Explore the integration of Cyber Triage's scoring features into Autopsy for faster and more efficient digital forensics analysis. Learn about analysis results, conclusions, scores, and aggregate scoring techniques to identify "Notable" or "Likely Notable" data. Discover how modules create scores, how examiners interpret them, and examine practical examples of scoring implementation. Gain insights from Greg DiCristofaro and Jayaram Sreevalsan of Basis Technology as they discuss the importance of scoring in prioritizing relevant data for examiners. Delve into topics such as data overload, analysis techniques, artifact aggregate scores, and the new tree layout in Autopsy. Get hands-on knowledge with Java and Python examples for creating analysis results in Autopsy modules.
Autopsy Scoring - Finding the Relevant Data with Analysis Results
Overview
Syllabus
Intro
Problem: Data Overload
We're Not Alone...
Cyber Triage! Wow! But How?
Keeping Score for faster Triage
More than a single Analysis technique
Analysis Techniques
Analysis Result Relevance Score
Artifact Aggregate Score
Summary
Data Artifacts and Analysis Results
Data Artifacts...
New Analysis Result Type
Analysis Results Details...
Scoring Details: Significance
Scoring Details: Priorities
Aggregate Score Algorithm
Example Score
New Tree Layout
New Analysis Result Viewer
Why Make an Autopsy Module?
Creating Analysis Results: Java Example
Creating Analysis Results: Python Example
Taught by
BasisTech
