It can be extracted one after the other.įile Type: It can be classified in the form of File extension or MIME type. Its detailed analysis is displayed at the bottom. The contents of the Ingest module are listed below:ĭata Source information displays basic metadata. Next, you will be prompted to Configure the Ingest Module. Here we have a previously created image file, so we will add the location of that file. XRY Text Export: This includes the data source from exporting text files from XRY, Unallocated Space Image File: They include files that do not contain any file system and run with the help of the ingest module.Īutopsy Logical Imager Results: They include the data source from running the logical imager. Logical Files: It includes the image of any local folders or files. Local Disk: This option includes devices like Hard disk, Pen drives, memory cards, etc. There are various types to choose from.ĭisk Image or VM file: This includes the image file which can be an exact copy of a hard drive, media card, or even a virtual machine. You can also add additional optional information about the case if required. Then fill in all the necessary case information like the case name and choose a base directory to save all the case data in one place. Run the Autopsy tool on your Windows Operating System and click on “New Case” to create a new case.
So, let us get started! Download the Autopsy Tool from here. It can likewise be utilized to recuperate information that has been erased. This tool is used by law enforcement agencies, local police and can also be used in the corporates to investigate the evidence found in a computer crime.
The results obtained here are of help to investigate and locate relevant information. The forensic investigation that is carried out on the disk image is displayed here. Autopsy is an open-source tool that is used to perform forensic operations on the disk image of the evidence.