« Previous 1 2

Forensic analysis with Autopsy and Sleuth Kit

Game of Clue

Rescuing Files

Autopsy's retrospective analysis functionality also allows you to recover deleted files. Autopsy provides valuable services, especially in the field of image and video reconstruction. You can also reassemble image fragments – even if parts of the image have already been overwritten. To do this, the tools search the harddisk image block by block for potentially related image data, so you can also recover images accidentally deleted from SD cards from digital cameras or from smartphones.

Additional modules let you expand functionality. For Android devices, the Android Analyzer Module supports the analysis of smartphone storage media. The module adds specific entries, such as call logs, contacts, or messages to the results menu. In this way, you can also back up conversations and contacts.

Conclusions

The Autopsy forensics tool lets you perform an initial analysis of the information and discover traces of a potential attack that are still present on the data medium after a system failure. However, if you don't have your own forensics department with the appropriate resources for such analyses, you should use external specialists for critical incidents.

Infos

  1. Autopsy: https://github.com/sleuthkit/autopsy
  2. EnCase: https://security.opentext.com/encase-forensic
  3. STIX: https://oasis-open.github.io/cti-documentation/stix/intro
  4. MISP: https://www.misp-project.org

« Previous 1 2

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy ADMIN Magazine

SINGLE ISSUES
Print Issues
Digital Issues
 
SUBSCRIPTIONS
Print Subs
Digisubs
 
TABLET & SMARTPHONE APPS
Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

  • Forensic Tools

    Criminals often focus on browsers for various attacks because they are a worthwhile, attractive, and often easy target. However, admins can investigate such attacks with forensic tools that provide the ability to reconstruct browser sessions.

    more »
  • Lead Image © stockbksts, 123RF.com
    Comparison of forensic toolkits for reconstructing browser sessions
    Criminals often focus on browsers for various attacks because they are a worthwhile, attractive, and often easy target. However, admins can investigate such attacks with forensic tools that provide the ability to reconstruct browser sessions.
    more »
  • Lead Image © Iaroslav Neliubov, 123RF.com
    Maintaining Android in the enterprise
    No matter how insecure Android might appear, you can't escape the "bring your own device" philosophy in today's corporate environment. In this article, we show how admins can use on-board tools in Android phones to regain a little control.
    more »
  • Lead Image © insima, 123RF.com
    Security in the network with Kali Linux
    Thanks to its huge choice of security tools, Linux is perfectly suited to securing heterogeneous networks. With a specialized distro like Kali Linux, you can quickly locate and eliminate security vulnerabilities.
    more »
  • Forensic Analysis on Linux

    In computer forensics, memory analysis is becoming increasingly important as a means for investigating security incidents. In this article, we provide an overview of the various memory dumping options on Linux and introduce the support in Linux for the Volatility Analysis Framework.

    more »
comments powered by Disqus