SlideShare uma empresa Scribd logo

Autopsy 3: Free Open Source End-to-End Windows-based Digital Forensics Platform

Transferir como PPTX, PDF
Basis Technology
Basis Technology

Autopsy™ is the premier free and open source end-to-end digital forensics platform built by Basis Technology and the digital forensics open source community. The platform has been in development since OSDF Con 2010, based on intense interest and collaboration from the digital forensics community, which determined the need for an open source end-to-end forensics platform that runs on Windows systems. Autopsy version 3 is a complete rewrite from version 2 and is built to enable the creation of fast, thorough, and efficient hard drive investigation tools that can evolve with digital investigators’ needs. The standard installation includes features that rival commercial closed source offerings, without the associated costs. FEATURES Triage capability and real-time alerting Automated workflow based on The Sleuth Kit™ Windows installation Case management and report generation Recent user activity extraction including: web history, recent documents, bookmarks, downloads, and registry analysis Keyword and pattern search including: phone numbers, email addresses, URLs, and IP addresses Hash lookup Interesting files detection and timeline viewing ...and much more For digital forensics investigators and analysts, there are numerous advantages to using open source software and software built on open source platforms like Autopsy and The Sleuth Kit: • Transparent evidence extraction: Open source platforms allow you to look at the source code and to verify that the software is performing its functions in a forensically sound way. This can prove to be critical when testifying or preparing for litigation. • Easily extensible: Open source platforms grow organically and as the needs of their consituents and users change, so does their functionality. • Active community of users and developers: In addition to commercial support offered by Basis Technology, there is a wealth of information that is available in a community that has evolved over the last 11 years where both users and developers are actively working to improve the software platform. This free knowledge base is an extremely powerful value add to your purchased enterprise support.

Tecnologia
1 de 41
© 2013, Basis Technology 1 Autopsy 3.0 Extensible Desktop Digital Forensics It’s not your father’s open source software Brian Carrier VP of Digital Forensics Basis Technology
© 2013, Basis Technology 2 • Software and services technology company • Roughly 80 people • Offices in Cambridge, DC, Tokyo, and London • Two technology areas: – Text Analytics – Digital Forensics Quick Intro To Basis Technology
© 2013, Basis Technology 3 • Conduct investigations • Research and development • Custom software development • Open Source Software – Autopsy module development – Commercial support – Training Digital Forensics at Basis
© 2013, Basis Technology 4 • What comes to your mind first? Open Source Software
© 2013, Basis Technology 5 • What comes to your mind first? • Autopsy 3 is different Open Source Software
© 2013, Basis Technology 6 • Open source software that allows you to forensically analyze disk images and local drives Context: What Is The Sleuth Kit?
© 2013, Basis Technology 7 • Original method for using TSK • Over 25 different tools (!) • mmls example: # mmls tsk1.img Slot Start End Length Description 00: ----- 0000000 0000000 0000001 Primary Table 01: ----- 0000001 0000062 0000062 Unallocated 02: 00:00 0000063 0032129 0032067 NTFS (0x07) 03: 00:01 0032130 0064259 0032130 DOS FAT16 (0x06) TSK Command Line Tools
© 2013, Basis Technology 8 • Software libraries allow functionality to be embedded in a bigger program. • Many commercial, open source, and govn’t systems use TSK as a library. • Looks like: tsk_img_open(1, “C:imgsimage1.E01”, TSK_IMG_TYPE_DETECT, 512); TSK Library Interface
© 2013, Basis Technology 9 TSK Framework Talk to me after if you are building a system that needs this.
© 2013, Basis Technology 10 • Powerful volume and file system analysis tools. • Extensible framework. • Not user friendly for the 99%. TSK Take Away
© 2013, Basis Technology 11 • Graphical digital forensics interface. • Brief History: – 2001: First Open Source Release • Interface to The Sleuth Kit • Linux and OS X only – 2010: Started v3 from scratch as a platform • Based on OSDFCon discussions • Windows-based & automated • Some US Army funding (with 42Six Solutions) • 3.0.0 released in September, 2012. Autopsy
© 2013, Basis Technology 12 • Extensible – Several frameworks and plug-in modules • Easy to use – Simple UI concepts – More details during the demo • Fast results – Provided as soon as they are found • Cost Effective – Free Autopsy 3 Key Points
© 2013, Basis Technology 13 Autopsy 3 Main Screen
© 2013, Basis Technology 14 Autopsy Ingest Modules MD5/SHA1 Hash Calculation Hash Lookup Add Text to Keyword Index ... Web Browser Analysis E01 File MBOX Thunderbird EXIF Extraction Registry Analysis Run automatically as media is added to Case. • Remembers what you ran last time. • Anyone can write new modules. • Can tweak knobs based on investigation type and available time.
© 2013, Basis Technology 15 • Hash Lookup: – NSRL, EnCase, Hashkeeper support • Keyword Search: – Lucene SOLR index – Extract text (better for HTML and PDF) – Import / export lists – Regular expressions – Can support more advanced text analytics Standard Ingest Modules
© 2013, Basis Technology 16 • Recent Activity Module: – Browser artifacts: • History, cookies, downloads, bookmarks • Firefox, Chrome, Safari, IE – Recent user documents – Recent devices – Runs regripper behind the scenes • EXIF from JPEGs • MBOX email • ZIP Archive Standard Ingest Modules
© 2013, Basis Technology 17 • More file formats / P2P logs • Anti-virus / Malware • Volume shadow / file system journals • Cryptography and steganography detection • Text analytics (language detection) • Object identification in pictures • Skin tone detection Future Ingest Module Ideas
© 2013, Basis Technology 18 • Display a file in a given way. • Text: Hex and Strings • Media: Pictures and video Content Viewer Modules
© 2013, Basis Technology 19 Content Viewer: Video Triage
© 2013, Basis Technology 20 • Not part of open source package • Name finder and translator – Uses Basis Technology text analytics Content Viewer: Text Gisting
© 2013, Basis Technology 21 External Viewer Module: Timeline
© 2013, Basis Technology 22 Demo
© 2013, Basis Technology 23 • Easy to install and use – Less training and confusion. • Extensible and open – Can be adapted to your needs – Updated by community • Low cost • No cost Takeaway
© 2013, Basis Technology 24 • 4th Annual Open Source Forensics Conference – Free for government employees! – http://www.osdfcon.org/ – Nov 4 and 5 in Northern VA. Open Source Conference
© 2013, Basis Technology 25 • Cash prizes for best new module. – $1500 for first prize • Voting by attendees at OSDFCon. • Any module type is eligible. • See issue tracker for ideas. • Submission details: http://www.basistech.com/about- us/events/open-source-forensics- conference/contest/ Module Writing Competition
© 2013, Basis Technology 26 • 2 Day Autopsy training courses: – November 6 & 7 in DC (after OSDFCon) • ½ Day Developer Training at OSDFCon Autopsy Training
© 2013, Basis Technology 27 • Users: – Use it and spread the word – Provide feedback on features – Help with documentation and support • Developers: Write modules instead of stand- alone apps. Contact us with feature changes. • We’re looking for law enforcement users. What You Can Do
© 2013, Basis Technology 28 • Download from: – http://www.sleuthkit.org/autopsy/ • Questions: brianc@basistech.com • We’re hiring engineers…. • We have stickers Conclusion
© 2013, Basis Technology 29 Demo Highlights (In Case Demo Fails)
© 2013, Basis Technology 30 Easy To Use
© 2013, Basis Technology 31 Splash Screen • User is always guided to next step in process
© 2013, Basis Technology 32 Add Image Wizard • Detects image format • Detects volume and file systems
© 2013, Basis Technology 33 Ingest Manager in Wizard • Uses previous settings for modules.
© 2013, Basis Technology 34 Intuitive Interface • All results on left, history buttons, keyword search box
© 2013, Basis Technology 35 Single Place for All Results
© 2013, Basis Technology 36 View By File Type
© 2013, Basis Technology 37 View Final Days of Activity
© 2013, Basis Technology 38 • View directories of keyword and hash hits • Tag and bookmark files • Extract files or launch external viewers Right Click Actions
© 2013, Basis Technology 39 Ingest Inbox • Shows users what has been found in background tasks
© 2013, Basis Technology 40 HTML Report • Report modules can be customized
© 2013, Basis Technology 41 Contact Info Brian Carrier Basis Technology brianc@basistech.com

Recomendados

OSDF 2013 - Autopsy 3: Extensible Desktop Forensics by Brian Carrier
OSDF 2013 - Autopsy 3: Extensible Desktop Forensics by Brian CarrierOSDF 2013 - Autopsy 3: Extensible Desktop Forensics by Brian Carrier
OSDF 2013 - Autopsy 3: Extensible Desktop Forensics by Brian Carrier
Basis Technology
 
Autopsy Digital forensics tool
Autopsy Digital forensics toolAutopsy Digital forensics tool
Autopsy Digital forensics tool
Sreekanth Narendran
 
computer forensic tools-Hardware & Software tools
computer forensic tools-Hardware & Software toolscomputer forensic tools-Hardware & Software tools
computer forensic tools-Hardware & Software tools
N.Jagadish Kumar
 
online investigation
online investigationonline investigation
online investigation
fortune777
 
Remote forensics fsec2016 delija draft
Remote forensics fsec2016 delija draftRemote forensics fsec2016 delija draft
Remote forensics fsec2016 delija draft
Damir Delija
 
CNIT 152: 3 Pre-Incident Preparation
CNIT 152: 3 Pre-Incident PreparationCNIT 152: 3 Pre-Incident Preparation
CNIT 152: 3 Pre-Incident Preparation
Sam Bowne
 
Computer forensics and its role
Computer forensics and its roleComputer forensics and its role
Computer forensics and its role
Sudeshna Basak
 
Processing Crimes and Incident Scenes
Processing Crimes and Incident ScenesProcessing Crimes and Incident Scenes
Processing Crimes and Incident Scenes
primeteacher32
 

Recomendados

OSDF 2013 - Autopsy 3: Extensible Desktop Forensics by Brian Carrier
OSDF 2013 - Autopsy 3: Extensible Desktop Forensics by Brian CarrierOSDF 2013 - Autopsy 3: Extensible Desktop Forensics by Brian Carrier
OSDF 2013 - Autopsy 3: Extensible Desktop Forensics by Brian Carrier
Basis Technology
 
Autopsy Digital forensics tool
Autopsy Digital forensics toolAutopsy Digital forensics tool
Autopsy Digital forensics tool
Sreekanth Narendran
 
computer forensic tools-Hardware & Software tools
computer forensic tools-Hardware & Software toolscomputer forensic tools-Hardware & Software tools
computer forensic tools-Hardware & Software tools
N.Jagadish Kumar
 
online investigation
online investigationonline investigation
online investigation
fortune777
 
Remote forensics fsec2016 delija draft
Remote forensics fsec2016 delija draftRemote forensics fsec2016 delija draft
Remote forensics fsec2016 delija draft
Damir Delija
 
CNIT 152: 3 Pre-Incident Preparation
CNIT 152: 3 Pre-Incident PreparationCNIT 152: 3 Pre-Incident Preparation
CNIT 152: 3 Pre-Incident Preparation
Sam Bowne
 
Computer forensics and its role
Computer forensics and its roleComputer forensics and its role
Computer forensics and its role
Sudeshna Basak
 
Processing Crimes and Incident Scenes
Processing Crimes and Incident ScenesProcessing Crimes and Incident Scenes
Processing Crimes and Incident Scenes
primeteacher32
 
CNIT 121: 11 Analysis Methodology
CNIT 121: 11 Analysis MethodologyCNIT 121: 11 Analysis Methodology
CNIT 121: 11 Analysis Methodology
Sam Bowne
 
Computer forensics toolkit
Computer forensics toolkitComputer forensics toolkit
Computer forensics toolkit
Milap Oza
 
Digital Forensic Tools - Application Specific.
Digital Forensic Tools - Application Specific.Digital Forensic Tools - Application Specific.
Digital Forensic Tools - Application Specific.
guestcf6f5b
 
02 Types of Computer Forensics Technology - Notes
02 Types of Computer Forensics Technology - Notes02 Types of Computer Forensics Technology - Notes
02 Types of Computer Forensics Technology - Notes
Kranthi
 
6414 preparation and planning of the development of a proficiency test in the...
6414 preparation and planning of the development of a proficiency test in the...6414 preparation and planning of the development of a proficiency test in the...
6414 preparation and planning of the development of a proficiency test in the...
Damir Delija
 
Digital forensics
Digital forensics Digital forensics
Digital forensics
vishnuv43
 
Anti forensic
Anti forensicAnti forensic
Anti forensic
Milap Oza
 
Computer Forensic
Computer ForensicComputer Forensic
Computer Forensic
Tawhidur Rahman
 
Digital forensic
Digital forensicDigital forensic
Digital forensic
Chandan Sah
 
CNIT 121: 4 Getting the Investigation Started on the Right Foot & 5 Initial D...
CNIT 121: 4 Getting the Investigation Started on the Right Foot & 5 Initial D...CNIT 121: 4 Getting the Investigation Started on the Right Foot & 5 Initial D...
CNIT 121: 4 Getting the Investigation Started on the Right Foot & 5 Initial D...
Sam Bowne
 
CNIT 121: 3 Pre-Incident Preparation
CNIT 121: 3 Pre-Incident PreparationCNIT 121: 3 Pre-Incident Preparation
CNIT 121: 3 Pre-Incident Preparation
Sam Bowne
 
Digital Forensics
Digital ForensicsDigital Forensics
Digital Forensics
Nicholas Davis
 
Digital Forensics by William C. Barker (NIST)
Digital Forensics by William C. Barker (NIST)Digital Forensics by William C. Barker (NIST)
Digital Forensics by William C. Barker (NIST)
AltheimPrivacy
 
computer forensics
computer forensics computer forensics
computer forensics
samantha jarrett
 
Computer forensics
Computer forensicsComputer forensics
Computer forensics
Shreya Singireddy
 
Lecture 4,5, 6 comp forensics 19 9-2018 basic security
Lecture 4,5, 6 comp forensics 19 9-2018 basic securityLecture 4,5, 6 comp forensics 19 9-2018 basic security
Lecture 4,5, 6 comp forensics 19 9-2018 basic security
Alchemist095
 
Digital Forensic
Digital ForensicDigital Forensic
Digital Forensic
Cleverence Kombe
 
Digital forensic tools
Digital forensic toolsDigital forensic tools
Digital forensic tools
Parsons Corporation
 
Computer +forensics
Computer +forensicsComputer +forensics
Computer +forensics
Rahul Baghla
 
Understanding computer investigation
Understanding computer investigationUnderstanding computer investigation
Understanding computer investigation
Online
 
Open Source Forensics
Open Source ForensicsOpen Source Forensics
Open Source Forensics
CTIN
 
File system
File systemFile system
File system
Harleen Johal
 

Mais conteúdo relacionado

Mais procurados

Computer forensics toolkit
Computer forensics toolkitComputer forensics toolkit
Computer forensics toolkit
Milap Oza
 
02 Types of Computer Forensics Technology - Notes
02 Types of Computer Forensics Technology - Notes02 Types of Computer Forensics Technology - Notes
02 Types of Computer Forensics Technology - Notes
Kranthi
 
Anti forensic
Anti forensicAnti forensic
Anti forensic
Milap Oza
 
Digital Forensics by William C. Barker (NIST)
Digital Forensics by William C. Barker (NIST)Digital Forensics by William C. Barker (NIST)
Digital Forensics by William C. Barker (NIST)
AltheimPrivacy
 
Lecture 4,5, 6 comp forensics 19 9-2018 basic security
Lecture 4,5, 6 comp forensics 19 9-2018 basic securityLecture 4,5, 6 comp forensics 19 9-2018 basic security
Lecture 4,5, 6 comp forensics 19 9-2018 basic security
Alchemist095
 
Computer +forensics
Computer +forensicsComputer +forensics
Computer +forensics
Rahul Baghla
 

Mais procurados (20)

CNIT 121: 11 Analysis Methodology
CNIT 121: 11 Analysis MethodologyCNIT 121: 11 Analysis Methodology
CNIT 121: 11 Analysis Methodology
 
Computer forensics toolkit
Computer forensics toolkitComputer forensics toolkit
Computer forensics toolkit
 
Digital Forensic Tools - Application Specific.
Digital Forensic Tools - Application Specific.Digital Forensic Tools - Application Specific.
Digital Forensic Tools - Application Specific.
 
02 Types of Computer Forensics Technology - Notes
02 Types of Computer Forensics Technology - Notes02 Types of Computer Forensics Technology - Notes
02 Types of Computer Forensics Technology - Notes
 
6414 preparation and planning of the development of a proficiency test in the...
6414 preparation and planning of the development of a proficiency test in the...6414 preparation and planning of the development of a proficiency test in the...
6414 preparation and planning of the development of a proficiency test in the...
 
Digital forensics
Digital forensics Digital forensics
Digital forensics
 
Anti forensic
Anti forensicAnti forensic
Anti forensic
 
Computer Forensic
Computer ForensicComputer Forensic
Computer Forensic
 
Digital forensic
Digital forensicDigital forensic
Digital forensic
 
CNIT 121: 4 Getting the Investigation Started on the Right Foot & 5 Initial D...
CNIT 121: 4 Getting the Investigation Started on the Right Foot & 5 Initial D...CNIT 121: 4 Getting the Investigation Started on the Right Foot & 5 Initial D...
CNIT 121: 4 Getting the Investigation Started on the Right Foot & 5 Initial D...
 
CNIT 121: 3 Pre-Incident Preparation
CNIT 121: 3 Pre-Incident PreparationCNIT 121: 3 Pre-Incident Preparation
CNIT 121: 3 Pre-Incident Preparation
 
Digital Forensics
Digital ForensicsDigital Forensics
Digital Forensics
 
Digital Forensics by William C. Barker (NIST)
Digital Forensics by William C. Barker (NIST)Digital Forensics by William C. Barker (NIST)
Digital Forensics by William C. Barker (NIST)
 
computer forensics
computer forensics computer forensics
computer forensics
 
Computer forensics
Computer forensicsComputer forensics
Computer forensics
 
Lecture 4,5, 6 comp forensics 19 9-2018 basic security
Lecture 4,5, 6 comp forensics 19 9-2018 basic securityLecture 4,5, 6 comp forensics 19 9-2018 basic security
Lecture 4,5, 6 comp forensics 19 9-2018 basic security
 
Digital Forensic
Digital ForensicDigital Forensic
Digital Forensic
 
Digital forensic tools
Digital forensic toolsDigital forensic tools
Digital forensic tools
 
Computer +forensics
Computer +forensicsComputer +forensics
Computer +forensics
 
Understanding computer investigation
Understanding computer investigationUnderstanding computer investigation
Understanding computer investigation
 

Destaque

Open Source Forensics
Open Source ForensicsOpen Source Forensics
Open Source Forensics
CTIN
 
Msra 2011 windows7 forensics-troyla
Msra 2011 windows7 forensics-troylaMsra 2011 windows7 forensics-troyla
Msra 2011 windows7 forensics-troyla
CTIN
 
Raidprep
RaidprepRaidprep
Raidprep
CTIN
 
Vista Forensics
Vista ForensicsVista Forensics
Vista Forensics
CTIN
 
www.indonezia.net Hacking Windows Registry
www.indonezia.net Hacking Windows Registrywww.indonezia.net Hacking Windows Registry
www.indonezia.net Hacking Windows Registry
Chandra Pr. Singh
 
Edrm
EdrmEdrm
Edrm
CTIN
 
Mounting virtual hard drives
Mounting virtual hard drivesMounting virtual hard drives
Mounting virtual hard drives
CTIN
 
Forensics of a Windows System
Forensics of a Windows SystemForensics of a Windows System
Forensics of a Windows System
Conferencias FIST
 
Part6 Private Sector Concerns
Part6 Private Sector ConcernsPart6 Private Sector Concerns
Part6 Private Sector Concerns
CTIN
 

Destaque (20)

Open Source Forensics
Open Source ForensicsOpen Source Forensics
Open Source Forensics
 
File system
File systemFile system
File system
 
Msra 2011 windows7 forensics-troyla
Msra 2011 windows7 forensics-troylaMsra 2011 windows7 forensics-troyla
Msra 2011 windows7 forensics-troyla
 
Raidprep
RaidprepRaidprep
Raidprep
 
Accessioning-Based Metadata Extraction and Iterative Processing: Notes From t...
Accessioning-Based Metadata Extraction and Iterative Processing: Notes From t...Accessioning-Based Metadata Extraction and Iterative Processing: Notes From t...
Accessioning-Based Metadata Extraction and Iterative Processing: Notes From t...
 
Vista Forensics
Vista ForensicsVista Forensics
Vista Forensics
 
File carving tools
File carving toolsFile carving tools
File carving tools
 
Netcat cheat sheet
Netcat cheat sheetNetcat cheat sheet
Netcat cheat sheet
 
Web and Social Media Image Forensics for News Professionals
Web and Social Media Image Forensics for News ProfessionalsWeb and Social Media Image Forensics for News Professionals
Web and Social Media Image Forensics for News Professionals
 
Introduction to memory forensics
Introduction to memory forensicsIntroduction to memory forensics
Introduction to memory forensics
 
www.indonezia.net Hacking Windows Registry
www.indonezia.net Hacking Windows Registrywww.indonezia.net Hacking Windows Registry
www.indonezia.net Hacking Windows Registry
 
Unit B Windows 7
Unit B Windows 7Unit B Windows 7
Unit B Windows 7
 
Edrm
EdrmEdrm
Edrm
 
Windows 8.x Forensics 1.0
Windows 8.x Forensics 1.0Windows 8.x Forensics 1.0
Windows 8.x Forensics 1.0
 
Digital forensic upload
Digital forensic uploadDigital forensic upload
Digital forensic upload
 
Mounting virtual hard drives
Mounting virtual hard drivesMounting virtual hard drives
Mounting virtual hard drives
 
Forensics of a Windows System
Forensics of a Windows SystemForensics of a Windows System
Forensics of a Windows System
 
Windows Forensics
Windows ForensicsWindows Forensics
Windows Forensics
 
Registry forensics
Registry forensicsRegistry forensics
Registry forensics
 
Part6 Private Sector Concerns
Part6 Private Sector ConcernsPart6 Private Sector Concerns
Part6 Private Sector Concerns
 

Semelhante a Autopsy 3: Free Open Source End-to-End Windows-based Digital Forensics Platform

Open source softrware, group 5 final
Open source softrware, group 5 finalOpen source softrware, group 5 final
Open source softrware, group 5 final
bigrouge
 
Choosing the right Technologies for your next unicorn.
Choosing the right Technologies for your next unicorn.Choosing the right Technologies for your next unicorn.
Choosing the right Technologies for your next unicorn.
Gladson DSouza
 
Application Virtualization, University of New Hampshire
Application Virtualization, University of New HampshireApplication Virtualization, University of New Hampshire
Application Virtualization, University of New Hampshire
Tony Austwick
 
Open source caqdas what is in the box and what is missing
Open source caqdas what is in the box and what is missingOpen source caqdas what is in the box and what is missing
Open source caqdas what is in the box and what is missing
Merlien Institute
 
Netflix Open Source: Building a Distributed and Automated Open Source Program
Netflix Open Source: Building a Distributed and Automated Open Source ProgramNetflix Open Source: Building a Distributed and Automated Open Source Program
Netflix Open Source: Building a Distributed and Automated Open Source Program
aspyker
 
SFSCON23 - Frank Karlitschek - What the AI revolution means for Open Source, ...
SFSCON23 - Frank Karlitschek - What the AI revolution means for Open Source, ...SFSCON23 - Frank Karlitschek - What the AI revolution means for Open Source, ...
SFSCON23 - Frank Karlitschek - What the AI revolution means for Open Source, ...
South Tyrol Free Software Conference
 

Semelhante a Autopsy 3: Free Open Source End-to-End Windows-based Digital Forensics Platform (20)

Open source softrware, group 5 final
Open source softrware, group 5 finalOpen source softrware, group 5 final
Open source softrware, group 5 final
 
Software Analytics - Achievements and Challenges
Software Analytics - Achievements and ChallengesSoftware Analytics - Achievements and Challenges
Software Analytics - Achievements and Challenges
 
Debugging TV Frame 0x19
Debugging TV Frame 0x19Debugging TV Frame 0x19
Debugging TV Frame 0x19
 
Component Based Model Driven Development of Mission Critical Defense Applicat...
Component Based Model Driven Development of Mission Critical Defense Applicat...Component Based Model Driven Development of Mission Critical Defense Applicat...
Component Based Model Driven Development of Mission Critical Defense Applicat...
 
Lick my Lollipop
Lick my LollipopLick my Lollipop
Lick my Lollipop
 
Autopsy 3.0 - Open Source Digital Forensics Conference
Autopsy 3.0 - Open Source Digital Forensics ConferenceAutopsy 3.0 - Open Source Digital Forensics Conference
Autopsy 3.0 - Open Source Digital Forensics Conference
 
Utilisation de la plateforme virtuelle QEMU/SystemC pour l'IoT
Utilisation de la plateforme virtuelle QEMU/SystemC pour l'IoTUtilisation de la plateforme virtuelle QEMU/SystemC pour l'IoT
Utilisation de la plateforme virtuelle QEMU/SystemC pour l'IoT
 
Intro to open source - 101 presentation
Intro to open source - 101 presentationIntro to open source - 101 presentation
Intro to open source - 101 presentation
 
Project SOLOS
Project SOLOSProject SOLOS
Project SOLOS
 
Documentation
DocumentationDocumentation
Documentation
 
Emerging standards and support organizations within engineering simulation
Emerging standards and support organizations within engineering simulation Emerging standards and support organizations within engineering simulation
Emerging standards and support organizations within engineering simulation
 
Choosing the right Technologies for your next unicorn.
Choosing the right Technologies for your next unicorn.Choosing the right Technologies for your next unicorn.
Choosing the right Technologies for your next unicorn.
 
Eca online-seminar-session-1.pptx
Eca online-seminar-session-1.pptxEca online-seminar-session-1.pptx
Eca online-seminar-session-1.pptx
 
Application Virtualization, University of New Hampshire
Application Virtualization, University of New HampshireApplication Virtualization, University of New Hampshire
Application Virtualization, University of New Hampshire
 
Open source caqdas what is in the box and what is missing
Open source caqdas what is in the box and what is missingOpen source caqdas what is in the box and what is missing
Open source caqdas what is in the box and what is missing
 
Netflix Open Source: Building a Distributed and Automated Open Source Program
Netflix Open Source: Building a Distributed and Automated Open Source ProgramNetflix Open Source: Building a Distributed and Automated Open Source Program
Netflix Open Source: Building a Distributed and Automated Open Source Program
 
Building a Distributed & Automated Open Source Program at Netflix
Building a Distributed & Automated Open Source Program at NetflixBuilding a Distributed & Automated Open Source Program at Netflix
Building a Distributed & Automated Open Source Program at Netflix
 
Iot development from prototype to production
Iot development from prototype to productionIot development from prototype to production
Iot development from prototype to production
 
SFSCON23 - Frank Karlitschek - What the AI revolution means for Open Source, ...
SFSCON23 - Frank Karlitschek - What the AI revolution means for Open Source, ...SFSCON23 - Frank Karlitschek - What the AI revolution means for Open Source, ...
SFSCON23 - Frank Karlitschek - What the AI revolution means for Open Source, ...
 
Programming languages and techniques for today’s embedded andIoT world
Programming languages and techniques for today’s embedded andIoT worldProgramming languages and techniques for today’s embedded andIoT world
Programming languages and techniques for today’s embedded andIoT world
 

Mais de Basis Technology

Product Update: Customization with Rosette
Product Update: Customization with RosetteProduct Update: Customization with Rosette
Product Update: Customization with Rosette
Basis Technology
 
Smart Matching for Screening Webinar - May 2020
Smart Matching for Screening Webinar - May 2020Smart Matching for Screening Webinar - May 2020
Smart Matching for Screening Webinar - May 2020
Basis Technology
 
Rosette Product Update (May 2019)
Rosette Product Update (May 2019)Rosette Product Update (May 2019)
Rosette Product Update (May 2019)
Basis Technology
 
Simple fuzzy name matching in elasticsearch paris meetup
Simple fuzzy name matching in elasticsearch paris meetupSimple fuzzy name matching in elasticsearch paris meetup
Simple fuzzy name matching in elasticsearch paris meetup
Basis Technology
 
Simple fuzzy Name Matching in Elasticsearch - Graham Morehead
Simple fuzzy Name Matching in Elasticsearch - Graham MoreheadSimple fuzzy Name Matching in Elasticsearch - Graham Morehead
Simple fuzzy Name Matching in Elasticsearch - Graham Morehead
Basis Technology
 
Optimizing multilingual search in SOLR
Optimizing multilingual search in SOLROptimizing multilingual search in SOLR
Optimizing multilingual search in SOLR
Basis Technology
 
HLT 2013 - Big Data Navigation and Discovery by Stefan Andreasen & Jeff Godbold
HLT 2013 - Big Data Navigation and Discovery by Stefan Andreasen & Jeff GodboldHLT 2013 - Big Data Navigation and Discovery by Stefan Andreasen & Jeff Godbold
HLT 2013 - Big Data Navigation and Discovery by Stefan Andreasen & Jeff Godbold
Basis Technology
 
HLT 2013 - Adapting News-Trained Entity Extraction to New Domains and Emergin...
HLT 2013 - Adapting News-Trained Entity Extraction to New Domains and Emergin...HLT 2013 - Adapting News-Trained Entity Extraction to New Domains and Emergin...
HLT 2013 - Adapting News-Trained Entity Extraction to New Domains and Emergin...
Basis Technology
 
HLT 2013 - From Research to Reality: Advances in HLT by David Murgatroyd
HLT 2013 - From Research to Reality: Advances in HLT by David MurgatroydHLT 2013 - From Research to Reality: Advances in HLT by David Murgatroyd
HLT 2013 - From Research to Reality: Advances in HLT by David Murgatroyd
Basis Technology
 
Big Data Triage with Rosette Human Language Technology Conference
Big Data Triage with Rosette Human Language Technology ConferenceBig Data Triage with Rosette Human Language Technology Conference
Big Data Triage with Rosette Human Language Technology Conference
Basis Technology
 
Multilingual Search and Text Analytics with Solr - Open Source Search Conference
Multilingual Search and Text Analytics with Solr - Open Source Search ConferenceMultilingual Search and Text Analytics with Solr - Open Source Search Conference
Multilingual Search and Text Analytics with Solr - Open Source Search Conference
Basis Technology
 

Mais de Basis Technology (19)

Product Update: Customization with Rosette
Product Update: Customization with RosetteProduct Update: Customization with Rosette
Product Update: Customization with Rosette
 
Smart Matching for Screening Webinar - May 2020
Smart Matching for Screening Webinar - May 2020Smart Matching for Screening Webinar - May 2020
Smart Matching for Screening Webinar - May 2020
 
Understanding Names with Neural Networks - May 2020
Understanding Names with Neural Networks - May 2020Understanding Names with Neural Networks - May 2020
Understanding Names with Neural Networks - May 2020
 
Rosette Product Update (May 2019)
Rosette Product Update (May 2019)Rosette Product Update (May 2019)
Rosette Product Update (May 2019)
 
Simple fuzzy name matching in elasticsearch paris meetup
Simple fuzzy name matching in elasticsearch paris meetupSimple fuzzy name matching in elasticsearch paris meetup
Simple fuzzy name matching in elasticsearch paris meetup
 
Simple fuzzy Name Matching in Elasticsearch - Graham Morehead
Simple fuzzy Name Matching in Elasticsearch - Graham MoreheadSimple fuzzy Name Matching in Elasticsearch - Graham Morehead
Simple fuzzy Name Matching in Elasticsearch - Graham Morehead
 
Optimizing multilingual search in SOLR
Optimizing multilingual search in SOLROptimizing multilingual search in SOLR
Optimizing multilingual search in SOLR
 
Gregor Stewart - OSIRA 2014
Gregor Stewart - OSIRA 2014Gregor Stewart - OSIRA 2014
Gregor Stewart - OSIRA 2014
 
Basis Technology showcase at elasticsearch meetup in Japan
Basis Technology showcase at elasticsearch meetup in JapanBasis Technology showcase at elasticsearch meetup in Japan
Basis Technology showcase at elasticsearch meetup in Japan
 
Rosette Search Essentials for Elasticsearch
Rosette Search Essentials for ElasticsearchRosette Search Essentials for Elasticsearch
Rosette Search Essentials for Elasticsearch
 
HLT 2013 - Big Data Navigation and Discovery by Stefan Andreasen & Jeff Godbold
HLT 2013 - Big Data Navigation and Discovery by Stefan Andreasen & Jeff GodboldHLT 2013 - Big Data Navigation and Discovery by Stefan Andreasen & Jeff Godbold
HLT 2013 - Big Data Navigation and Discovery by Stefan Andreasen & Jeff Godbold
 
HLT 2013 - Triaging Foreign Language Documents for MEDEX by Brian Carrier
HLT 2013 - Triaging Foreign Language Documents for MEDEX by Brian CarrierHLT 2013 - Triaging Foreign Language Documents for MEDEX by Brian Carrier
HLT 2013 - Triaging Foreign Language Documents for MEDEX by Brian Carrier
 
OSS 2013 - Real World Facets with Entity Resolution by Benson Margulies
OSS 2013 - Real World Facets with Entity Resolution by Benson MarguliesOSS 2013 - Real World Facets with Entity Resolution by Benson Margulies
OSS 2013 - Real World Facets with Entity Resolution by Benson Margulies
 
HLT 2013 - Adapting News-Trained Entity Extraction to New Domains and Emergin...
HLT 2013 - Adapting News-Trained Entity Extraction to New Domains and Emergin...HLT 2013 - Adapting News-Trained Entity Extraction to New Domains and Emergin...
HLT 2013 - Adapting News-Trained Entity Extraction to New Domains and Emergin...
 
HLT 2013 - From Research to Reality: Advances in HLT by David Murgatroyd
HLT 2013 - From Research to Reality: Advances in HLT by David MurgatroydHLT 2013 - From Research to Reality: Advances in HLT by David Murgatroyd
HLT 2013 - From Research to Reality: Advances in HLT by David Murgatroyd
 
A Lightning Introduction To Clouds & HLT - Human Language Technology Conference
A Lightning Introduction To Clouds & HLT - Human Language Technology ConferenceA Lightning Introduction To Clouds & HLT - Human Language Technology Conference
A Lightning Introduction To Clouds & HLT - Human Language Technology Conference
 
Moving Beyond Entity Extraction to Entity Resolution - Human Language Technol...
Moving Beyond Entity Extraction to Entity Resolution - Human Language Technol...Moving Beyond Entity Extraction to Entity Resolution - Human Language Technol...
Moving Beyond Entity Extraction to Entity Resolution - Human Language Technol...
 
Big Data Triage with Rosette Human Language Technology Conference
Big Data Triage with Rosette Human Language Technology ConferenceBig Data Triage with Rosette Human Language Technology Conference
Big Data Triage with Rosette Human Language Technology Conference
 
Multilingual Search and Text Analytics with Solr - Open Source Search Conference
Multilingual Search and Text Analytics with Solr - Open Source Search ConferenceMultilingual Search and Text Analytics with Solr - Open Source Search Conference
Multilingual Search and Text Analytics with Solr - Open Source Search Conference
 

Último

Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Orbitshub
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Victor Rentea
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
Overkill Security
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
WSO2
 

Último (20)

Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with Milvus
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUKSpring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 

Autopsy 3: Free Open Source End-to-End Windows-based Digital Forensics Platform

  • 1. © 2013, Basis Technology 1 Autopsy 3.0 Extensible Desktop Digital Forensics It’s not your father’s open source software Brian Carrier VP of Digital Forensics Basis Technology
  • 2. © 2013, Basis Technology 2 • Software and services technology company • Roughly 80 people • Offices in Cambridge, DC, Tokyo, and London • Two technology areas: – Text Analytics – Digital Forensics Quick Intro To Basis Technology
  • 3. © 2013, Basis Technology 3 • Conduct investigations • Research and development • Custom software development • Open Source Software – Autopsy module development – Commercial support – Training Digital Forensics at Basis
  • 4. © 2013, Basis Technology 4 • What comes to your mind first? Open Source Software
  • 5. © 2013, Basis Technology 5 • What comes to your mind first? • Autopsy 3 is different Open Source Software
  • 6. © 2013, Basis Technology 6 • Open source software that allows you to forensically analyze disk images and local drives Context: What Is The Sleuth Kit?
  • 7. © 2013, Basis Technology 7 • Original method for using TSK • Over 25 different tools (!) • mmls example: # mmls tsk1.img Slot Start End Length Description 00: ----- 0000000 0000000 0000001 Primary Table 01: ----- 0000001 0000062 0000062 Unallocated 02: 00:00 0000063 0032129 0032067 NTFS (0x07) 03: 00:01 0032130 0064259 0032130 DOS FAT16 (0x06) TSK Command Line Tools
  • 8. © 2013, Basis Technology 8 • Software libraries allow functionality to be embedded in a bigger program. • Many commercial, open source, and govn’t systems use TSK as a library. • Looks like: tsk_img_open(1, “C:imgsimage1.E01”, TSK_IMG_TYPE_DETECT, 512); TSK Library Interface
  • 9. © 2013, Basis Technology 9 TSK Framework Talk to me after if you are building a system that needs this.
  • 10. © 2013, Basis Technology 10 • Powerful volume and file system analysis tools. • Extensible framework. • Not user friendly for the 99%. TSK Take Away
  • 11. © 2013, Basis Technology 11 • Graphical digital forensics interface. • Brief History: – 2001: First Open Source Release • Interface to The Sleuth Kit • Linux and OS X only – 2010: Started v3 from scratch as a platform • Based on OSDFCon discussions • Windows-based & automated • Some US Army funding (with 42Six Solutions) • 3.0.0 released in September, 2012. Autopsy
  • 12. © 2013, Basis Technology 12 • Extensible – Several frameworks and plug-in modules • Easy to use – Simple UI concepts – More details during the demo • Fast results – Provided as soon as they are found • Cost Effective – Free Autopsy 3 Key Points
  • 13. © 2013, Basis Technology 13 Autopsy 3 Main Screen
  • 14. © 2013, Basis Technology 14 Autopsy Ingest Modules MD5/SHA1 Hash Calculation Hash Lookup Add Text to Keyword Index ... Web Browser Analysis E01 File MBOX Thunderbird EXIF Extraction Registry Analysis Run automatically as media is added to Case. • Remembers what you ran last time. • Anyone can write new modules. • Can tweak knobs based on investigation type and available time.
  • 15. © 2013, Basis Technology 15 • Hash Lookup: – NSRL, EnCase, Hashkeeper support • Keyword Search: – Lucene SOLR index – Extract text (better for HTML and PDF) – Import / export lists – Regular expressions – Can support more advanced text analytics Standard Ingest Modules
  • 16. © 2013, Basis Technology 16 • Recent Activity Module: – Browser artifacts: • History, cookies, downloads, bookmarks • Firefox, Chrome, Safari, IE – Recent user documents – Recent devices – Runs regripper behind the scenes • EXIF from JPEGs • MBOX email • ZIP Archive Standard Ingest Modules
  • 17. © 2013, Basis Technology 17 • More file formats / P2P logs • Anti-virus / Malware • Volume shadow / file system journals • Cryptography and steganography detection • Text analytics (language detection) • Object identification in pictures • Skin tone detection Future Ingest Module Ideas
  • 18. © 2013, Basis Technology 18 • Display a file in a given way. • Text: Hex and Strings • Media: Pictures and video Content Viewer Modules
  • 19. © 2013, Basis Technology 19 Content Viewer: Video Triage
  • 20. © 2013, Basis Technology 20 • Not part of open source package • Name finder and translator – Uses Basis Technology text analytics Content Viewer: Text Gisting
  • 21. © 2013, Basis Technology 21 External Viewer Module: Timeline
  • 22. © 2013, Basis Technology 22 Demo
  • 23. © 2013, Basis Technology 23 • Easy to install and use – Less training and confusion. • Extensible and open – Can be adapted to your needs – Updated by community • Low cost • No cost Takeaway
  • 24. © 2013, Basis Technology 24 • 4th Annual Open Source Forensics Conference – Free for government employees! – http://www.osdfcon.org/ – Nov 4 and 5 in Northern VA. Open Source Conference
  • 25. © 2013, Basis Technology 25 • Cash prizes for best new module. – $1500 for first prize • Voting by attendees at OSDFCon. • Any module type is eligible. • See issue tracker for ideas. • Submission details: http://www.basistech.com/about- us/events/open-source-forensics- conference/contest/ Module Writing Competition
  • 26. © 2013, Basis Technology 26 • 2 Day Autopsy training courses: – November 6 & 7 in DC (after OSDFCon) • ½ Day Developer Training at OSDFCon Autopsy Training
  • 27. © 2013, Basis Technology 27 • Users: – Use it and spread the word – Provide feedback on features – Help with documentation and support • Developers: Write modules instead of stand- alone apps. Contact us with feature changes. • We’re looking for law enforcement users. What You Can Do
  • 28. © 2013, Basis Technology 28 • Download from: – http://www.sleuthkit.org/autopsy/ • Questions: brianc@basistech.com • We’re hiring engineers…. • We have stickers Conclusion
  • 29. © 2013, Basis Technology 29 Demo Highlights (In Case Demo Fails)
  • 30. © 2013, Basis Technology 30 Easy To Use
  • 31. © 2013, Basis Technology 31 Splash Screen • User is always guided to next step in process
  • 32. © 2013, Basis Technology 32 Add Image Wizard • Detects image format • Detects volume and file systems
  • 33. © 2013, Basis Technology 33 Ingest Manager in Wizard • Uses previous settings for modules.
  • 34. © 2013, Basis Technology 34 Intuitive Interface • All results on left, history buttons, keyword search box
  • 35. © 2013, Basis Technology 35 Single Place for All Results
  • 36. © 2013, Basis Technology 36 View By File Type
  • 37. © 2013, Basis Technology 37 View Final Days of Activity
  • 38. © 2013, Basis Technology 38 • View directories of keyword and hash hits • Tag and bookmark files • Extract files or launch external viewers Right Click Actions
  • 39. © 2013, Basis Technology 39 Ingest Inbox • Shows users what has been found in background tasks
  • 40. © 2013, Basis Technology 40 HTML Report • Report modules can be customized
  • 41. © 2013, Basis Technology 41 Contact Info Brian Carrier Basis Technology brianc@basistech.com