Autopsy processes multiple formats during this procedure, in an attempt to determine the NSRL database format, find the EnCase hashset file, test the compliance with the HashKeeper standard and verify the integrity of the file. Hash lookup operations are intended to detect malware files and other issues that require your attention. One of the main advantages of Autopsy is the implementation of the ingest method, which makes the analysis results available to the user as they are obtained, without waiting for the whole procedure to be completed first. There are multiple analysis modules that you can choose from: the application can display data on the recent actions, perform hash lookup, extract archives, parse exif images, search for keywords and view unallocated storage space. Thanks to the built-in wizards, creating a new ‘case’ becomes just a matter of pressing a few ‘Next’ buttons. The application supports NTFS, FAT, HFS, Ext2, Ext3 and UFS file system types, enabling you to investigate the input (IMG, DD, 001, AA, RAW and E01 files, local disks or logical files) and generate complete reports in HTML, XLS, TXT format or a TSK body file used for creating an event timeline. You can even use it to recover photos from your camera’s memory card.Īutopsy Portable is a diagnose and forensic tool capable of analyzing raw or E01 disk images, local drives and directories in order to determine possible causes of an event. It is used by law enforcement, military, and corporate examiners to investigate what happened on a computer. Autopsy Portable is a digital forensics platform and graphical interface to The Sleuth Kit® and other digital forensics tools.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |