• Like
  • Save
OSDF 2013 - Autopsy 3: Extensible Desktop Forensics by Brian Carrier
Upcoming SlideShare
Loading in...5
×
 

OSDF 2013 - Autopsy 3: Extensible Desktop Forensics by Brian Carrier

on

  • 1,595 views

Autopsy 3 is an easy to use digital forensics tool. Its development started after discussions at the first OSDF conference, with the goal of being a platform for which other developers will write ...

Autopsy 3 is an easy to use digital forensics tool. Its development started after discussions at the first OSDF conference, with the goal of being a platform for which other developers will write modules. Autopsy allows you to perform a digital forensics exam on Windows using a free tool. This talk will cover the basic features of Autopsy, including timeline analysis, registry analysis, web artifact analysis, keyword search, and hash sets. There will also be discussion about future modules, and how to get involved as a user or developer.

Statistics

Views

Total Views
1,595
Views on SlideShare
1,595
Embed Views
0

Actions

Likes
2
Downloads
81
Comments
0

0 Embeds 0

No embeds

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    OSDF 2013 - Autopsy 3: Extensible Desktop Forensics by Brian Carrier OSDF 2013 - Autopsy 3: Extensible Desktop Forensics by Brian Carrier Presentation Transcript

    • Autopsy 3: Extensible Desktop Forensics Brian Carrier VP Digital Forensics Basis Technology
    • Part 1: What is Autopsy? 2
    • Elevator Pitch • Autopsy is an open source desktop digital forensics tool that is: – Easy to use – Extensible – Capable 3
    • Brief History • 2001: First Open Source Release – Interface to The Sleuth Kit – Linux and OS X only • 2010: Started v3 from scratch as a platform – Inspired by OSDFCon discussions – Windows-based – Automated – Some US Army funding (with 42Six Solutions) – 3.0.0 released in September, 2012. 4
    • Screen Shot 5
    • Easy To Use • Auto detect as much as possible. • Guide you to next step: – After case is created: Start Add Data Source Wizard • All results are found in the tree. • History buttons to allow you to back out. • …. 6
    • Frameworks • Ingest Modules analyze media on import – Hash analysis, keyword search,… • Content viewers display files – Text, image, text analytics, video triage, … • Report modules generate final reports – HTML, XML, … • ... • Would love feedback from other developers! 7
    • Fast Results • Don’t wait until ingest is over to see results. • Provided as soon as they are known. • Indexed keyword search results: – Given every 5 minutes. • Prioritize user folders first. 8
    • Standard Features • File System Analysis (via The Sleuth Kit) – NTFS, FAT, HFS+, ExtX, UFS, ISO9660, YAFFS2, etc. • Hash calculation and lookup • Keyword search (via SOLR) • Web artifact extraction • EXIF and image analysis • Tagging and Reporting • View by file types, sizes, etc. • View pictures and videos 9
    • Part 2: What Is New Since OSDFCon 2012? 10
    • Improvements • Many performance & stability improvements • Bug fixes • Better HTML Reports (speed, content, etc.) • Error reporting in lower right bubbles • Ingest Inbox updates • More developer docs and sample modules • Closer to Linux / OS X installers • New logo 11
    • Dr. Hash 12
    • OS X Screen Shot 13
    • New Features • Data Sources: – Local (logical) files and local drives – Ext4 and Yaffs2 (via Sleuth Kit) • Analytics: – ZIP / Archive Module – Raw RegRipper output – File Metadata viewer – Beta Timeline Viewer 14
    • New Features (2) • General: – Tags and bookmarks – 64-bit Version (faster, more memory) – Multi-select tagging and exporting • External modules: – Basis Technology’s Video Triage module – Basis Technology’s Text Gisting module 15
    • Video Triage 16
    • Text Gisting 17
    • Download Stats • Version 3.0.6 had almost 15,000 official downloads between June and October. 18
    • Part 3: What Is Coming? 19
    • Future Features • Updatable Hash Databases (SQLite-based) • Delete Tags • Carving via Scalpel (need to plug memory leaks) • ExFAT support (via NPS contract) • OS X and Linux installers • New focus on optimizing for search – Keyword search UI – Filtering of files 20
    • Future Features • Training: – Next Course: March 19-20 in Herndon, VA. • Online forum for users and developers • More third-party modules…. – Module Competition 21
    • DHS Funded Effort • Problems: – Increasing backlogs from more media – Decreasing law enforcement budgets • Proposed Solution: – Make tools that are tailored towards common law enforcement use cases. • Image and video analysis • Timeline analysis – Release as free, open source Autopsy modules. 22
    • Image Analysis • Incorporate techniques used by photo management software into digital forensics software. • Enable law enforcement to: – Quickly identify known images – Efficiently review child exploitation images of unknown victims. • Beta will be available in January. – Looking for law enforcement users. 23
    • Current Image Gallery 24
    • Initial Wireframe 25
    • Get Involved • Download now: – http://www.sleuthkit.org/ • Join sleuthkit-users e-mail list. • Follow @sleuthkit on twitter for updates. • Develop modules instead of stand-alone tools. • Questions? 26