This course teaches learners how to start a digital forensic investigation case using Autopsy 4.19+. The learning outcomes include organizing case files, starting forensic documentation, processing case data, following a forensic analysis workflow, and generating reports. Learners will acquire skills in forensic keyword searching, entropy testing, YARA basics, file carving, and utilizing various modules within Autopsy. The teaching method involves a step-by-step guide through the digital investigation process. This course is intended for individuals interested in digital forensics, specifically those looking to enhance their skills in conducting forensic investigations using Autopsy.
Overview
Syllabus
Starting a digital investigation with Autopsy
Setting up your forensic workstation
Organize case files
Start your documentation!
Organizing suspect image data
Starting a new case in Autopsy
Autopsy: Case Information
Autopsy: Optional Information
Autopsy: Select Host
Autopsy: Select Data Source Type
Autopsy: Select Data Source
Autopsy: Configure Ingest
Modules: Recent Activity
Modules: Hash Lookup
Modules: File Type Identification
Modules: Extension Mismatch Detector
Modules: Embedded File Extractor
Modules: Picture Analyzer
Modules: Keyword Search
Modules: Email Parser
Modules: Encryption Detection
Modules: Interesting Files Identifier
Modules: Central Repository
Modules: PhotoRec Carver
Modules: Virtual Machine Extractor
Modules: Data Source Integrity
Modules: ALEAPP
Modules: Plaso
Modules: YARA Analyzer
Modules: iLEAPP
Modules: Android Analyzer
Autopsy module selection strategy
Autopsy: Add Data Source
Autopsy: Processed Data View
Autopsy: Main file view
Autopsy: File detail view
Autopsy: Filters and views
Autopsy: Deleted files filter
Autopsy: Data Artifacts, etc
Example investigation workflow
Case-specific keyword search
Tagging relevant items
Generate findings report
Analysis procedure overview
Autopsy: Images/Videos tool
Conclusions
Taught by
DFIRScience
