« Previous 1 2
Forensic analysis with Autopsy and Sleuth Kit
Game of Clue
Rescuing Files
Autopsy's retrospective analysis functionality also allows you to recover deleted files. Autopsy provides valuable services, especially in the field of image and video reconstruction. You can also reassemble image fragments – even if parts of the image have already been overwritten. To do this, the tools search the harddisk image block by block for potentially related image data, so you can also recover images accidentally deleted from SD cards from digital cameras or from smartphones.
Additional modules let you expand functionality. For Android devices, the Android Analyzer Module supports the analysis of smartphone storage media. The module adds specific entries, such as call logs, contacts, or messages to the results menu. In this way, you can also back up conversations and contacts.
Conclusions
The Autopsy forensics tool lets you perform an initial analysis of the information and discover traces of a potential attack that are still present on the data medium after a system failure. However, if you don't have your own forensics department with the appropriate resources for such analyses, you should use external specialists for critical incidents.
« Previous 1 2
Buy this article as PDF
(incl. VAT)
Buy ADMIN Magazine
Subscribe to our ADMIN Newsletters
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Most Popular
Support Our Work
ADMIN content is made possible with support from readers like you. Please consider contributing when you've found an article to be beneficial.