Autopsy® is the premier end-to-end open source digital forensics platform. Built by Basis Technology with the core features you expect in commercial forensic tools, Autopsy is a fast, thorough, and efficient hard drive investigation solution that evolves with your needs
Autopsy is a tool used for analyzing Disk Images.
It can be used on both smartphones as well as computers.
Installer – https://www.autopsy.com/download/
Creating a New case
- Click New Case
- Provide a name for the case
- Add investigation info if necessary
- Add a Data Source (this can be a disk image or VM file)
Things to look for
- 1. Allocated and unallocated space
- Size of partitions
- Formats
Timestamps help create a timeline
You can search the recycle bin. Removed files can be found under the recycle bin category
Finding Hostname
Search in Operating system information. — this will give OS information
For Hostname: Operating system information, look under NAME
Local admin last accessed
Go to OS accounts tab
search for user and gather information
Finding Email files that were downloaded
How to find email files that were downloaded
- Select accounts
- choose email
How to export
- Select the email file
- Right click and download
- Open With email client
- Email Sender
- Email Recipient
- Date and Time
- Subject Line
- Sending Server IP
- and more!