Digital Forensics: Autopsy Tool and Vendor Analysis Report

Verified

Added on 2022/08/28

AI Summary

This report provides a detailed analysis of the Autopsy digital forensics tool. It begins with an introduction to digital forensics and the role of tools like Autopsy in preserving, identifying, and extracting digital evidence. The report focuses on Autopsy, discussing its vendor, Basis Technology Corp., and providing the vendor's URL. It outlines the tool's name, latest version (Autopsy 4.14.0), and key features, including timeline evaluation, multi-user cases, web artifact extraction, registry evaluation, keyword search, file type sorting, media playback, thumbnail viewer, hash set filtering, tagging, file type detection, and support for various file types and data sources. The report also mentions the principles of the tool, such as being centralized, extensible, and easy to use. The report concludes that Autopsy is a valuable tool for digital forensics investigations and is helpful in the investigation of a crime. References are also provided.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.

Running head: DIGITAL FORENSICS
DIGITAL FORENSICS
Name of the Student
Name of the University
Author Note

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

1DIGITAL FORENSICS
Introduction
The digital forensics is referred to a procedure of preservation, identification,
extraction and documentation of the evidence of computer that can be utilised by the court of
law. Digital forensics is a science of finding facts from the media those are digital like mobile
phones computer and many more digital devices.
The tool that will be discussed in this report is autopsy tool. The report discusses
about the vendor of the autopsy tool and the URL of the vendor. The report focuses on the
name of the tool and the latest version of the tool. The report provides an overview of the tool
that is discussed in the report.
Discussions
Forensics Vendor Name and URL
The Basis Technology Corp. is a software company that is specializing in applying
the methods of artificial intelligence in order to understand the unstructured data and
documents. This company creates digital forensic tools those are open-sourced that is the
Sleuth Kit and Autopsy in order to recognise and take out clues from various digital media
(Fan & Iacobuzio-Donahue, 2019) The Company is the vendor of the Autopsy tool and The
Sleuth Kit. The tool of digital forensics set is utilised in order to execute evaluation of system
of files, metadata and many more.
The URL of the vendor of the autopsy tool is http://www.basistech.com
Acquisition Tool Name and Latest Version
The acquisition tool name is autopsy. The autopsy is software of computer that makes it
easier to implement many of the programs those are open source and the plugins utilised in
the Sleuth kit (Wahyudi, Riadi & Prayudi, 2018). The graphical user interface exhibits the

2DIGITAL FORENSICS
outputs from the forensic search of the underlying volume thus, making it simpler for the
investigators to flag the data. The tool is administered by the Basis technology Corp with the
help of various programmers (Talib, Alnanih & Khelifi, 2020). The organization sells support
services and training for utilising the product.
The Autopsy tool is designed by keeping the various principles in mind (Raji, Wimmer &
Haddad, 2018):
 Centralised: the tool must provide a standard mechanism in order to access all the
functionalities and the modules
 Extensible: the user of the tool should be able to add new features by developing plugins
that can evaluate part of the source of data that is underlying.
 Multiple users: the tool should be used by one investigator or they can coordinate the
working of the team
 Ease of use: The browser of autopsy must provide the historical tools and wizards to
make it simpler for the end user to repeat the steps without much reconfiguration
Autopsy evaluates main systems of files by hashing the various files; unpacking the
archives those are standard and then putting various keywords in the index. Some of the types
of files are catalogued and parsed (Domingues, Frade & Parreira, 2018). The end users can
easily search these files those are indexed in order to develop a report in the PDF format. The
end users can activate various features in order to evaluate the essential files. Autopsy tool
can save an image of these files that is partial in VHD format.
There are various versions of Autopsy tool. Autopsy 4 will execute on Linux and OS X.
The older versions of autopsy tool include Autopsy 4.4.0 and later and Autopsy 4.3.0 and
earlier. The latest version of autopsy tool is Autopsy 4.14.0 (Hassan, 2019).

3DIGITAL FORENSICS
Features of Autopsy
The various features of the Autopsy tool are as follows (Kävrestad, 2018):
 Timeline evaluation: Displays the events of system in an interface that is graphical to
assist recognise activities
 Multi-user cases: Collaborate with the examiners on cases those are large
 Web artifacts: Extracts the activity of web from browsers in order to assist recognise
activity of user
 Registry Evaluation: Utilises RegRipper in order to recognise recently accessed
documents and the devices of USB
 LNK File evaluation: recognises accessed documents and the shortcuts
 Keyword Search: extraction of text and the searched modules of index enable the user to
find files that has particular terms and find the patterns of regular expressions (Sabernick,
2016).
 File type sorting: group various files by their type in order to find all the documents and
the images
 Media Playback: Images and videos can be seen in the application and not need an
external viewer
 Thumbnail viewer: Displays the thumbnails of various images in order to assist to view
the pictures
 Filtering of Hash set: Filter out the files those are good utilising the NSRL and then flag
the files those are bad utilising the customs hash set in HashKeeper
 Tags: the tool tags various files with the tag name those are arbitrary
 Detection of file type: the file type are detected based on the signatures and the detection
of mismatch of extension

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

4DIGITAL FORENSICS
 The interesting modules of files will flag various files and the folders those are based on
path and name
 The support of the android extracts various data from SMS, contacts and many more
 EXIF: Extracts the geographical location and the information of camera from the files of
JPEG
 Email evaluation: Parses MBOX messages of format such as Thunderbird
Conclusion
From the report, it can be inferred that the autopsy is one of the common tools those
are used in the digital forensics. The vendor of the tool is Basis Technology Corp. and this
company does the monitoring and provides services and the training of the tool. The report
focuses on the vendor of the tool and the URL address of the vendor. The report discusses
about the autopsy tool and the working of the tool. The principles of the autopsy tool are also
discussed in the report. The autopsy tool is very helpful in the digital forensics and in the
investigation of the crime. The versions of the autopsy tool are provided including the old and
the latest versions of the autopsy tool. The report provides an overview of the features of the
tool those are very helpful and used in investigation of a crime

5DIGITAL FORENSICS
References
Domingues, P., Frade, M., & Parreira, J. M. (2018, December). Filtering Email Addresses,
Credit Card Numbers and Searching for Bitcoin Artifacts with the Autopsy Digital
Forensics Software. In International Conference on Soft Computing and Pattern
Recognition (pp. 318-328). Springer, Cham.
Fan, J., & Iacobuzio-Donahue, C. A. (2019). The science of rapid research autopsy.
In Autopsy in the 21st Century (pp. 151-166). Springer, Cham.
Hassan, N. A. (2019). Analyzing Digital Evidence. In Digital Forensics Basics (pp. 141-
177). Apress, Berkeley, CA.
Kävrestad, J. (2018). Open-Source or Freeware Tools. In Fundamentals of Digital
Forensics (pp. 153-172). Springer, Cham.
Raji, M., Wimmer, H., & Haddad, R. J. (2018, April). Analyzing data from an android
smartphone while comparing between two forensic tools. In SoutheastCon 2018 (pp.
1-6). IEEE.
Sabernick III, B. A. (2016). Development of an autopsy forensics module for cortana artifacts
analysis. International Journal of Computer Science and Information Security, 14(7),
111.
Talib, M. A., Alnanih, R., & Khelifi, A. (2020). Application of quality in use model to assess
the user experience of open source digital forensics tools. International Journal of
Electronic Security and Digital Forensics, 12(1), 43-76.
Wahyudi, E., Riadi, I., & Prayudi, Y. (2018). Virtual Machine Forensic Analysis And
Recovery Method For Recovery And Analysis Digital Evidence. International
Journal of Computer Science and Information Security, 16.