Scribd
Upload
8 views

Assignment Title 3

The document outlines an assignment focused on using Autopsy for hard disk analysis, detailing tasks such as introducing Autopsy, setting it up, performing various analyses, and reporting findings. It emphasizes Autopsy's role as an open-source forensic tool, its installation process, and the steps for analyzing disk images, including data ingestion, filesystem analysis, and keyword searches. The assignment culminates in generating a forensic report that summarizes the investigation and key findings.

Uploaded by

Muhammad Atif
Copyright
© © All Rights Reserved
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
8 views

Assignment Title 3

The document outlines an assignment focused on using Autopsy for hard disk analysis, detailing tasks such as introducing Autopsy, setting it up, performing various analyses, and reporting findings. It emphasizes Autopsy's role as an open-source forensic tool, its installation process, and the steps for analyzing disk images, including data ingestion, filesystem analysis, and keyword searches. The assignment culminates in generating a forensic report that summarizes the investigation and key findings.

Uploaded by

Muhammad Atif
Copyright
© © All Rights Reserved
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 3

Assignment 3:\

Hard Disk Analysis Using Autopsy: Exploring Its Features and Functions

Assignment Tasks:
Task 1: Introduction to Autopsy
1. Write a brief introduction to Autopsy, highlighting:
o Its purpose as a forensic tool.
o Its open-source nature and key use cases.
o Supported platforms (e.g., Windows, Linux).
2. Explain why Autopsy is a preferred tool for digital forensics, particularly in analyzing
hard disks.

Task 2: Setting Up Autopsy


1. Provide instructions on how to download and install Autopsy on a system.
2. Include steps to create a case in Autopsy with a focus on:
o Adding a disk image for analysis.
o Setting up the case details (e.g., case name, examiner name, case number).

Task 3: Performing Hard Disk Analysis


Using a sample disk image (you may provide one or ask students to acquire a sample disk image
online, such as a forensic training image), perform the following:
1. Data Ingestion:
o Import the disk image into Autopsy.
o Describe the type of disk image supported (e.g., raw .dd, .img, or .E01 formats).
o Document the process of importing and indexing.
2. Filesystem Analysis:
o Explore the contents of the hard disk.
o Identify the file systems supported (e.g., NTFS, FAT32).
o Extract and analyze deleted files, if any.
3. Keyword Search:
o Demonstrate how to use Autopsy’s keyword search functionality.
o Use relevant keywords (e.g., “password,” “confidential,” or “malware”) and
analyze results.
4. File Metadata Analysis:
o Select a file and extract metadata (e.g., file creation date, modification date).
o Explain how metadata can be useful in investigations.
5. Recover Deleted Files:
o Document the process to recover deleted files using Autopsy.
o Mention any challenges encountered.
6. Analyzing Browser History:
o Extract and analyze browser activity (e.g., visited websites, cookies, downloads).
o Explain the significance of browser artifacts in a forensic investigation.
7. Timeline Analysis:
o Create a timeline of events from the hard disk.
o Analyze and report on key events such as file access, modification, and deletion
times.

Task 4: Reporting with Autopsy


1. Generate a forensic report using Autopsy’s built-in reporting feature.
2. Include the following in the report:
o Summary of the investigation.
o Key findings (e.g., recovered files, relevant artifacts).
o Screenshots of evidence where applicable.
3. Explain the importance of maintaining the integrity of forensic reports.

Deliverables:
 A written document (Word or PDF) covering all tasks.
 Screenshots of key steps and findings.
 A forensic report generated by Autopsy.

You might also like