🔍

Overview of Autopsy Software for Forensics

Apr 6, 2025

Lecture Notes: Autopsy Software Overview

Introduction

  • Welcome back students
  • Focus: Learning Autopsy software
  • Notable Features:
    • Best software for digital investigation/forensics analysis
    • Free to download from autopsy.com

Installation

  • Choose 32-bit or 64-bit version
    • Recommended: 64-bit for better RAM usage (over 4GB)
  • Installation on a Windows 7 virtual machine

Initial Setup

  • Creating a Case:
    • Click on New Case
    • Example Name: Disk Analysis
    • Change path to a different drive (D drive recommended)
  • Host Selection:
    • Generate a new host file or use an existing case

Selecting Disk Images

  • Options to create/import disk images:
    • Select local files or existing images
    • Must select a non-C drive partition for saving results
  • Disk Image Creation:
    • Autopsy can create VHD images usable in virtual environments

Data Analysis Process

  • Select timezone for accurate timestamps
  • Options for investigation:
    • Hash lookup
    • Identify file types
    • Analyze Android/iOS data
  • Processing may take time depending on the size of the drive

Analysis Completion

  • Progress tracking available in the software
  • Details Available Post-Analysis:
    • File types segregated into categories (images, videos, audio, etc.)
    • Preview of files, file metadata, and hex code
    • Recent Activity logs and installed software information

Important Features

  • Recover Deleted Files: Can segregate and view details
  • Document Analysis: PDFs, documents, and recent files accessed
  • User Accounts: Show accounts used for login and their activity
  • Web Activity:
    • Browsing history and web cache details
    • Cookies information available

Reporting

  • Generate reports in various formats (e.g., CSV, HTML)
  • Customizable report options (header, footer, results selection)
  • Final report includes:
    • Data analysis results
    • Web categories, bookmarks, shell results
  • Useful for presenting in legal contexts

Conclusion

  • Autopsy Software offers a comprehensive toolset for digital forensics.
  • Latest version discussed: 4.5
  • Emphasis on learning and mastering these tools for future investigations.

Thank you for attending!

Full transcript