Disk Image Analsysis in Forensic

This document discusses analyzing a disk image using Autopsy. It begins by introducing disk image analysis and Autopsy. It then provides step-by-step instructions for opening a case in Autopsy, selecting the disk image file, and viewing the file structure and retrieved files. Several screenshots illustrate the Autopsy interface and examples of recovered files like emails and deleted files. It concludes that if evidence is found on the disk image, then the user should be held responsible according to law.

Uploaded by

MoTech

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

204 views10 pages

Disk Image Analsysis in Forensic

Uploaded by

MoTech

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

You are on page 1/ 10

DISK IMAGE ANALYSIS

USING AUTOPSY

MoTech IT Articles
NOEL MOSES MWADENDE
INTRODUCTION.
This is our last part of device forensic, after doing USB write
protection, creating disk image, now it is time to retrieve all
contents of USB drive and make analysis of it.

Below are the steps

After opening autopsy, it should look as shown in the figure 1.

Fig. 1.
In the new case click addition sign to create new case as shown
in the figure 1.
Fig. 2.
After clicking new case in the figure one, new window will open
as shown in the figure 2. In the case name field, fill it with the name
of the case, make sure single user is marked.

Fig. 3.
In the figure 3, Base Directory is the directory for the case to be
written and the name of our case is MURDER CESE, so inside folder
called USB in the desktop case name will be written, fill all
information as shown in the figure 2 above and then click next.

Fig. 4.

Fig. 5.
In the figure 5 we can see the data source file which is the image
created by using FTK.

Fig. 6.

Fig. 7.
Figure number 7 shows the detected USB which contain retrieved
files.
Fig. 8.
Figure number 8 shows the tree structure of contents retrieved.
Fig. 9.

Fig. 10.

Figure number 9 and number 10 shows deleted files which is

recovered.
Fig. 11.
Figure number 11 shows retrieved emails, these tools are working
fine, if victim deleted files all files are retrieved, if user refuse that
he or did not used any email in computer, all emails are retrieve.
CONCLUSION.
If all evidences are found, in the USB of user then according to laws
user should be held responsible, thank you that is the end of Device
Forensic, thank you for being with me from the start till the end.
WAYS TO GET IN TOUCH WITH MoTech.
Linkedin.com
https://www.linkedin.com/in/motech-inc-720261191/

YouTube.com
https://www.youtube.com/channel/UCtuaigKZF3okQnKON5RM1qQ

Amazon.com
https://www.amazon.com/s?k=noel+moses+mwadende&ref=nb_s
b_n oss

Github.com
https://github.com/MoTechStore/

Scribd.com
https://www.scribd.com/user/470459684/MoTech

SlideShare.com
https://www.slideshare.net/MoTechInc?utm_campaign=profiletrac
king&utm_ medium=sssite&utm_source=ssslideview

Security Practics Unit 1
No ratings yet
Security Practics Unit 1
68 pages
Forensics Assignment Breakdown
No ratings yet
Forensics Assignment Breakdown
9 pages
Guide To Computer Forensics and Investigations Fifth Edition
No ratings yet
Guide To Computer Forensics and Investigations Fifth Edition
76 pages
Midterm Test 1 (Page 1 of 4)
No ratings yet
Midterm Test 1 (Page 1 of 4)
1 page
PIVOT Lab - Forensic Image Extraction: What Is It?
No ratings yet
PIVOT Lab - Forensic Image Extraction: What Is It?
12 pages
Incident & Incident Response Methodology
No ratings yet
Incident & Incident Response Methodology
38 pages
What Is Forensic Toolkit (FTK) ?
No ratings yet
What Is Forensic Toolkit (FTK) ?
7 pages
Information Gathering
100% (1)
Information Gathering
11 pages
Interviewing in Forensic Investigation
No ratings yet
Interviewing in Forensic Investigation
5 pages
Digital Forensics Report
No ratings yet
Digital Forensics Report
36 pages
Cyber Forensics Principles: Jayaram P Cdac
No ratings yet
Cyber Forensics Principles: Jayaram P Cdac
54 pages
Cheat Sheet - CHFI
No ratings yet
Cheat Sheet - CHFI
1 page
Essential Guide To Python For All Levels (2024 Collection
No ratings yet
Essential Guide To Python For All Levels (2024 Collection
184 pages
Data Formats
No ratings yet
Data Formats
89 pages
Pub059-035!00!1116 (Pakscan FCU (Field Control Unit) Technical Manual For IQ3 CVA CMA)
No ratings yet
Pub059-035!00!1116 (Pakscan FCU (Field Control Unit) Technical Manual For IQ3 CVA CMA)
52 pages
Module 1 - Introduction To Digital Investigation and Forensics
No ratings yet
Module 1 - Introduction To Digital Investigation and Forensics
34 pages
Quantitative Primer
No ratings yet
Quantitative Primer
89 pages
Cloud Forensics
No ratings yet
Cloud Forensics
33 pages
Digital Forensics and Incident Response (DFIR)
No ratings yet
Digital Forensics and Incident Response (DFIR)
11 pages
Chapter 11 Report Writing For High Tech Investigation
No ratings yet
Chapter 11 Report Writing For High Tech Investigation
28 pages
Daytona Operator Training Manual v1 PDF
No ratings yet
Daytona Operator Training Manual v1 PDF
33 pages
Cyber Check Manual Version 3.0
No ratings yet
Cyber Check Manual Version 3.0
316 pages
Digital Image Forensics
No ratings yet
Digital Image Forensics
6 pages
Module 02 - Computer Forensics Investigation Process - AG - 25
No ratings yet
Module 02 - Computer Forensics Investigation Process - AG - 25
53 pages
Digital Forensic-Introduction 1
100% (3)
Digital Forensic-Introduction 1
29 pages
Digital Forensics Lec2 Spring 2021
No ratings yet
Digital Forensics Lec2 Spring 2021
50 pages
Capability Maturity Model (CMM) & It's Levels in Software Engineering
No ratings yet
Capability Maturity Model (CMM) & It's Levels in Software Engineering
11 pages
CH 09
No ratings yet
CH 09
56 pages
Value Stream Mapping Fundamentals
88% (8)
Value Stream Mapping Fundamentals
28 pages
Lec8 Image Forensics
No ratings yet
Lec8 Image Forensics
24 pages
Android Forensics
No ratings yet
Android Forensics
8 pages
INT250
No ratings yet
INT250
2 pages
Method of Digital Forensic
100% (1)
Method of Digital Forensic
6 pages
Computer Forensics
No ratings yet
Computer Forensics
12 pages
Chapter 5 Forensic
No ratings yet
Chapter 5 Forensic
84 pages
What Is Digital Forensics - History, Process, Types, Challenges
100% (2)
What Is Digital Forensics - History, Process, Types, Challenges
6 pages
Virtualization - Dark Web Forensics Using Csi Linux: Deborah K. Wells, Lecturer, CWU
No ratings yet
Virtualization - Dark Web Forensics Using Csi Linux: Deborah K. Wells, Lecturer, CWU
48 pages
MT Post Editing Guidelines
100% (1)
MT Post Editing Guidelines
42 pages
Digital Forensics Seminar Report
67% (3)
Digital Forensics Seminar Report
23 pages
Digital Forensics Experiment - 1: Study and Learning of Digital Forensic Tool
No ratings yet
Digital Forensics Experiment - 1: Study and Learning of Digital Forensic Tool
7 pages
04 - Evidence Collection and Data Seizure
100% (1)
04 - Evidence Collection and Data Seizure
7 pages
Top 5 Digital Forensic Court Cases
No ratings yet
Top 5 Digital Forensic Court Cases
1 page
Maquinas de Corte de Chaves Ninja
No ratings yet
Maquinas de Corte de Chaves Ninja
418 pages
IS & F Lecture #29 30 - Computer Forensics-Data Acquisition
No ratings yet
IS & F Lecture #29 30 - Computer Forensics-Data Acquisition
17 pages
Digital Forensic Analysis Services Report - V1.0 (002) - EN
No ratings yet
Digital Forensic Analysis Services Report - V1.0 (002) - EN
15 pages
CHFIv9 STUDY GUIDE - NEW
No ratings yet
CHFIv9 STUDY GUIDE - NEW
75 pages
Court Testimony
No ratings yet
Court Testimony
45 pages
S4 Hana 1709
No ratings yet
S4 Hana 1709
7 pages
Cyber Forensic
No ratings yet
Cyber Forensic
51 pages
Question Bank Cyber Forensics in Engineering Study
No ratings yet
Question Bank Cyber Forensics in Engineering Study
10 pages
TDL Reference Manual
No ratings yet
TDL Reference Manual
321 pages
Digital Forensics
No ratings yet
Digital Forensics
23 pages
Example of An Expert Witness: By: Vincenzo Crawford BS. FORENSIC SCIENCE, University of Technology (U-Tech), Jamaica
No ratings yet
Example of An Expert Witness: By: Vincenzo Crawford BS. FORENSIC SCIENCE, University of Technology (U-Tech), Jamaica
8 pages
Fundamentals of Cyber Security II Lecture 1
No ratings yet
Fundamentals of Cyber Security II Lecture 1
20 pages
Sara - Unit-4
No ratings yet
Sara - Unit-4
28 pages
Paros Vulnerability Scanner
No ratings yet
Paros Vulnerability Scanner
20 pages
DAYmate S Installation Qualification - Qualios 01078 - Version 6.0
No ratings yet
DAYmate S Installation Qualification - Qualios 01078 - Version 6.0
6 pages
Forensics - Lab 6
No ratings yet
Forensics - Lab 6
4 pages
10 KnowledgeC Investigation
No ratings yet
10 KnowledgeC Investigation
42 pages
Explain Process For Collecting Network Based Evidence
No ratings yet
Explain Process For Collecting Network Based Evidence
10 pages
Anti Forensics
No ratings yet
Anti Forensics
11 pages
Assignment-5: 1-d Transient Heat Conduction Through Cylinder
No ratings yet
Assignment-5: 1-d Transient Heat Conduction Through Cylinder
4 pages
Lab Digital Assignment Iv - Prodiscover
No ratings yet
Lab Digital Assignment Iv - Prodiscover
21 pages
Creating A Response Toolkit: Gathering The Tools
No ratings yet
Creating A Response Toolkit: Gathering The Tools
26 pages
Educational Technology Course Outline
No ratings yet
Educational Technology Course Outline
2 pages
Maher Forensics Chapter 2010
No ratings yet
Maher Forensics Chapter 2010
18 pages
NLTK Installation Guide
No ratings yet
NLTK Installation Guide
13 pages
COIT20263 Information Security Management - Assignment 2
No ratings yet
COIT20263 Information Security Management - Assignment 2
5 pages
DMF Lab Manual
No ratings yet
DMF Lab Manual
31 pages
Oop Question Bank Unit 2
No ratings yet
Oop Question Bank Unit 2
9 pages
MG University001
No ratings yet
MG University001
11 pages
L03 - Verilog - Structural Vs Behaviroual HDL
No ratings yet
L03 - Verilog - Structural Vs Behaviroual HDL
16 pages
Csol590-02-Fa18-Module 7 Final Project - Computer Forensic Examination Report - Keith Anderson
No ratings yet
Csol590-02-Fa18-Module 7 Final Project - Computer Forensic Examination Report - Keith Anderson
13 pages
Simplified C++ 40 Programs User Manual
No ratings yet
Simplified C++ 40 Programs User Manual
7 pages
Guide To Computer Forensics and Investigations: Data Acquisition
No ratings yet
Guide To Computer Forensics and Investigations: Data Acquisition
13 pages
Forensic Concept
No ratings yet
Forensic Concept
15 pages
Access Data FTK Imager
No ratings yet
Access Data FTK Imager
4 pages
Data Recovery and Evidence Collection SYMCA
No ratings yet
Data Recovery and Evidence Collection SYMCA
16 pages
CSE Complete Syllabus
No ratings yet
CSE Complete Syllabus
9 pages
Zond-MT 1D: User Guide
No ratings yet
Zond-MT 1D: User Guide
25 pages
Free Courses Links
No ratings yet
Free Courses Links
11 pages
Angry Birds - Olson
No ratings yet
Angry Birds - Olson
2 pages
Scambaiting Audio
No ratings yet
Scambaiting Audio
17 pages
Week 8 - Anti-Forensics
No ratings yet
Week 8 - Anti-Forensics
10 pages
Apple Employee Communications Kit
100% (1)
Apple Employee Communications Kit
17 pages
1 1 - Why Clouds 01032023 013831am
No ratings yet
1 1 - Why Clouds 01032023 013831am
17 pages
Warranty Card
No ratings yet
Warranty Card
3 pages
Binary Numbers
No ratings yet
Binary Numbers
13 pages
Aster Flaash PDF
No ratings yet
Aster Flaash PDF
14 pages
The Pivot Table Tutorial
No ratings yet
The Pivot Table Tutorial
30 pages
Application Letter
No ratings yet
Application Letter
4 pages
Kushla Vaishnawi Naidu
No ratings yet
Kushla Vaishnawi Naidu
2 pages
Data Structure Practical File: D.S Lab
No ratings yet
Data Structure Practical File: D.S Lab
16 pages
Math 219 Syllabus - Metu Math. Dept. 2013 Fall Semester
No ratings yet
Math 219 Syllabus - Metu Math. Dept. 2013 Fall Semester
2 pages

Disk Image Analsysis in Forensic

Uploaded by

Disk Image Analsysis in Forensic

Uploaded by

DISK IMAGE ANALYSIS

Below are the steps

Figure number 9 and number 10 shows deleted files which is

You might also like