruyama
 

What's hot (20)

Network Forensics
Network ForensicsNetwork Forensics
Network Forensics
 
Digital forensic tools
Digital forensic toolsDigital forensic tools
Digital forensic tools
 
First Responder Officer in Cyber Crime
First Responder Officer in Cyber CrimeFirst Responder Officer in Cyber Crime
First Responder Officer in Cyber Crime
 
E-mail Investigation
E-mail InvestigationE-mail Investigation
E-mail Investigation
 
CS6004 Cyber Forensics
CS6004 Cyber ForensicsCS6004 Cyber Forensics
CS6004 Cyber Forensics
 
Introduction to filesystems and computer forensics
Introduction to filesystems and computer forensicsIntroduction to filesystems and computer forensics
Introduction to filesystems and computer forensics
 
Digital forensics
Digital forensicsDigital forensics
Digital forensics
 
Anti forensic
Anti forensicAnti forensic
Anti forensic
 
CS6004 Cyber Forensics
CS6004 Cyber ForensicsCS6004 Cyber Forensics
CS6004 Cyber Forensics
 
A brief Intro to Digital Forensics
A brief Intro to Digital ForensicsA brief Intro to Digital Forensics
A brief Intro to Digital Forensics
 
Mobile Forensics
Mobile Forensics Mobile Forensics
Mobile Forensics
 
cyber security and forensic tools
cyber security and forensic toolscyber security and forensic tools
cyber security and forensic tools
 
Digital forensics
Digital forensics Digital forensics
Digital forensics
 
Digital Forensics
Digital ForensicsDigital Forensics
Digital Forensics
 
Computer forensics toolkit
Computer forensics toolkitComputer forensics toolkit
Computer forensics toolkit
 
Computer forensics ppt
Computer forensics pptComputer forensics ppt
Computer forensics ppt
 
Mobile forensic
Mobile forensicMobile forensic
Mobile forensic
 
Introduction to computer forensic
Introduction to computer forensicIntroduction to computer forensic
Introduction to computer forensic
 
Digital Forensic
Digital ForensicDigital Forensic
Digital Forensic
 
Windows Memory Forensic Analysis using EnCase
Windows Memory Forensic Analysis using EnCaseWindows Memory Forensic Analysis using EnCase
Windows Memory Forensic Analysis using EnCase
 

Similar to Autopsy Digital forensics tool

Computer Forensics – What Every Lawyer Needs to Know
Computer Forensics – What Every Lawyer Needs to KnowComputer Forensics – What Every Lawyer Needs to Know
Computer Forensics – What Every Lawyer Needs to Know
Winston & Strawn LLP
 
Methods and Instruments for the new Digital Forensics Environments
Methods and Instruments for the new Digital Forensics EnvironmentsMethods and Instruments for the new Digital Forensics Environments
Methods and Instruments for the new Digital Forensics Environments
piccimario
 
AntiForensics - Leveraging OS and File System Artifacts.pdf
AntiForensics - Leveraging OS and File System Artifacts.pdfAntiForensics - Leveraging OS and File System Artifacts.pdf
AntiForensics - Leveraging OS and File System Artifacts.pdf
ekobelasting
 

Similar to Autopsy Digital forensics tool (20)

Computer Forensic Tools.pptx
Computer Forensic Tools.pptxComputer Forensic Tools.pptx
Computer Forensic Tools.pptx
 
CNIT 121: 14 Investigating Applications
CNIT 121: 14 Investigating ApplicationsCNIT 121: 14 Investigating Applications
CNIT 121: 14 Investigating Applications
 
Computer forensics libin
Computer forensics libinComputer forensics libin
Computer forensics libin
 
Digital Forensics in the Archive
Digital Forensics in the ArchiveDigital Forensics in the Archive
Digital Forensics in the Archive
 
Watching the Detectives: Using digital forensics techniques to investigate th...
Watching the Detectives: Using digital forensics techniques to investigate th...Watching the Detectives: Using digital forensics techniques to investigate th...
Watching the Detectives: Using digital forensics techniques to investigate th...
 
Dracos forensic flavor
Dracos forensic flavorDracos forensic flavor
Dracos forensic flavor
 
DracOs Forensic Flavor
DracOs Forensic FlavorDracOs Forensic Flavor
DracOs Forensic Flavor
 
Computer Forensics – What Every Lawyer Needs to Know
Computer Forensics – What Every Lawyer Needs to KnowComputer Forensics – What Every Lawyer Needs to Know
Computer Forensics – What Every Lawyer Needs to Know
 
Memory Forensics
Memory ForensicsMemory Forensics
Memory Forensics
 
Methods and Instruments for the new Digital Forensics Environments
Methods and Instruments for the new Digital Forensics EnvironmentsMethods and Instruments for the new Digital Forensics Environments
Methods and Instruments for the new Digital Forensics Environments
 
OSDF 2013 - Autopsy 3: Extensible Desktop Forensics by Brian Carrier
OSDF 2013 - Autopsy 3: Extensible Desktop Forensics by Brian CarrierOSDF 2013 - Autopsy 3: Extensible Desktop Forensics by Brian Carrier
OSDF 2013 - Autopsy 3: Extensible Desktop Forensics by Brian Carrier
 
Super Easy Memory Forensics
Super Easy Memory ForensicsSuper Easy Memory Forensics
Super Easy Memory Forensics
 
Digital forensics
Digital forensicsDigital forensics
Digital forensics
 
Best Cyberforensic Tools.pdf
Best Cyberforensic Tools.pdfBest Cyberforensic Tools.pdf
Best Cyberforensic Tools.pdf
 
AntiForensics - Leveraging OS and File System Artifacts.pdf
AntiForensics - Leveraging OS and File System Artifacts.pdfAntiForensics - Leveraging OS and File System Artifacts.pdf
AntiForensics - Leveraging OS and File System Artifacts.pdf
 
SCA Accessioning Born-Digital Materials Workshop, Nov. 8, 2012
SCA Accessioning Born-Digital Materials Workshop, Nov. 8, 2012SCA Accessioning Born-Digital Materials Workshop, Nov. 8, 2012
SCA Accessioning Born-Digital Materials Workshop, Nov. 8, 2012
 
Accessioning Born-Digital Materials
Accessioning Born-Digital MaterialsAccessioning Born-Digital Materials
Accessioning Born-Digital Materials
 
Why cant all_data_be_the_same
Why cant all_data_be_the_sameWhy cant all_data_be_the_same
Why cant all_data_be_the_same
 
Examining computer and evidence collection
Examining computer and evidence collectionExamining computer and evidence collection
Examining computer and evidence collection
 
Memory Forensic: Investigating Memory Artefact
Memory Forensic: Investigating Memory ArtefactMemory Forensic: Investigating Memory Artefact
Memory Forensic: Investigating Memory Artefact
 

More from Sreekanth Narendran

More from Sreekanth Narendran (20)

Information Systems Control and Audit - Chapter 4 - Systems Development Manag...
Information Systems Control and Audit - Chapter 4 - Systems Development Manag...Information Systems Control and Audit - Chapter 4 - Systems Development Manag...
Information Systems Control and Audit - Chapter 4 - Systems Development Manag...
 
Information Systems Control and Audit - Chapter 3 - Top Management Controls -...
Information Systems Control and Audit - Chapter 3 - Top Management Controls -...Information Systems Control and Audit - Chapter 3 - Top Management Controls -...
Information Systems Control and Audit - Chapter 3 - Top Management Controls -...
 
Information Systems Audit - Ron Weber chapter 1
Information Systems Audit - Ron Weber chapter 1Information Systems Audit - Ron Weber chapter 1
Information Systems Audit - Ron Weber chapter 1
 
Quantum cryptography
Quantum cryptographyQuantum cryptography
Quantum cryptography
 
Nmap
NmapNmap
Nmap
 
Transactional vs transformational leadership
Transactional vs transformational leadershipTransactional vs transformational leadership
Transactional vs transformational leadership
 
ECGC, Exim Bank, RBI, FEDAI, FEMA and SWIFT.
ECGC, Exim Bank, RBI, FEDAI, FEMA and SWIFT.ECGC, Exim Bank, RBI, FEDAI, FEMA and SWIFT.
ECGC, Exim Bank, RBI, FEDAI, FEMA and SWIFT.
 
Web services for banks
Web services for banksWeb services for banks
Web services for banks
 
Virus vs worms vs trojans
Virus vs worms vs trojansVirus vs worms vs trojans
Virus vs worms vs trojans
 
Business process reengineering
Business process reengineeringBusiness process reengineering
Business process reengineering
 
Hash cat
Hash catHash cat
Hash cat
 
Phishing
PhishingPhishing
Phishing
 
International banking
International bankingInternational banking
International banking
 
Master Data Management
Master Data ManagementMaster Data Management
Master Data Management
 
Maltego Information Gathering
Maltego Information Gathering Maltego Information Gathering
Maltego Information Gathering
 
Leadership traits
Leadership traitsLeadership traits
Leadership traits
 
Network Miner Network forensics
Network Miner Network forensicsNetwork Miner Network forensics
Network Miner Network forensics
 
Organizational development
Organizational developmentOrganizational development
Organizational development
 
Conducting an Information Systems Audit
Conducting an Information Systems Audit Conducting an Information Systems Audit
Conducting an Information Systems Audit
 
Indigo Case study
Indigo Case study Indigo Case study
Indigo Case study
 

Recently uploaded

Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Jeffrey Haguewood
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Drew Madelung
 

Recently uploaded (20)

Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
A Beginners Guide to Building a RAG App Using Open Source Milvus
A Beginners Guide to Building a RAG App Using Open Source MilvusA Beginners Guide to Building a RAG App Using Open Source Milvus
A Beginners Guide to Building a RAG App Using Open Source Milvus
 

Autopsy Digital forensics tool

  • 2. Agenda • Introduction • Features • Screenshots • Demo • Results • Conclusion • References
  • 3. Introduction • Digital Forensics • Autopsy • Digital forensics is the scientific examination and analysis of data held on, or retrieved from, computer storage media in such a way that the information can be used as evidence in a court of law.
  • 4. Introduction • Digital Forensics • Autopsy • Digital forensics activities commonly include: • the secure collection of computer data • the identification of suspect data • the examination of suspect data to determine details such as origin and content • the presentation of computer-based information to courts of law • the application of a country's laws to computer practice.
  • 5. Introduction • Digital Forensics • Autopsy • Autopsy is an easy to use, GUI-based program that allows you to efficiently analyze hard drives and smart phones. It has a plug-in architecture that allows you to find add-on modules or develop custom modules in Java or Python. • It can analyze Windows and UNIX disks and file systems (NTFS, FAT, UFS1/2, Ext2/3, etc.).
  • 6. Features • Multi-User Cases: Collaborate with fellow examiners on large cases. • Timeline Analysis: Displays system events in a graphical interface to help identify activity. • Keyword Search: Text extraction and index searched modules enable you to find files that mention specific terms and find regular expression patterns. • Web Artifacts: Extracts web activity from common browsers to help identify user activity. • Registry Analysis: Uses RegRipper to identify recently accessed documents and USB devices. • LNK File Analysis: Identifies short cuts and accessed documents • Email Analysis: Parses MBOX format messages, such as Thunderbird. • EXIF: Extracts geo location and camera information from JPEG files.
  • 7. Features • Media Playback and Thumbnail viewer. • Robust File System Analysis: Support for common file systems, including NTFS, FAT12/FAT16/FAT32/ExFAT, HFS+, ISO9660 (CD-ROM), Ext2/Ext3/Ext4, Yaffs2, • Unicode Strings Extraction: Extracts strings from unallocated space and unknown file types in many languages • File Type Detection based on signatures and extension mismatch detection. • Interesting Files Module will flag files and folders based on name and path. • Android Support: Extracts data from SMS, call logs, contacts, Tango, Words with Friends, and more.
  • 9.
  • 10.
  • 11.
  • 12.
  • 13.
  • 15.
  • 16. References • https://www.sleuthkit.org/autopsy/ • https://www.autopsy.com/ • https://en.wikipedia.org/wiki/Autopsy_(software) • https://resources.infosecinstitute.com/category/computerforensics/i ntroduction/free-open-source-tools/autopsy-forensics-platform- overview/#gref