DIGITAL FORENSICS

LAB DIGITAL ASSIGNMENT - 1

SALONI ANAND Submitted to:

18BCE2276 Mr. Aju D.

Study and learning of Digital Forensics Tool: Autopsy

Autopsy is computer software that makes it simpler to deploy many of the open source programs and
plugins used in the Sleuth kit. The graphical user interface displays the results from the forensic search
of the underlying volume making it easier for investigators to flag pertinent sections of data.

Process:

Autopsy analyses major file systems (NTFS, FAT, ExFAT, HFS+, Ext2/Ext3/Ext4, YAFFS2) by hashing all
files, unpacking standard archives (ZIP, JAR etc.), extracting any EXIF values and putting keywords in an
index. Some file types like standard email formats or contact files are also parsed and catalogued.

Users can search these indexed files for recent activity or create a report in HTML or PDF summarizing
important recent activity.

FEATURES:

1. Recent Activity: Extracts recent user activity, such as Web Browsing, recently used documents
and installed programmes.

2. Hash Lookup: Identifies known and notable files using supplied hash sets and calculates and
validates hashes of data sources.

3. File Type Identification: Matches files type based on binary signatures.

4. Extension Mismatch Detector: Flags files that have non-standard extension based on their
filetype.

5. EXIF Parser: Extracts geo location and camera information from JPEG files.

6. Keyword Search: Text extraction and index searched modules enable you to find files that
mention specific terms and find regular expression patterns.

7. Correlation Engine: Saves properties to the central repository for later correlation.

8. Android Analyzer: Extracts data from SMS, call logs, contacts, Tango, Words with Friends, and
more.
 Start the Autopsy software and choose between New Case, Open Recent Case or Open Case

Enter the Case Information like the case number and location it is to be saved in (if it is a new case).
The case number and examiner details may also be entered for further convenience.
Select the type of data source to add, select the Data Source. Next step involves configuring the ingest
modules that is choosing which aspects of the file/folder you want to investigate

INDEPTH STUDY OF THE FILE MANTOOTH

 The devices attached can be viewed

The mail from and to along with the subject can be viewed
The email details can be seen when double clicked
Graphs can be made to understand the timeline by autopsy which helps the user understand better
Local Area Connection can be seen

Web Search can be viewed

One advantage of Autopsy is that it can view and import Hash sets and hence identify them later.
 The Images and videos can be viewed

A report can be generated of the file Mantooth

Click on generate report option in the navbar and then choose the format of report to be generated
Report generation for washer disk