Data Artifacts, Analysis Results and Reporting in Autopsy 4.19+

This is a mini-course on Autopsy. See chapter times below. You might want to watch Part 1 first - Starting a new case in Autopsy: https://youtu.be/fEqx0MeCCHg Autopsy is a free, open-source, full-features digital forensic investigation tool kit. It is developed by Basis Technology and a large open-source community. You can use Autopsy as the basis to conduct a full digital forensic investigation. You can also expand Autopsy with modules written in Java and Python. Thank you to our Members and Patrons, but especially to our Investigators, TheRantingGeek and Roman! Thank you so much! We review the data artifacts and analysis results sections after ingesting a Windows 10 physical disk image in Autopsy 4.19. We walk through what each of the artifacts looks like and how they can be used in digital forensic investigations. During our forensic analysis of a Windows 10 disk image, we reconstruct nmap installation and usage as an example. Then we use Autopsy to produce an artifact report that we can use as a reference for our final forensic investigation report. 00:00 Autopsy Data Artifacts 00:41 Exploring the Windows 10 disk image 01:50 Autopsy: Data Artifacts 02:15 Installed Programs 03:52 Metadata 05:00 Operating System Information 05:54 Recent Documents 08:12 Recycle Bin 08:48 Run Programs 10:47 Run Programs - Verify with additional evidence 12:27 Autopsy analysis procedure overview 12:56 Shell Bags 14:02 USB Device Attached 15:25 Web Accounts 15:52 Web Bookmarks 16:00 Web Cache 16:25 Web Cookies 17:16 Web Downloads 18:36 Web Form Autofill 18:51 Web History 19:45 Web Search 21:55 Autopsy: Analysis Results 22:00 Encryption Suspected 22:36 EXIF Metadata 23:23 Extension Mismatch Detected 24:33 Interesting Files 25:02 Keyword Hits 27:29 Previously Unseen 28:36 User Content Suspected 28:49 Web Account Type 29:32 Web Categories 29:54 Artifacts and Results Overview 30:10 Bookmarked items review 31:01 Generate an artifact report based on bookmarks 32:26 Example full Autopsy report 32:41 How to use an Autopsy report 33:36 Conclusions 🚀 Full Digital Forensic Courses → https://learn.dfir.science Links: * Autopsy Software: https://www.autopsy.com/ * HxD Hex Editor Software: https://mh-nexus.de/en/hxd/ * Practice Data: Windows 10 multi-part disk image - https://archive.org/details/africa-dfirctf-2021-WK01 Related Books: * Practical Linux Forensics: A Guide for Digital Investigators (https://amzn.to/3gzXCh9) * Digital Forensics with Open Source Tools (https://amzn.to/34FBrUe) #Autopsy #forensics #investigation #case #dfir 010001000100011001010011011000110110100101100101011011100110001101100101 Get more Digital Forensic Science 👍 Subscribe → https://bit.ly/2Ij9Ojc ❤️ YT Member → https://bit.ly/DFIRSciMember ❤️ Patreon → https://www.patreon.com/dfirscience 🕸️ Blog → https://DFIR.Science 🤖 Code → https://github.com/DFIRScience 🐦 Follow → https://www.twitter.com/DFIRScience 📰 DFIR Newsletter → https://bit.ly/DFIRNews 010100110111010101100010011100110110001101110010011010010110001001100101 Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License. Please link back to the original video. If you want to use this video for commercial purposes, please contact us first. We would love to see what you are doing.