Today you can get a super issue devoted to the Autopsy tool. I have read every article, and they are a great source of information on this tool. You can read about other tools as supplementary material. With the help of all this knowledge, you will be armed to solve every case and rank among the industry's top experts. Why Autopsy? A lot of people have mentioned this toolkit to me.
I strongly encourage you to read all the articles included in this issue, as the technology used in forensic investigation is a powerful tool and a constantly evolving field that challenges researchers to constantly adapt and improve their skills. We invite you on “a fascinating journey into the world of forensic investigation technology”.
We would like to thank our authors, reviewers, editors, and proofreaders for their valuable contributions that made this publication possible. It was a pleasure working with you and learning from your insights.
We look forward to continuing to collaborate with you and inviting others to create more exceptional content with us. Together, we can make a meaningful impact in our field.
Don't miss out on this must-read issue!
Ewa & the eForensics Team
Table of Contents
AUTOPSY 4.21 VERSION
by PAULO PEREIRA, PHD
This article shows you how to start a case with the new version 4.21.0 of Autopsy, one of the pioneering tools responsible for the digital change in forensic investigation in recent years. The article itself does not claim to be a complete guide for a person to use Autopsy. For this, there are several sources on the web. However, an introduction is made on how to start a case in Autopsy, using an image called SUSPECT_LAPTOP, which was used in Belkasoft training and for which I received permission to use.
DIGITAL FORENSIC ANALYSIS USING AUTOPSY 4.21.0
by PAULO PEREIRA, DIFIR
This article shows a forensic analysis using Autopsy 4.21.0. The SUSPECT.EO1 file is a disk image case study and is evidence used in Belkasoft's X training and CTF challenge. The article is not intended to be a complete analysis of this image because this image has a lot of detail and has an investigative complexity that would require more than one article. In this way, some parts will be analyzed with the intention of showing the use of Autopsy.
AUTOPSY: THE DIGITAL FORENSICS TOOLKIT
by KATE LIBBY
Autopsy is an open-source, cross-platform digital forensics toolkit that offers a wide range of features and capabilities to aid investigators in the retrieval and analysis of digital evidence according to the project page (Autopsy, n.d.). This essay explores Autopsy, its significance in digital forensics, and its key features, from starting a case to managing the contents of artifacts and everything in between. Autopsy, also known as The Sleuth Kit, is a widely used open-source digital forensics tool that provides a comprehensive suite of features for forensic investigators.
HUNTING HACKERS USING AUTOPSY ON A MACOS IMAGE
by ISRAEL TORRES
Join us as we forensically investigate this interesting scenario that often leads to rabbit holes, red herrings, canards, and wild goose chases. In this scenario, we've received an image of a USB thumb drive (orig_128mb_image.dd) confiscated from the hacker's backpack. It was literally sewn in the lining of the backpack, which makes it even more interesting. The primary investigators did not want to plug it into any of their field laptops (they learned from the last time - another story, another time), and kicked it back here to our basement team for further analysis.
INTELLIGENT ALGORITHMS AND FORENSIC INVESTIGATION: THE MEETING BETWEEN SHERLOCK HOLMES AND THE DIGITAL AGE
by WILSON MENDES
Forensic investigation has long been a key player in the search for the truth in cases of complex crimes and incidents. However, as society evolves and criminal methods become more sophisticated, forensic science also needs to keep up with this pace of change. In this scenario, technology emerges as a powerful and indispensable ally for modern researchers.
THE TWO-TOOL PROCESS IN DIGITAL FORENSICS: STEP 1 SELECTION
by AMBER SCHROADER
Many organizations opt to minimize costs by relying on open-source technology for their investigative needs. However, choosing this method can result in a shortfall when it comes to finding all the critical data. To prevent missing critical data, every investigator should have a secondary tool to use to cross-validate their findings. No single tool can process and capture all the available data, nor does every tool parse the data the same way. That's why employing a two-tool process is a fundamental cornerstone in the field of digital forensics. The selection process outlined below lists steps to follow to maximize your tool selection.
DIGITAL FORENSIC LAB MANAGEMENT MADE EASY WITH MONOLITH
by CHRISTOPHER COLLINS
There are multiple areas to focus on when managing a digital forensic laboratory. Some of the important items to track are physical evidence like mobile devices or hard drives. However, how do we keep on track with other devices or evidence? In a forensics laboratory, for instance, there is hardware, software and other equipment that needs to be tracked. Some laboratories use spreadsheets, or inventory management systems, but these methods are seldom cohesive in relation to documenting evidence and building reports. A company called Monolith Forensics created a solution for this called Monolith. Monolith is a lab management software for digital forensics labs and teams that provide this cohesive environment.
FORENSICATING THREATS IN THE CLOUD
by CHRIS DOMAN & MATT GEORGY
As organizations have shifted to the cloud, it's not surprising that threat actors have followed. Below we run through some of the most prominent attacks in the cloud today, and how to perform cloud forensics and incident response to resolve them.
INTERVIEW WITH KATE LIBBY
by EFORENSICS TEAM
She first became interested in digital forensics when she was working as a malware analyst, that would have been around the 2014-ish time frame. She was asked to assist on some data recovery, and in an instant she was hooked.