Friday, February 6, 2015

Autopsy

Autopsy

 Description
Autopsy is a GUI version of the Sleuth Kit and assists with a forensics investigation. It  was created with the principles of being extensible, supporting frameworks and being easy to use. The program attempts to gather as much information as possible about the given file or folder.

Review
I found the program to be very easy to use but did lack some core functionality.

Pros
The program includes and easy to use interface with a starting wizard which helps the user through the different menus.

It was able to scan the backup of my iphone with ease and gather basic information about the basic iPhone backup.

The program is free and it did not appear to have any kinds of limitations.

Upon finding pictures, it was able to show the metadata such as which device took the picture, latitude, longitude and altitude.

Cons
The program was easy to use but did not allow the amount of control that I would like. It was limited to using a wizard.

The program did not extract as much information as I would have liked. The only thing that the program was able to find was pictures.

Usage
Using Autopsy I wanted to gain as much information as possible about my iphone backup. I followed the wizard documents the results below.

I first opened the program and created a new case.






New case information screen
Enter a case name and location

Additional information
Enter case number and Examiner

Click 'Finish'

Add Data source
From the drop down menu select Logical Files
Add data source. Here is where added my iphone backup
Next
Next
Finish

Autopsy will being to gather as much information as possible concerning the folder that it was given (iPhone backup folder)

My iPhone backup was about 1.3gigs and took about 4 minutes to complete
NOTE: The iPhone backup was not encrypted

After completing, it was only able to find the photos stored in the backup.


As the screenshot shows, it was able to find the photos in the back up along with information such as the creation date, latitude, longitude, altitude, device model and device maker.

This information could be used to gather information regarding time and place of an individual.


Resources

 The Autopsy program can be found for free at the following URL
http://www.sleuthkit.org/autopsy/ 
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)