Autopsy
Autopsy is a free and open source analysis tool initially developed by Brian Carrier. Autopsy started as a Graphical User Interface for the underlying Linux-based SleuthKit toolset, but the latest release (version 3) is a standalone tool built for Windows. Autopsy can be downloaded at http://www.sleuthkit.org/autopsy/.
Autopsy is not intended to perform acquisitions of mobile devices, but can analyze the most common Android filesystems (such as YAFFS and ext). For this example, we will load a full physical image obtained via dd from an HTC Droid DNA, as outlined in Chapter 5, Extracting Data Physically from Android Devices.
Creating a case in Autopsy
On opening Autopsy, the user will be prompted to choose Create New Case, Open Recent Case, or Open Existing Case:
We will create a new case. Follow these steps:
- After filling in the Case Name field, the Next button will become available:
- On the next screen, an optional Case Number and Examiner can be entered:
- Selecting Finish will bring up...
