Forensic Blogs

An aggregator for digital forensics blogs

by

Tool Evaluation: Autopsy Blog

Introduction

For this intern project, we have chosen to research and analyze the digital forensics tool Autopsy. This tool is open source and the graphical interface for a set of command line tools called the Sleuth Kit. We chose Autopsy because neither of us were familiar with the tool, and we both wanted to learn more about it. By researching Autopsy, taking notes, and testing it out, we have become very familiar with the tool.

Personal Experiences Joint Experience

Before working on this Tool Eval project, neither of us had worked with Autopsy before. It was a completely new experience to use the open source tool and experiment with everything it could do. As we started to research and practice using Autopsy, we learned that it was one of the more user friendly tools based on design and a number of other features. Even if the tool didn’t have all of the exact same capabilities as a tool like EnCase v.8.07, it still got the job done. We found out that Autopsy is a shell for a set of command lines. This helps us because it makes the Sleuth Kit, which is a very useful tool, more accessible to the average person.

Lyall’s Personal Experience

As a Second Year (or Sophomore in the rest of the world) at Champlain College, I had encountered Autopsy only by name, having primarily used EnCase in my classes. Autopsy was totally different than what I was expecting. It offered a good layout, but kept the features in the same locations across the different versions. These locations also made sense as to where they were located in the entire program.

Since working on this project, I have downloaded Autopsy for my personal use to complete my assignments at home. This extra practice has really cemented the fact that Autopsy offers similar tools in a great format. The fact that it also provides different formats to get reports and saves evidence from an E01 format and a Dd/Raw format means that I can see the same data in whatever format I need in that moment.  

Right from the beginning, Autopsy provided me with a positive user experience. Without even using my notes, I was able to figure out how to use it appropriately the first time around. It’s really allowed me to become more familiar with how the digital forensics process works.

Madi’s Personal Experience

This is my first year at Champlain College. Before interning at the LCDI, I never touched a digital forensics tool. I did not even fully know what a forensic image was, or that there were certain file types associated with images. Having the opportunity to conduct independent research, as well as working with a partner, has allowed me to become very familiar with this tool in a short amount of time. My partner, Lyall, is on her second year at Champlain. With the help of someone who is more experienced in how these tools work, I have been able to learn by doing instead of being limited to YouTube guides and other online resources.

The Future

After doing extensive research on our tool, it is now time to get our hands dirty using Autopsy. As a larger group with the entire Tool Eval team, we have been working on creating a scenario to test our tools and put them through their own version of the Hunger Games. The past couple weeks have been dedicated to data generation and extensive research. Since generating that data, our next step is to analyze it using the forensic processes that we learned about from our research. The main goal will be to find out the full capabilities of our tools and compare them, since we already know what the data is. We look forward to sharing our results in the near future!

 

To learn more about this and other blogs of the LCDI visit us here: LCDI Blog.

Stay in the loop on our current and upcoming projects and events by following us on Facebook,  Twitter, or Instagram. 

The post Tool Evaluation: Autopsy Blog appeared first on The Leahy Center for Digital Investigation.

by

SIFT Tool Evaluation

Introduction:

The Senator Leahy Center for Digital Investigation (LCDI) is an establishment that was created to encourage Champlain College students to gain technical knowledge of an area within their field of study. As a team, interns are expected to communicate and work together in order to finish a project. This is the experience of the LCDI through the eyes of two interns.

 

Our Experience:

Our experience so far at the LCDI  has been exceptional. As first year students, we have learned valuable information about computer and digital forensics that we can actually use in the field. As technical interns, we are compiling information about a digital forensics tool. We are doing this to determine what tool has the greatest functionality and to gain real world experience working with a digital forensic tool. We are working with SIFT, and, so far, everything about it has been thrilling.

 

As interns, we have learned a few new things working with more experienced members. As one might expect, we have honed a large amount of new technical skills while working in a computer lab. But we have also practiced skills newer to us, such as working on a team and working under a team of supervisors. You can attend any amount of hours in a technical course without ever learning the social skills required in a workplace. Our time at the lab has given us great experience in interpersonal relations we’ll need to utilize in our future careers.

 

Before starting our work, we knew very little about digital forensics or the tools used to analyze data. We also didn’t know very much about Linux commands. This was difficult at first because SIFT is a Linux based forensics toolkit, but we have gained exponential knowledge from working with it over these past months.

 

Our experience at the LCDI has thus far been overwhelmingly positive and exciting. The environment the LCDI has allows me to explore the social aspect of a workplace while also exploring the technical aspect. This, to me, is exactly what we were looking for in college, and is unique to Champlain College. We are excited to have the future opportunity to work ever higher positions at the LCDI.

 

Conclusion:

Our next step is analysis of the data that we just finished generating. We’ll keep you posted!

 

 

To learn more about this and other blogs of the LCDI visit us here: LCDI Blog.

Stay in the loop on our current and upcoming projects and events by following us on Facebook,  Twitter, or Instagram. 

The post SIFT Tool Evaluation appeared first on The Leahy Center for Digital Investigation.