With the field of digital forensics growing at an almost warp-like speed, there are many issues out there that can disrupt and discredit even the most experienced forensic examiner. One of the issues that continue to be of utmost importance is the validation of the technology and software associated with performing a digital forensic examination. The science of digital forensics is founded on the principles of repeatable processes and quality evidence. Knowing how to design and properly maintain a good validation process is a key requirement for any digital forensic examiner. Autopsy is a digital forensics platform and graphical interface to The Sleuth Kit and other digital forensics tools that can be useful in providing a sound validation process. It is used by law enforcement, military, and corporate examiners to investigate what happened on a computer. You can even use it to recover data such as photos, deleted documents, email, etc. from your any device such as a camera's memory card, thumb drive and or internal and external hard drives.

Click on the link below for lab instructions:

Sleuth Kit Introduction

You are to keep your log while you conduct each of these exercises. Create your report using Autopsy save it as .doc and submit file titled Module_10_Lab.doc.

Autopsy Reports Lab

Overview:

Autopsy is a digital forensics platform and graphical interface to The Sleuth Kit digital forensics tool suite. It is used by law enforcement, military, and corporate examiners to investigate what happened on a computer. You can even use it to recover data such as photos, deleted documents, email etc. from your any device such as a camera's memory card, thumb drive and or internal and external hard drives.

Detail:

Download Source: www.sleuthkit.org/autopsy/

Version: Sleuth Kit 2.24 (Preinstalled in Kali 2016.1)

Platform: Kali 2016.1

Required Dependencies: Full upgrade

Source Files: Autopsy Introduction.zip, diskimage.dd

Objectives:

Create a new case in Autopsy using a given disk image.

Process:

Preparation:

Install Kali (If You Haven't Done So Already)

The first step is to download and install Kali Linux. This can be done as a standalone operating system, a bootable thumb drive (preferred), or in a virtual machine inside the operating system of your choice.

Extract Autopsy Introduction.zip to Kali desktop

Fdisk l information to locate disk_image.dd location. Include a gnome-screenshot in this report.

Launch Autopsy

Browse to Forensics Tools Autopsy and launch program.

Launch Iceweasel browser and enter the following address localhost 9999/autopsy

See Figure 2 Launch Autopsy below for detail.

Create a New Case (See figure 3)

Enter the Case Name in the following format: Course Number_Module

Enter the Case Description in the following format: Lab Title

Enter Investigator Name in the following format: First Name Initial_Last Name.

Add New Host (See figure 4)

Choose Add Host

Enter host name using the following format: Course Number_module

Press on Add Host

Add Image (See figure 5)

Choose location of your image file. In this lab we will be using the diskimage.dd file created in module one of this course.

Choose the symbolic link (Symlink) option. This eliminates duplicating image.

Refer to your fdisk l for image location.

Create a report

A final report can be generated that will include all analysis results. Browse the image and carve out forensics information of interest. Future forensics labs will ask you to pull specific forensics detail so take this time to kick the tires. Autopsy will record all findings, report these findings use the "Generate Report" button to create a report. Autopsy will create an HTML or XLS report in the Reports folder of the case folder. If you forgot the location of your case folder, you can determine it using the "Case Properties" option in the "File" menu. There is also an option to export report files to a separate folder outside of the case folder. Please convert this report to .doc and submit report along with your lab assignment for this week. Include quality comments in the conclusion below. Submit this lab and report in its entirety for grading.

Conclusion:

What did you learn in this lab?