Explore the powerful features of Autopsy 4.19+ in this comprehensive 34-minute mini-course on data artifacts, analysis results, and reporting. Learn how to conduct a full digital forensic investigation using this free, open-source toolkit. Dive into the Windows 10 disk image analysis, examining installed programs, metadata, operating system information, recent documents, and more. Discover how to reconstruct software installation and usage, such as nmap, during forensic analysis. Master the process of generating artifact reports and understand how to utilize them in your final investigation report. Gain insights into various web-related artifacts, encryption detection, EXIF metadata, and keyword hits. Perfect for digital forensic investigators looking to enhance their skills with Autopsy's comprehensive toolset.
Overview
Syllabus
Autopsy Data Artifacts
Exploring the Windows 10 disk image
Autopsy: Data Artifacts
Installed Programs
Metadata
Operating System Information
Recent Documents
Recycle Bin
Run Programs
Run Programs - Verify with additional evidence
Autopsy analysis procedure overview
Shell Bags
USB Device Attached
Web Accounts
Web Bookmarks
Web Cache
Web Cookies
Web Downloads
Web Form Autofill
Web History
Web Search
Autopsy: Analysis Results
Encryption Suspected
EXIF Metadata
Extension Mismatch Detected
Interesting Files
Keyword Hits
Previously Unseen
User Content Suspected
Web Account Type
Web Categories
Artifacts and Results Overview
Bookmarked items review
Generate an artifact report based on bookmarks
Example full Autopsy report
How to use an Autopsy report
Conclusions
Taught by
DFIRScience
