Test Image File

Autopsy-tool:

Autopsy refers to a digital forensics platform used for conducting in-depth examinations
of digital devices and file systems. It is a tool that assists in the investigation of what
happened on a computer by analyzing data such as deleted files, web browsing history,
and file access logs.

Features:
Following are the four features of the Autopsy tool.
1.User Interface and Usability:

This is the interface of the autopsy tool. The interface is very simple and easy to use
as well as for beginner. In the first step we will click on New Case and select the case.
This is the optional information regarding the case that we want to analyze on this software.

In this step, we will select the host.

In this step we will select data source type that is what type of Image we want to analyze. Here
we analyze the Disk Image.
2.Data Acquisition

Autopsy supports the multiple formats like E01, DD, AFF. Here I used a file of E01
format for analysis.
Here in this step we can choose the File on which we perform the analysis.

In this step we see that file was added successfully and all the related information were shown
below.
3.File Recovery and Carving

Autopsy tool recovered deleted files as shown below. This tools shows the list of all
the deleted files and we can easily access these files by using this software.

4.Arti-Fact Analysis

Autopsy tool provide the detailed information regarding the artifacts and we can easily
access these detailed information.The image shown below give the detailed artifacts of
the file and the source is Email parser.
ACCESS DATA FTK IMAGER:
FTK Imager is a free data preview and imaging tool used to acquire
electronic evidence in a forensically sound manner by creating copies of
computer data without making changes to the original evidence.
Features:
1.User Interface and Usability:

The Interface of FTK is also simple and easy to access like autopsy tool but in case of
autopsy we create a case and for this purpose perform 2-3 steps and in the FTK we can
only perform one step and select what type of File we want to analyze and case is
created.

2.Data Acquisition

FTK also supports the multiple formats like E01, DD, AFF same as Autopsy. Here I
used file of E01 format for analysis.
Here in this step we can choose the File on which we perform the analysis.
File was added successfully.
3.File Recovery and Carving

FTK tool recovered deleted files as shown below. This tools shows the list of all the
deleted files and we can make some search to access these files by using this software.
In this software the name of deleted files is known as Orphan Files while in Autopsy
tool it is simply written as Deleted Files. For a new user it might be a little difficult to
access the deleted file in FTK software but in Autopsy everyone can easily access the
deleted files.
Here is the detailed list of all the Orphan or deleted files.

4.Arti-Fact Analysis

Here in this software we can create a Disk Image having a file format E01 and then
collect the information regarding artifact analysis. It will give all the detailed information
regarding the image and we can perform our analysis. Artifact Analysis in FTK imager
is difficult as compared to the autopsy tool. FTK imager is a little bit complex than
Autopsy tool.
Magnetic Axiom:

Magnet AXIOM is a complete digital investigation platform, with the ability

to recover, analyze, and report on data from all your sources—mobile,
computer, and cloud— in one case file, helping you build a holistic view of
the evidence and how it relates to the case so you can quickly and easily
see the entire story.

Features:
1.User Interface and Usability:

This is the interface of the Magnet Axiom Software which is very simple and easy to
access like Autopsy tool. In the first we will browse a file as we can done in previous two
tools. For analysis purpose we can choose the same file.
2.Data Acquisition

In Magnet Axiom tool we will used one case for analysis purpose. It is different from
both Autopsy and FTK Imager. The image below shown the Case-overview
dashboard and list all the detailed information regarding all the categories. This tool is
more advanced than Autopsy and FTK imager.
3.File Recovery and Carving

Magnet axiom tool has advanced features and give more details about the deleted files
so that we can perform analysis more efficiently.
Details of another file are shown below:

4.Arti-Fact Analysis

Magnet Axiom will provide the Arti-Fact categories table through which we will perform
the Arti-Fact analysis more efficiently. This tool provides in-depth information of each
and everything. These are all the categories of Arti-fact.
Now select any one of the category and perform the analysis:

Limitations of Autopsy:
Autopsy will provide limited capabilities for Mobile device data extraction and analysis.

While FTK and Magnet Axiom provides more features and capabilities for Mobile
devices data extraction and analysis.

Autopsy provides limited scope for cloud data as compared to other two tools.Autopsy
provides less training and customer support as compared to FTK and Magnetic Axiom.
Limitations of FTK:
FTK is a commercial tool with a significant high cost while Autopsy is an open source
tool and Magnetic Axiom is also a commercial tool but it provides more additional
features that would justify its cost.

FTK’s user interface is more complex as compared to Autopsy and Magnet Axiom.

Performance can be an issue with very large datasheets in FTK while Magnetic Axiom
can be optimized to deal with the large datasheets.

Limitations of Magnetic Axiom:

Due to its advance features, Magnetic Axiom is more complex as compared to other
tools.

It may have compatibility issues with very new or uncommon file system, operating
systems or data storage technologies.

The comprehensive nature of this tool analysis and features can be overwhelming

User’s might find it challenging to prioritize the massive amounts of data it can extract.

Comparison:
All the three software have Pros and Cons. We can choose the software based on our
needs and requirements.

Autopsy is an Open source tool while other two tools are paid.

Magnet Axiom has advanced features so it can perform analysis more efficiently
than Autopsy and FTK Imager.

So we cannot directly says that one tool is the best and other are not. We will choose
the tool based on our needs and requirements.

We can also choose the tools on the basis of cost and efficiency.