Scribd
Upload
8 views

Document 1

Uploaded by

tanzilkazmi32
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
8 views

Document 1

Uploaded by

tanzilkazmi32
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 9

Name - Tanzil kazmi

Collage ID:22234030848

Course - Bsc. Cybersecurity

Subject - Cyber Forensic

Subjest code - CYS 501

1. Opened the Autopsy 4.21.0 software:

The initial screen shows the Autopsy welcome window with options to create a new case, open a
recent case, or open an existing case.

Started a new case:


Clicked on "New Case" in the welcome window.

1. Entered case information:


- In the "New Case Information" window, filled out the following details:
- Case Name: "Mobile forensic 1"
- Base Directory: Set to "C:\Users\Tanzil\Documents\autopsy\"
- Case Type: Selected "Single-User"
2. Provided optional case information:
- In the next screen of "New Case Information":
- Case Number: Entered "09112024 0241"
- Examiner Name: Entered "Tanzil"
- Phone: Entered "7856554312"
- Email: Entered "[email protected]"
- Notes: Entered "prec"
- Organization: Left as "Not Specified"
3. Began adding a data source:
- In the main Autopsy window, clicked on "Add Data Source"
4. Selected the data source type:
- In the "Add Data Source" window, chose "Local Disk" as the data source type

Chose the specific data source:


- A "Select Local Disk" dialog appeared
- Selected "USB Drive (D:)" with a size of 9.2 MB as the data source
· Case Creation: A new case has been created, possibly with a name like "Mobile forensic 1 -
Αutopsy 4210."
· Data Source Selection: The user is in the process of selecting a data source to analyze. They've
chosen a "Local Disk" and are now selecting a specific disk.
· Disk Selection: The user has selected a disk named "USB Drive (D)" with a size of 9.2 MB.
· Timezone Configuration: The timezone has been set to "(GMT 8:00) America/Los Angeles."
· Next Step: The "OK" button is likely used to proceed to the next step in the data ingestion process.
Run ingest modules on: The user has the option to choose which modules will be used to analyze the
data from the selected USB drive.
All Files, Directories, and Unallocated Space: This option indicates that all data on the drive, including
files, folders, and even unused space, will be analyzed.

Interesting tiles Identifier: This module likely identifies specific data structures or file types that are of
particular interest for forensic analysis.

Central Repository: This module might store or manage data extracted from the drive in a central
location for further analysis or reporting.

PhotoRec Carver: This module likely uses a data recovery technique called "carving" to extract files
from the drive, even if they have been deleted or corrupted.

Virtual Machine Extractor: This module extracts virtual machine files from the drive, if present.
Data Source Integrity: This module might verify the integrity of the data source to ensure that it hasn't
been tampered with or modified.
Andmid Analyzer (aLFAPP): This module is likely used for analyzing Android data, such as contacts,
messages, and call logs.

Cyber Image Malware Scanner: This module scans the drive for malware or other malicious code.
DJI Drone Analyzer: This module is likely used for analyzing data from DJI drones.

Plaso: This module is a general-purpose forensic tool that can analyze various types of digital
evidence.
YARA Analyzer: This module uses YARA rules to identify specific patterns or signatures within the data.

IOS Analyzer (ILEAPP): This module is used for analyzing data from iOS devices.
GPX Parser: This module parses GPS data stored in GPX format.

The screenshot shows a portion of the interface of a mobile forensic tool, likely Autopsy. Here's a
breakdown of the information displayed:

Data Sources:

0:1 Host: This indicates that the analysis is being performed on a single host or device.

File Views:

D: 35 Host: This might refer to a specific disk or partition on the host device.
Name: This column lists the names of the files or directories.
C: This column might indicate the number of child items (files or subdirectories) within a directory.
Modified Time: This column shows the last time the file or directory was modified.
Change Time: This column might indicate the last time the file's metadata (like permissions or
ownership) was changed.
Access Time: This column shows the last time the file or directory was accessed.
Created Time: This column shows the time the file or directory was created.
Size: This column shows the size of the file or directory.
Flags: This column might indicate various attributes about the file, such as whether it's a directory, a
file, or a deleted file.

Deleted Files:

* **fortnite-marvel-series-venom-fk_1614866311-2015:** This is the name of a deleted file.


* **2023-10-22 06:29:04 PDT:** This is the time the file was deleted.
* **2024-09-11 02:19:18 PDT:** This is the time the file was recovered or processed by the tool.
* **96030:** This is the size of the file.
Unalloc: This indicates that the file is stored in unallocated space on the disk, meaning it was deleted
but not overwritten by new data.

File System (3):


All (10): This show that there are a total of 10 files or directories in the current view.
sub.cfg: This is the name of a file.
2023-11-30 14:29:16 PST: This is the time the file was modified.

Data Artifacts, Analysis Results, OS Accounts, Tags, Score, Reports:

These sections likely represent different areas of the tool where extracted data, analysis results,
account information, tags, a scoring system, and generated reports can be viewed.

Hex View:

This section provides a hexadecimal view of the selected file, allowing for detailed examination of its
contents.

From The Sleuth Kit istat Tool:

This section displays information about the file's metadata and attributes, such as its directory entry,
allocation status, file attributes, and directory entry times.

Overall, the screenshot shows that the tool is displaying information about the files and directories on
the analyzed device, including deleted files. The specific details and columns may vary depending on
the tool's configuration and the type of data being analyzed.

You might also like