0% found this document useful (0 votes)

12 views

Chapter 3 Digital Forensic investigation using Forensic Software -Autopsy

This document outlines the process of digital forensic investigation using forensic software, specifically Autopsy. It details the requirements for conducting a digital investigation, the significance of data locations and timestamps, and the steps for creating a case and configuring analysis modules within Autopsy. Additionally, it discusses data recovery techniques using PhotoRec, a tool designed for recovering lost files from various storage media.

Uploaded by

Liyat Tesfaye

Available Formats

Download as PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

12 views

Chapter 3 Digital Forensic investigation using Forensic Software -Autopsy

Uploaded by

Liyat Tesfaye

Available Formats

Download as PDF, TXT or read online on Scribd

You are on page 1/ 17

COMPUTER CRIME & DIGITAL

FORENSIC
CHAPTER THREE: DIGITAL FORENSIC INVESTIGATION USING FORENSIC
SOFTWARE -AUTOPSY
INSTRUCTOR : SAMUEL TAMIRAT
PhD candidate
MAIN POINT

• Digital Forensic Investigation Requirements

• Data location and the meaning of data
• Digital Forensic investigation With Autopsy
• Data recovery using PhotoRec
DIGITAL FORENSIC INVESTIGATION REQUIREMENT

• Make clear understanding of what the digital investigation need or should answer
• Make sure the data or image that we copied is in a forensically sound way
• The data recovered or preprocessed should be seen
• What the date means for our investigation
• File time stamp
• Window registry entries
• File in download folder
• File in a temporary internet files
DATA LOCATION AND THE MEANING OF DATA

• File Timestamps
• Most file systems keep track of timestamp
• Created, Accessed, Modified
• Action that affect timestamp
• Moving, Copying, creating and editing the file

• Window Registry
• Contains windows and user settings information in windows system.
• Registry key contain information about setting
• E.g. TypedURLs
DATA LOCATION AND THE MEANING OF DATA

• File in download folder

• Default location for browser downloads.

• File in internet cache (Temp internet files, INetCache)

• Temporary storage for browsers when downloading webpages

• There are many location for data storage and different type of data exists
• Each location and data type means different depending on the investigation context
DIGITAL FORENSIC INVESTIGATION WITH
AUTOPSY
CREATING A NEW CASE

• Case Name: CaseNo-CaseType-Name of Investigator-Name of victim-Year

• Eg. (001-F-Sam-2016)
AUTOPSY OVERVIEW

1. New Case Creation

AUTOPSY OVERVIEW (CONT.…)

2. Adding Data source

AUTOPSY OVERVIEW (CONT.…)

3. Selecting Data source

CONFIGURE INGEST MODULE

• This is where the actual analysis of the disk is performed

• Recent Activity: Extract recent user activity such as a web browsing, recently access files.
• Hashlookup: identify known and notable files using supplied hash database.
• File type identification: Match file types based on binary signatures
• Embedded File Extractor: Extract embedded files (docx, ppts, xlsx, …)
• ExIF Extractor: Ingest JPEG files and retrieves the ExIF metadata.
• Keyword Search: Perform file indexing and periodic search using keywords.
• Email Parser : This module detects and parses mbox and pst/ost files
CONFIGURE INGEST MODULE (CONT.,,,)

• Extension Mismatch detector: This module flags a file that have a non standard file
extension
• E01 Verifier:Validate the integrity of E01 File.
• Interesting file extensions: Identify interesting item based on the rule defined as what
are the interesting items are.
• Photorec Carver: Run photorec curver against un allocated space in the dataset
• Virtual Machine extractor: extract virtual machine files
AUTOPSY OVERVIEW (CONT.…)
DATA RECOVERY WITH PHOTOREC

• PhotoRec is a free and open-source file recovery

software designed to recover lost files, including
videos, documents, and archives, from hard disks,
CD-ROMs, and lost pictures from camera
memory.
• It is a buddy program to TestDisk, another
popular data recovery tool.
DATA RECOVERY WITH PHOTOREC (CONT.…)

• PhotoRec
• Cross-platform tool, meaning it is compatible with various operating systems, including
Windows, macOS, Linux,
• Supports a wide range of file systems, including FAT, NTFS, exFAT, ext2/3/4, HFS+, and many
others
• It recover a variety of file types, including photos, videos, documents, and more.
• It can be used in a live environment, such as a bootable CD or USB drive, allowing users to
perform recovery operations without modifying the existing system.
DATA RECOVERY WITH PHOTOREC (CONT.…)

• Navigate the folder that the disk image exists

• Select the disk image and click proceed

DATA RECOVERY WITH PHOTOREC (CONT.…)

• Select which file to recover

• Select the location where to store the recover data and it will store the recovered data in that location

Cyber Forensics - Lab Manual
100% (2)
Cyber Forensics - Lab Manual
36 pages
Machine Learning Operations MLOps Overview Definition and Architecture
No ratings yet
Machine Learning Operations MLOps Overview Definition and Architecture
14 pages
Data Integration Tools
No ratings yet
Data Integration Tools
40 pages
AcctIS10E Ch11 CE1
No ratings yet
AcctIS10E Ch11 CE1
43 pages
LO - 2 - Data Capture and Memory Forensics
No ratings yet
LO - 2 - Data Capture and Memory Forensics
51 pages
Cybercrime Laboratory Manual
No ratings yet
Cybercrime Laboratory Manual
28 pages
l
No ratings yet
l
14 pages
DF-Moddule-4.docx
No ratings yet
DF-Moddule-4.docx
89 pages
Lec 2 Digital Forensic
No ratings yet
Lec 2 Digital Forensic
21 pages
Practical 1
No ratings yet
Practical 1
4 pages
Chapter 2 Digital forensic tools and Data acquzation process
No ratings yet
Chapter 2 Digital forensic tools and Data acquzation process
27 pages
DFIR Lab Manual
No ratings yet
DFIR Lab Manual
27 pages
Common Forensics Tools
No ratings yet
Common Forensics Tools
10 pages
FTK and Autopsy
No ratings yet
FTK and Autopsy
48 pages
Digital Forensics Autopsy
0% (1)
Digital Forensics Autopsy
13 pages
Cyber Forensic Investigation
No ratings yet
Cyber Forensic Investigation
102 pages
Autopssy
No ratings yet
Autopssy
10 pages
CF Lab File
No ratings yet
CF Lab File
27 pages
Lecture 2 APIC 1.2.3
No ratings yet
Lecture 2 APIC 1.2.3
49 pages
DIgital Forensics DA 1
No ratings yet
DIgital Forensics DA 1
17 pages
Module 02 Data Acquisition
No ratings yet
Module 02 Data Acquisition
15 pages
cyber forencis
No ratings yet
cyber forencis
60 pages
Current Computer Forensics Tools
No ratings yet
Current Computer Forensics Tools
65 pages
Lecture-5&6 Data Acquisition
No ratings yet
Lecture-5&6 Data Acquisition
66 pages
Practicle2-2022UIN3370
No ratings yet
Practicle2-2022UIN3370
8 pages
lab manual for digital forensics
No ratings yet
lab manual for digital forensics
43 pages
Week 8 - Computer Forensics - Autopsy
100% (1)
Week 8 - Computer Forensics - Autopsy
56 pages
File Recovery Digital Forensics
No ratings yet
File Recovery Digital Forensics
7 pages
Cyber Security Da1 Name: Sreaya.V (21BIT0098) A1+TA1 Slot Cyber Forensics Workshop DAY 1 (12 April, 2024)
No ratings yet
Cyber Security Da1 Name: Sreaya.V (21BIT0098) A1+TA1 Slot Cyber Forensics Workshop DAY 1 (12 April, 2024)
19 pages
SCI4201 Lecture 4 - Data Acquistion
No ratings yet
SCI4201 Lecture 4 - Data Acquistion
46 pages
Cyber Forensics Shailesh
No ratings yet
Cyber Forensics Shailesh
74 pages
CH 04
No ratings yet
CH 04
76 pages
CITS1003 9 Forensics
No ratings yet
CITS1003 9 Forensics
36 pages
Document 1
No ratings yet
Document 1
9 pages
Memory forensic
No ratings yet
Memory forensic
5 pages
CSI Linux - Data Recovery and Data Carving
No ratings yet
CSI Linux - Data Recovery and Data Carving
13 pages
Digital_Forensics_Cheatsheet
No ratings yet
Digital_Forensics_Cheatsheet
2 pages
Bits-and-Bytes-in-Digital-Forensics
No ratings yet
Bits-and-Bytes-in-Digital-Forensics
14 pages
CF unit 2
No ratings yet
CF unit 2
17 pages
cf lab r
No ratings yet
cf lab r
40 pages
Digital Forensics Lab Manual-Converted-Compressed
100% (1)
Digital Forensics Lab Manual-Converted-Compressed
44 pages
DCIT409-Group_Project
No ratings yet
DCIT409-Group_Project
16 pages
Digital Forensic Tools for Investigators
No ratings yet
Digital Forensic Tools for Investigators
4 pages
Marsad Forensic Assignment
No ratings yet
Marsad Forensic Assignment
35 pages
Guide To Computer Forensics and Investigations Fourth Edition
No ratings yet
Guide To Computer Forensics and Investigations Fourth Edition
58 pages
Win Hex
No ratings yet
Win Hex
18 pages
Chapter 4 - Data Acquisition
No ratings yet
Chapter 4 - Data Acquisition
39 pages
Digital forensics extra
No ratings yet
Digital forensics extra
5 pages
Dfda1 Compressed
No ratings yet
Dfda1 Compressed
35 pages
Cyber Forensic YHK u1p5
No ratings yet
Cyber Forensic YHK u1p5
12 pages
Rupalicyberreport
No ratings yet
Rupalicyberreport
16 pages
digital forensics
No ratings yet
digital forensics
12 pages
Dr. Phil Nyoni: Digital Forensics Lecture 2: Acquiring Digital Evidence July 2021
No ratings yet
Dr. Phil Nyoni: Digital Forensics Lecture 2: Acquiring Digital Evidence July 2021
56 pages
Guide to Computer Forensics and Investigations 4th Edition Nelson Solutions Manual pdf download
100% (2)
Guide to Computer Forensics and Investigations 4th Edition Nelson Solutions Manual pdf download
44 pages
Manging Case (1)
No ratings yet
Manging Case (1)
71 pages
Task-1
No ratings yet
Task-1
5 pages
Chapter 09
No ratings yet
Chapter 09
41 pages
Forensic Cop Journal 3 (1) 2009-Standard Operating Procedure of Physical Analysis On Ubuntu
No ratings yet
Forensic Cop Journal 3 (1) 2009-Standard Operating Procedure of Physical Analysis On Ubuntu
3 pages
lecture 1 (2)
No ratings yet
lecture 1 (2)
28 pages
21yd14 Digital Forensics Module 1
No ratings yet
21yd14 Digital Forensics Module 1
120 pages
Best Free Open Source Data Recovery Apps for Mac OS English Edition
From Everand
Best Free Open Source Data Recovery Apps for Mac OS English Edition
Cyber Jannah Sakura
No ratings yet
USB Mass Storage: Designing and Programming Devices and Embedded Hosts
From Everand
USB Mass Storage: Designing and Programming Devices and Embedded Hosts
Jan Axelson
No ratings yet
Beginner's Guide for Cybercrime Investigators
From Everand
Beginner's Guide for Cybercrime Investigators
Nicolae Sfetcu
5/5 (1)
Stock Market Analysis With The Usage of Machine Learning and Deep Learning Algorithms
No ratings yet
Stock Market Analysis With The Usage of Machine Learning and Deep Learning Algorithms
9 pages
Iu Data Management
No ratings yet
Iu Data Management
27 pages
CS 1002 11 Pointers
No ratings yet
CS 1002 11 Pointers
73 pages
Difference Between Call Transaction and Session Method in BDC
No ratings yet
Difference Between Call Transaction and Session Method in BDC
5 pages
Mapping Urban Data - Datasets (A Curated List of Great Datasets For You To Explore)
No ratings yet
Mapping Urban Data - Datasets (A Curated List of Great Datasets For You To Explore)
7 pages
HC110111012 File System Navigation and Management
No ratings yet
HC110111012 File System Navigation and Management
19 pages
Flowchart of Dynamic Ram PDF
No ratings yet
Flowchart of Dynamic Ram PDF
1 page
Tibero v5.0 SP1 Application Developer's Guide v2.1.1 en
No ratings yet
Tibero v5.0 SP1 Application Developer's Guide v2.1.1 en
92 pages
Methods of Data Collection
No ratings yet
Methods of Data Collection
9 pages
Higaonon Oral Literature A Cultural Heritage
No ratings yet
Higaonon Oral Literature A Cultural Heritage
10 pages
Guide To SAP BI Beginners
100% (1)
Guide To SAP BI Beginners
104 pages
Unix - File Permission / Access Modes: Read
No ratings yet
Unix - File Permission / Access Modes: Read
5 pages
Workshop Manual - DCF 280-520 (VDCF07 - 01GB)
No ratings yet
Workshop Manual - DCF 280-520 (VDCF07 - 01GB)
950 pages
File Metadata1
No ratings yet
File Metadata1
2 pages
Dbms Unit 3 Notes
No ratings yet
Dbms Unit 3 Notes
29 pages
2 - IMS Overview
No ratings yet
2 - IMS Overview
32 pages
Epze 7 B NXSa
No ratings yet
Epze 7 B NXSa
10 pages
PL SQL Interview Questions
100% (2)
PL SQL Interview Questions
27 pages
HARQ Process
No ratings yet
HARQ Process
6 pages
Guide To Migrating From DB2 To SQL Server and Azure SQL DB
100% (1)
Guide To Migrating From DB2 To SQL Server and Azure SQL DB
179 pages
Strategi Pembelajaran Pada Mata Pelajaran Ips Program Paket C Di PKBM Farilla Ilmi Tabing Kota Padang
No ratings yet
Strategi Pembelajaran Pada Mata Pelajaran Ips Program Paket C Di PKBM Farilla Ilmi Tabing Kota Padang
10 pages
A Principled Framework For Responsible Data Sharing Between Humanitarian Organizations and Donors
No ratings yet
A Principled Framework For Responsible Data Sharing Between Humanitarian Organizations and Donors
6 pages
Data Structures Notes
No ratings yet
Data Structures Notes
2 pages
Microsoft - Special Guidelines For Partitioned Indexes
No ratings yet
Microsoft - Special Guidelines For Partitioned Indexes
3 pages
APM S24-J25 Syllabus and Study Guide - Final
No ratings yet
APM S24-J25 Syllabus and Study Guide - Final
18 pages
Course Here
No ratings yet
Course Here
7 pages
The Role of Motivation in Human Resources Management
No ratings yet
The Role of Motivation in Human Resources Management
10 pages

Chapter 3 Digital Forensic investigation using Forensic Software -Autopsy

Uploaded by

Chapter 3 Digital Forensic investigation using Forensic Software -Autopsy

Uploaded by

COMPUTER CRIME & DIGITAL

• Digital Forensic Investigation Requirements

• File in download folder

• File in internet cache (Temp internet files, INetCache)

• Case Name: CaseNo-CaseType-Name of Investigator-Name of victim-Year

1. New Case Creation

2. Adding Data source

3. Selecting Data source

• This is where the actual analysis of the disk is performed

• PhotoRec is a free and open-source file recovery

• Navigate the folder that the disk image exists

• Select the disk image and click proceed

• Select which file to recover

You might also like