Question
I am expected to get Case Data for this case by using Autopsy but i keep getting problem can someone plez help me with this.
I am expected to get Case Data for this case by using Autopsy but i keep getting problem can someone plez help me with this. Please provide the SCREEN SHOT
You work for a large corporations IT Security Department. Your duties include conducting internal digital investigations and forensics examinations on company computing systems. A paralegal from the Law Department, Ms. Jones, asks you to examine a USB drive belonging to an employee who left the company and now works for a competitor. The Law Department is concerned that the former employee might possess sensitive company data. Ms. Jones wants to know whether the USB drive contains anything relevant. In addition, she tells you that the former employee might have had access to confidential documents because a co-worker saw him accessing his managers computer on his last day of work. These documents consist of nine files containing the word confidential. She wants to know whether the USBs bit-stream image file has these documents
To process this case, make sure the Case4_2 file has been extracted to your work folder, and then follow these steps: 1. Start Autopsy for Windows, if you exited it at the end of the previous project. If the previous project is open, click Case, Close Case from the menu. Click the Create New Case icon. In the New Case Information window, enter Case4_2 in the Case Name text box, and click Browse next to the Base Directory text box. Navigate to and click your work folder, and then click Next. 2. In the Additional Information window, type Case4_2 in the Case Number text box and your name in the Examiner text box, and then click Finish. 3. In the Select Data Source window, click the Select data source type list arrow, and click Disk Image or VM file. Click the Browse button next to the Browse for an image file text box, navigate to and click your work folder and the Case4_2 file, and then click Open. Click Next. 4. In the Configure Ingest Modules window, click Select All. Click Next and then Finish. 5. Click the Keyword Search button at the far upper right, type confidential in the text box, and then click Search. 6. In the Result Viewer pane, a new tab named Keyword search 1 opens. Click each file to view its contents in the Content Viewer pane. 7. Ctrl+click to select the files in the Keyword search 1 tab. Right-click this selection, point to Tag File, and click Tag and Comment. In the Create Tag dialog box, click the New Tag Name button, type Recovered Office Documents in the Tag Name text box, and then click OK. 8. Click Generate Report at the top. In the Generate Report window, click the Results - Excel option button in the Report Modules section, and then click Next. 9. In the Configure Artifacts Report window, click the Tagged Results button, click the Recovered Office Documents check box, and then click Finish. 10. In the Report Generation Progress Complete window, click the Results - Excel pathname to open the Excel report. This Excel file should have several tabs of information about the files you tagged for this project.
Step by Step Solution
There are 3 Steps involved in it
Step: 1
Get Instant Access to Expert-Tailored Solutions
See step-by-step solutions with expert insights and AI powered tools for academic success
Step: 2
Step: 3
Ace Your Homework with AI
Get the answers you need in no time with our AI-driven, step-by-step assistance
Get Started