SlideShare ist ein Scribd-Unternehmen logo

OSDF 2013 - Autopsy 3: Extensible Desktop Forensics by Brian Carrier

Als PPTX, PDF herunterladen
Basis Technology
Basis Technology

Autopsy 3 is an easy to use digital forensics tool. Its development started after discussions at the first OSDF conference, with the goal of being a platform for which other developers will write modules. Autopsy allows you to perform a digital forensics exam on Windows using a free tool. This talk will cover the basic features of Autopsy, including timeline analysis, registry analysis, web artifact analysis, keyword search, and hash sets. There will also be discussion about future modules, and how to get involved as a user or developer.

Technologie
1 von 26
Autopsy 3: Extensible Desktop Forensics Brian Carrier VP Digital Forensics Basis Technology
Part 1: What is Autopsy? 2
Elevator Pitch • Autopsy is an open source desktop digital forensics tool that is: – Easy to use – Extensible – Capable 3
Brief History • 2001: First Open Source Release – Interface to The Sleuth Kit – Linux and OS X only • 2010: Started v3 from scratch as a platform – Inspired by OSDFCon discussions – Windows-based – Automated – Some US Army funding (with 42Six Solutions) – 3.0.0 released in September, 2012. 4
Screen Shot 5
Easy To Use • Auto detect as much as possible. • Guide you to next step: – After case is created: Start Add Data Source Wizard • All results are found in the tree. • History buttons to allow you to back out. • …. 6
Frameworks • Ingest Modules analyze media on import – Hash analysis, keyword search,… • Content viewers display files – Text, image, text analytics, video triage, … • Report modules generate final reports – HTML, XML, … • ... • Would love feedback from other developers! 7
Fast Results • Don’t wait until ingest is over to see results. • Provided as soon as they are known. • Indexed keyword search results: – Given every 5 minutes. • Prioritize user folders first. 8
Standard Features • File System Analysis (via The Sleuth Kit) – NTFS, FAT, HFS+, ExtX, UFS, ISO9660, YAFFS2, etc. • Hash calculation and lookup • Keyword search (via SOLR) • Web artifact extraction • EXIF and image analysis • Tagging and Reporting • View by file types, sizes, etc. • View pictures and videos 9
Part 2: What Is New Since OSDFCon 2012? 10
Improvements • Many performance & stability improvements • Bug fixes • Better HTML Reports (speed, content, etc.) • Error reporting in lower right bubbles • Ingest Inbox updates • More developer docs and sample modules • Closer to Linux / OS X installers • New logo 11
Dr. Hash 12
OS X Screen Shot 13
New Features • Data Sources: – Local (logical) files and local drives – Ext4 and Yaffs2 (via Sleuth Kit) • Analytics: – ZIP / Archive Module – Raw RegRipper output – File Metadata viewer – Beta Timeline Viewer 14
New Features (2) • General: – Tags and bookmarks – 64-bit Version (faster, more memory) – Multi-select tagging and exporting • External modules: – Basis Technology’s Video Triage module – Basis Technology’s Text Gisting module 15
Video Triage 16
Text Gisting 17
Download Stats • Version 3.0.6 had almost 15,000 official downloads between June and October. 18
Part 3: What Is Coming? 19
Future Features • Updatable Hash Databases (SQLite-based) • Delete Tags • Carving via Scalpel (need to plug memory leaks) • ExFAT support (via NPS contract) • OS X and Linux installers • New focus on optimizing for search – Keyword search UI – Filtering of files 20
Future Features • Training: – Next Course: March 19-20 in Herndon, VA. • Online forum for users and developers • More third-party modules…. – Module Competition 21
DHS Funded Effort • Problems: – Increasing backlogs from more media – Decreasing law enforcement budgets • Proposed Solution: – Make tools that are tailored towards common law enforcement use cases. • Image and video analysis • Timeline analysis – Release as free, open source Autopsy modules. 22
Image Analysis • Incorporate techniques used by photo management software into digital forensics software. • Enable law enforcement to: – Quickly identify known images – Efficiently review child exploitation images of unknown victims. • Beta will be available in January. – Looking for law enforcement users. 23
Current Image Gallery 24
Initial Wireframe 25
Get Involved • Download now: – http://www.sleuthkit.org/ • Join sleuthkit-users e-mail list. • Follow @sleuthkit on twitter for updates. • Develop modules instead of stand-alone tools. • Questions? 26

Empfohlen

Autopsy 3.0 - Open Source Digital Forensics Conference
Autopsy 3.0 - Open Source Digital Forensics ConferenceAutopsy 3.0 - Open Source Digital Forensics Conference
Autopsy 3.0 - Open Source Digital Forensics Conference
Basis Technology
 
Encase Forensic
Encase ForensicEncase Forensic
Encase Forensic
Megha Sahu
 
Autopsy 3: Free Open Source End-to-End Windows-based Digital Forensics Platform
Autopsy 3: Free Open Source End-to-End Windows-based Digital Forensics PlatformAutopsy 3: Free Open Source End-to-End Windows-based Digital Forensics Platform
Autopsy 3: Free Open Source End-to-End Windows-based Digital Forensics Platform
Jason Letourneau
 
(Workshop) Memory Forensic - Investigating Memory Artefact
(Workshop) Memory Forensic - Investigating Memory Artefact(Workshop) Memory Forensic - Investigating Memory Artefact
(Workshop) Memory Forensic - Investigating Memory Artefact
Satria Ady Pradana
 
CNIT 152: 13 Investigating Mac OS X Systems
CNIT 152: 13 Investigating Mac OS X SystemsCNIT 152: 13 Investigating Mac OS X Systems
CNIT 152: 13 Investigating Mac OS X Systems
Sam Bowne
 
CNIT 126: Ch 2 & 3
CNIT 126: Ch 2 & 3CNIT 126: Ch 2 & 3
CNIT 126: Ch 2 & 3
Sam Bowne
 
Dracos forensic flavor
Dracos forensic flavorDracos forensic flavor
Dracos forensic flavor
Satria Ady Pradana
 
CNIT 152 12. Investigating Windows Systems (Part 3)
CNIT 152 12. Investigating Windows Systems (Part 3)CNIT 152 12. Investigating Windows Systems (Part 3)
CNIT 152 12. Investigating Windows Systems (Part 3)
Sam Bowne
 

Empfohlen

Autopsy 3.0 - Open Source Digital Forensics Conference
Autopsy 3.0 - Open Source Digital Forensics ConferenceAutopsy 3.0 - Open Source Digital Forensics Conference
Autopsy 3.0 - Open Source Digital Forensics Conference
Basis Technology
 
Encase Forensic
Encase ForensicEncase Forensic
Encase Forensic
Megha Sahu
 
Autopsy 3: Free Open Source End-to-End Windows-based Digital Forensics Platform
Autopsy 3: Free Open Source End-to-End Windows-based Digital Forensics PlatformAutopsy 3: Free Open Source End-to-End Windows-based Digital Forensics Platform
Autopsy 3: Free Open Source End-to-End Windows-based Digital Forensics Platform
Jason Letourneau
 
(Workshop) Memory Forensic - Investigating Memory Artefact
(Workshop) Memory Forensic - Investigating Memory Artefact(Workshop) Memory Forensic - Investigating Memory Artefact
(Workshop) Memory Forensic - Investigating Memory Artefact
Satria Ady Pradana
 
CNIT 152: 13 Investigating Mac OS X Systems
CNIT 152: 13 Investigating Mac OS X SystemsCNIT 152: 13 Investigating Mac OS X Systems
CNIT 152: 13 Investigating Mac OS X Systems
Sam Bowne
 
CNIT 126: Ch 2 & 3
CNIT 126: Ch 2 & 3CNIT 126: Ch 2 & 3
CNIT 126: Ch 2 & 3
Sam Bowne
 
Dracos forensic flavor
Dracos forensic flavorDracos forensic flavor
Dracos forensic flavor
Satria Ady Pradana
 
CNIT 152 12. Investigating Windows Systems (Part 3)
CNIT 152 12. Investigating Windows Systems (Part 3)CNIT 152 12. Investigating Windows Systems (Part 3)
CNIT 152 12. Investigating Windows Systems (Part 3)
Sam Bowne
 
CNIT 121: 12 Investigating Windows Systems (Part 1 of 3)
CNIT 121: 12 Investigating Windows Systems (Part 1 of 3)CNIT 121: 12 Investigating Windows Systems (Part 1 of 3)
CNIT 121: 12 Investigating Windows Systems (Part 1 of 3)
Sam Bowne
 
CNIT 152 8. Forensic Duplication
CNIT 152 8. Forensic DuplicationCNIT 152 8. Forensic Duplication
CNIT 152 8. Forensic Duplication
Sam Bowne
 
Open source softrware, group 5 final
Open source softrware, group 5 finalOpen source softrware, group 5 final
Open source softrware, group 5 final
bigrouge
 
5.2. Digital forensics
5.2. Digital forensics5.2. Digital forensics
5.2. Digital forensics
defconmoscow
 
Windowsforensics
WindowsforensicsWindowsforensics
Windowsforensics
Santosh Khadsare
 
CNIT 123 Ch 8: OS Vulnerabilities
CNIT 123 Ch 8: OS VulnerabilitiesCNIT 123 Ch 8: OS Vulnerabilities
CNIT 123 Ch 8: OS Vulnerabilities
Sam Bowne
 
CNIT 123 8: Desktop and Server OS Vulnerabilities
CNIT 123 8: Desktop and Server OS VulnerabilitiesCNIT 123 8: Desktop and Server OS Vulnerabilities
CNIT 123 8: Desktop and Server OS Vulnerabilities
Sam Bowne
 
nexB - Software audit for product release
nexB - Software audit for product releasenexB - Software audit for product release
nexB - Software audit for product release
nexB Inc.
 
nexB - FOSS Introduction
nexB - FOSS IntroductionnexB - FOSS Introduction
nexB - FOSS Introduction
nexB Inc.
 
Volatile IOCs for Fast Incident Response
Volatile IOCs for Fast Incident ResponseVolatile IOCs for Fast Incident Response
Volatile IOCs for Fast Incident Response
Takahiro Haruyama
 
CNIT 129S: Ch 12: Attacking Users: Cross-Site Scripting
CNIT 129S: Ch 12: Attacking Users: Cross-Site ScriptingCNIT 129S: Ch 12: Attacking Users: Cross-Site Scripting
CNIT 129S: Ch 12: Attacking Users: Cross-Site Scripting
Sam Bowne
 
CNIT 128: 3. Attacking iOS Applications (Part 2)
CNIT 128: 3. Attacking iOS Applications (Part 2)CNIT 128: 3. Attacking iOS Applications (Part 2)
CNIT 128: 3. Attacking iOS Applications (Part 2)
Sam Bowne
 
What's with the 1s and 0s? Making sense of binary data at scale with Tika and...
What's with the 1s and 0s? Making sense of binary data at scale with Tika and...What's with the 1s and 0s? Making sense of binary data at scale with Tika and...
What's with the 1s and 0s? Making sense of binary data at scale with Tika and...
gagravarr
 
Msra 2011 windows7 forensics-troyla
Msra 2011 windows7 forensics-troylaMsra 2011 windows7 forensics-troyla
Msra 2011 windows7 forensics-troyla
CTIN
 
Windows registry forensics
Windows registry forensicsWindows registry forensics
Windows registry forensics
Taha İslam YILMAZ
 
Apache Tika
Apache TikaApache Tika
Apache Tika
Jukka Zitting
 
Level1 Part8 End Of The Day
Level1 Part8 End Of The DayLevel1 Part8 End Of The Day
Level1 Part8 End Of The Day
CTIN
 
Part6 Private Sector Concerns
Part6 Private Sector ConcernsPart6 Private Sector Concerns
Part6 Private Sector Concerns
CTIN
 
Files and Folders in Windows 7
Files and Folders in Windows 7Files and Folders in Windows 7
Files and Folders in Windows 7
RIAH ENCARNACION
 
Digital forensic upload
Digital forensic uploadDigital forensic upload
Digital forensic upload
Setia Juli Irzal Ismail
 
Nra
NraNra
Nra
CTIN
 
Digital Forensic: Brief Intro & Research Challenge
Digital Forensic: Brief Intro & Research ChallengeDigital Forensic: Brief Intro & Research Challenge
Digital Forensic: Brief Intro & Research Challenge
Aung Thu Rha Hein
 

Weitere ähnliche Inhalte

Was ist angesagt?

Open source softrware, group 5 final
Open source softrware, group 5 finalOpen source softrware, group 5 final
Open source softrware, group 5 final
bigrouge
 
Volatile IOCs for Fast Incident Response
Volatile IOCs for Fast Incident ResponseVolatile IOCs for Fast Incident Response
Volatile IOCs for Fast Incident Response
Takahiro Haruyama
 
What's with the 1s and 0s? Making sense of binary data at scale with Tika and...
What's with the 1s and 0s? Making sense of binary data at scale with Tika and...What's with the 1s and 0s? Making sense of binary data at scale with Tika and...
What's with the 1s and 0s? Making sense of binary data at scale with Tika and...
gagravarr
 
Msra 2011 windows7 forensics-troyla
Msra 2011 windows7 forensics-troylaMsra 2011 windows7 forensics-troyla
Msra 2011 windows7 forensics-troyla
CTIN
 

Was ist angesagt? (16)

CNIT 121: 12 Investigating Windows Systems (Part 1 of 3)
CNIT 121: 12 Investigating Windows Systems (Part 1 of 3)CNIT 121: 12 Investigating Windows Systems (Part 1 of 3)
CNIT 121: 12 Investigating Windows Systems (Part 1 of 3)
 
CNIT 152 8. Forensic Duplication
CNIT 152 8. Forensic DuplicationCNIT 152 8. Forensic Duplication
CNIT 152 8. Forensic Duplication
 
Open source softrware, group 5 final
Open source softrware, group 5 finalOpen source softrware, group 5 final
Open source softrware, group 5 final
 
5.2. Digital forensics
5.2. Digital forensics5.2. Digital forensics
5.2. Digital forensics
 
Windowsforensics
WindowsforensicsWindowsforensics
Windowsforensics
 
CNIT 123 Ch 8: OS Vulnerabilities
CNIT 123 Ch 8: OS VulnerabilitiesCNIT 123 Ch 8: OS Vulnerabilities
CNIT 123 Ch 8: OS Vulnerabilities
 
CNIT 123 8: Desktop and Server OS Vulnerabilities
CNIT 123 8: Desktop and Server OS VulnerabilitiesCNIT 123 8: Desktop and Server OS Vulnerabilities
CNIT 123 8: Desktop and Server OS Vulnerabilities
 
nexB - Software audit for product release
nexB - Software audit for product releasenexB - Software audit for product release
nexB - Software audit for product release
 
nexB - FOSS Introduction
nexB - FOSS IntroductionnexB - FOSS Introduction
nexB - FOSS Introduction
 
Volatile IOCs for Fast Incident Response
Volatile IOCs for Fast Incident ResponseVolatile IOCs for Fast Incident Response
Volatile IOCs for Fast Incident Response
 
CNIT 129S: Ch 12: Attacking Users: Cross-Site Scripting
CNIT 129S: Ch 12: Attacking Users: Cross-Site ScriptingCNIT 129S: Ch 12: Attacking Users: Cross-Site Scripting
CNIT 129S: Ch 12: Attacking Users: Cross-Site Scripting
 
CNIT 128: 3. Attacking iOS Applications (Part 2)
CNIT 128: 3. Attacking iOS Applications (Part 2)CNIT 128: 3. Attacking iOS Applications (Part 2)
CNIT 128: 3. Attacking iOS Applications (Part 2)
 
What's with the 1s and 0s? Making sense of binary data at scale with Tika and...
What's with the 1s and 0s? Making sense of binary data at scale with Tika and...What's with the 1s and 0s? Making sense of binary data at scale with Tika and...
What's with the 1s and 0s? Making sense of binary data at scale with Tika and...
 
Msra 2011 windows7 forensics-troyla
Msra 2011 windows7 forensics-troylaMsra 2011 windows7 forensics-troyla
Msra 2011 windows7 forensics-troyla
 
Windows registry forensics
Windows registry forensicsWindows registry forensics
Windows registry forensics
 
Apache Tika
Apache TikaApache Tika
Apache Tika
 

Andere mochten auch

Level1 Part8 End Of The Day
Level1 Part8 End Of The DayLevel1 Part8 End Of The Day
Level1 Part8 End Of The Day
CTIN
 
Part6 Private Sector Concerns
Part6 Private Sector ConcernsPart6 Private Sector Concerns
Part6 Private Sector Concerns
CTIN
 
Nra
NraNra
Nra
CTIN
 
Corporate Public Investigations
Corporate Public InvestigationsCorporate Public Investigations
Corporate Public Investigations
CTIN
 
G Infomgnt
G InfomgntG Infomgnt
G Infomgnt
CTIN
 
Sadfe2007
Sadfe2007Sadfe2007
Sadfe2007
CTIN
 
Social Media for Investigations Tools
Social Media for Investigations ToolsSocial Media for Investigations Tools
Social Media for Investigations Tools
Mandy Jenkins
 
Autopsy 3: Free Open Source End-to-End Windows-based Digital Forensics Platform
Autopsy 3: Free Open Source End-to-End Windows-based Digital Forensics PlatformAutopsy 3: Free Open Source End-to-End Windows-based Digital Forensics Platform
Autopsy 3: Free Open Source End-to-End Windows-based Digital Forensics Platform
Basis Technology
 
www.indonezia.net Hacking Windows Registry
www.indonezia.net Hacking Windows Registrywww.indonezia.net Hacking Windows Registry
www.indonezia.net Hacking Windows Registry
Chandra Pr. Singh
 

Andere mochten auch (20)

Level1 Part8 End Of The Day
Level1 Part8 End Of The DayLevel1 Part8 End Of The Day
Level1 Part8 End Of The Day
 
Part6 Private Sector Concerns
Part6 Private Sector ConcernsPart6 Private Sector Concerns
Part6 Private Sector Concerns
 
Files and Folders in Windows 7
Files and Folders in Windows 7Files and Folders in Windows 7
Files and Folders in Windows 7
 
Digital forensic upload
Digital forensic uploadDigital forensic upload
Digital forensic upload
 
Nra
NraNra
Nra
 
Digital Forensic: Brief Intro & Research Challenge
Digital Forensic: Brief Intro & Research ChallengeDigital Forensic: Brief Intro & Research Challenge
Digital Forensic: Brief Intro & Research Challenge
 
Corporate Public Investigations
Corporate Public InvestigationsCorporate Public Investigations
Corporate Public Investigations
 
G Infomgnt
G InfomgntG Infomgnt
G Infomgnt
 
Windows 10 Forensics: OS Evidentiary Artefacts
Windows 10 Forensics: OS Evidentiary ArtefactsWindows 10 Forensics: OS Evidentiary Artefacts
Windows 10 Forensics: OS Evidentiary Artefacts
 
Sadfe2007
Sadfe2007Sadfe2007
Sadfe2007
 
Social Media for Investigations Tools
Social Media for Investigations ToolsSocial Media for Investigations Tools
Social Media for Investigations Tools
 
WinFE: The (Almost) Perfect Triage Tool
WinFE: The (Almost) Perfect Triage ToolWinFE: The (Almost) Perfect Triage Tool
WinFE: The (Almost) Perfect Triage Tool
 
Autopsy 3: Free Open Source End-to-End Windows-based Digital Forensics Platform
Autopsy 3: Free Open Source End-to-End Windows-based Digital Forensics PlatformAutopsy 3: Free Open Source End-to-End Windows-based Digital Forensics Platform
Autopsy 3: Free Open Source End-to-End Windows-based Digital Forensics Platform
 
Using and Developing with Open Source Digital Forensics Software in Digital A...
Using and Developing with Open Source Digital Forensics Software in Digital A...Using and Developing with Open Source Digital Forensics Software in Digital A...
Using and Developing with Open Source Digital Forensics Software in Digital A...
 
Windows nt istallation
Windows nt istallationWindows nt istallation
Windows nt istallation
 
www.indonezia.net Hacking Windows Registry
www.indonezia.net Hacking Windows Registrywww.indonezia.net Hacking Windows Registry
www.indonezia.net Hacking Windows Registry
 
Windows 7-cheat-sheet
Windows 7-cheat-sheetWindows 7-cheat-sheet
Windows 7-cheat-sheet
 
NTFS vs FAT
NTFS vs FATNTFS vs FAT
NTFS vs FAT
 
Linux forensics
Linux forensicsLinux forensics
Linux forensics
 
Installation of Joomla on Windows XP
Installation of Joomla on Windows XPInstallation of Joomla on Windows XP
Installation of Joomla on Windows XP
 

Ähnlich wie OSDF 2013 - Autopsy 3: Extensible Desktop Forensics by Brian Carrier

Dd13.2013.milano.open ntf
Dd13.2013.milano.open ntfDd13.2013.milano.open ntf
Dd13.2013.milano.open ntf
Ulrich Krause
 
Open source caqdas what is in the box and what is missing
Open source caqdas what is in the box and what is missingOpen source caqdas what is in the box and what is missing
Open source caqdas what is in the box and what is missing
Merlien Institute
 

Ähnlich wie OSDF 2013 - Autopsy 3: Extensible Desktop Forensics by Brian Carrier (20)

Autopsy Digital forensics tool
Autopsy Digital forensics toolAutopsy Digital forensics tool
Autopsy Digital forensics tool
 
ImpressCMS Workshop at FSOSS 2010
ImpressCMS Workshop at FSOSS 2010ImpressCMS Workshop at FSOSS 2010
ImpressCMS Workshop at FSOSS 2010
 
Thrombus Training Dec. 2013
Thrombus Training Dec. 2013Thrombus Training Dec. 2013
Thrombus Training Dec. 2013
 
Linux a free and open source operating system
Linux a free and open source operating systemLinux a free and open source operating system
Linux a free and open source operating system
 
Linux a free and open source operating system
Linux a free and open source operating systemLinux a free and open source operating system
Linux a free and open source operating system
 
The Latest and Greatest from OpenNTF and the IBM Social Business Toolkit, #dd13
The Latest and Greatest from OpenNTF and the IBM Social Business Toolkit, #dd13The Latest and Greatest from OpenNTF and the IBM Social Business Toolkit, #dd13
The Latest and Greatest from OpenNTF and the IBM Social Business Toolkit, #dd13
 
4055-841_Project_ShailendraSadh
4055-841_Project_ShailendraSadh4055-841_Project_ShailendraSadh
4055-841_Project_ShailendraSadh
 
Reproducibility and automation of machine learning process
Reproducibility and automation of machine learning processReproducibility and automation of machine learning process
Reproducibility and automation of machine learning process
 
Dd13.2013.milano.open ntf
Dd13.2013.milano.open ntfDd13.2013.milano.open ntf
Dd13.2013.milano.open ntf
 
Cotopaxi - IoT testing toolkit (3rd release - Black Hat Europe 2019 Arsenal)
Cotopaxi - IoT testing toolkit (3rd release - Black Hat Europe 2019 Arsenal)Cotopaxi - IoT testing toolkit (3rd release - Black Hat Europe 2019 Arsenal)
Cotopaxi - IoT testing toolkit (3rd release - Black Hat Europe 2019 Arsenal)
 
History of L0phtCrack
History of L0phtCrackHistory of L0phtCrack
History of L0phtCrack
 
Open source caqdas what is in the box and what is missing
Open source caqdas what is in the box and what is missingOpen source caqdas what is in the box and what is missing
Open source caqdas what is in the box and what is missing
 
CS403: Operating System : Lec 3 Popular types of OS (2).pptx
CS403: Operating System : Lec 3 Popular types of OS (2).pptxCS403: Operating System : Lec 3 Popular types of OS (2).pptx
CS403: Operating System : Lec 3 Popular types of OS (2).pptx
 
Memory Forensics
Memory ForensicsMemory Forensics
Memory Forensics
 
Embedded Android : System Development - Part I
Embedded Android : System Development - Part IEmbedded Android : System Development - Part I
Embedded Android : System Development - Part I
 
Modern Reconnaissance Phase on APT - protection layer
Modern Reconnaissance Phase on APT - protection layerModern Reconnaissance Phase on APT - protection layer
Modern Reconnaissance Phase on APT - protection layer
 
01 Metasploit kung fu introduction
01 Metasploit kung fu introduction01 Metasploit kung fu introduction
01 Metasploit kung fu introduction
 
Using oss at an internet company and hacker culture; Linux Enterprise Users M...
Using oss at an internet company and hacker culture; Linux Enterprise Users M...Using oss at an internet company and hacker culture; Linux Enterprise Users M...
Using oss at an internet company and hacker culture; Linux Enterprise Users M...
 
Introduction to Plone (November 2003)
Introduction to Plone (November 2003)Introduction to Plone (November 2003)
Introduction to Plone (November 2003)
 
RAD with IPF on ImpressCMS 1.2
RAD with IPF on ImpressCMS 1.2RAD with IPF on ImpressCMS 1.2
RAD with IPF on ImpressCMS 1.2
 

Mehr von Basis Technology

Product Update: Customization with Rosette
Product Update: Customization with RosetteProduct Update: Customization with Rosette
Product Update: Customization with Rosette
Basis Technology
 
Smart Matching for Screening Webinar - May 2020
Smart Matching for Screening Webinar - May 2020Smart Matching for Screening Webinar - May 2020
Smart Matching for Screening Webinar - May 2020
Basis Technology
 
Rosette Product Update (May 2019)
Rosette Product Update (May 2019)Rosette Product Update (May 2019)
Rosette Product Update (May 2019)
Basis Technology
 
Simple fuzzy name matching in elasticsearch paris meetup
Simple fuzzy name matching in elasticsearch paris meetupSimple fuzzy name matching in elasticsearch paris meetup
Simple fuzzy name matching in elasticsearch paris meetup
Basis Technology
 
Simple fuzzy Name Matching in Elasticsearch - Graham Morehead
Simple fuzzy Name Matching in Elasticsearch - Graham MoreheadSimple fuzzy Name Matching in Elasticsearch - Graham Morehead
Simple fuzzy Name Matching in Elasticsearch - Graham Morehead
Basis Technology
 
Optimizing multilingual search in SOLR
Optimizing multilingual search in SOLROptimizing multilingual search in SOLR
Optimizing multilingual search in SOLR
Basis Technology
 
HLT 2013 - Big Data Navigation and Discovery by Stefan Andreasen & Jeff Godbold
HLT 2013 - Big Data Navigation and Discovery by Stefan Andreasen & Jeff GodboldHLT 2013 - Big Data Navigation and Discovery by Stefan Andreasen & Jeff Godbold
HLT 2013 - Big Data Navigation and Discovery by Stefan Andreasen & Jeff Godbold
Basis Technology
 
HLT 2013 - Adapting News-Trained Entity Extraction to New Domains and Emergin...
HLT 2013 - Adapting News-Trained Entity Extraction to New Domains and Emergin...HLT 2013 - Adapting News-Trained Entity Extraction to New Domains and Emergin...
HLT 2013 - Adapting News-Trained Entity Extraction to New Domains and Emergin...
Basis Technology
 
HLT 2013 - From Research to Reality: Advances in HLT by David Murgatroyd
HLT 2013 - From Research to Reality: Advances in HLT by David MurgatroydHLT 2013 - From Research to Reality: Advances in HLT by David Murgatroyd
HLT 2013 - From Research to Reality: Advances in HLT by David Murgatroyd
Basis Technology
 
Big Data Triage with Rosette Human Language Technology Conference
Big Data Triage with Rosette Human Language Technology ConferenceBig Data Triage with Rosette Human Language Technology Conference
Big Data Triage with Rosette Human Language Technology Conference
Basis Technology
 
Multilingual Search and Text Analytics with Solr - Open Source Search Conference
Multilingual Search and Text Analytics with Solr - Open Source Search ConferenceMultilingual Search and Text Analytics with Solr - Open Source Search Conference
Multilingual Search and Text Analytics with Solr - Open Source Search Conference
Basis Technology
 

Mehr von Basis Technology (19)

Product Update: Customization with Rosette
Product Update: Customization with RosetteProduct Update: Customization with Rosette
Product Update: Customization with Rosette
 
Smart Matching for Screening Webinar - May 2020
Smart Matching for Screening Webinar - May 2020Smart Matching for Screening Webinar - May 2020
Smart Matching for Screening Webinar - May 2020
 
Understanding Names with Neural Networks - May 2020
Understanding Names with Neural Networks - May 2020Understanding Names with Neural Networks - May 2020
Understanding Names with Neural Networks - May 2020
 
Rosette Product Update (May 2019)
Rosette Product Update (May 2019)Rosette Product Update (May 2019)
Rosette Product Update (May 2019)
 
Simple fuzzy name matching in elasticsearch paris meetup
Simple fuzzy name matching in elasticsearch paris meetupSimple fuzzy name matching in elasticsearch paris meetup
Simple fuzzy name matching in elasticsearch paris meetup
 
Simple fuzzy Name Matching in Elasticsearch - Graham Morehead
Simple fuzzy Name Matching in Elasticsearch - Graham MoreheadSimple fuzzy Name Matching in Elasticsearch - Graham Morehead
Simple fuzzy Name Matching in Elasticsearch - Graham Morehead
 
Optimizing multilingual search in SOLR
Optimizing multilingual search in SOLROptimizing multilingual search in SOLR
Optimizing multilingual search in SOLR
 
Gregor Stewart - OSIRA 2014
Gregor Stewart - OSIRA 2014Gregor Stewart - OSIRA 2014
Gregor Stewart - OSIRA 2014
 
Basis Technology showcase at elasticsearch meetup in Japan
Basis Technology showcase at elasticsearch meetup in JapanBasis Technology showcase at elasticsearch meetup in Japan
Basis Technology showcase at elasticsearch meetup in Japan
 
Rosette Search Essentials for Elasticsearch
Rosette Search Essentials for ElasticsearchRosette Search Essentials for Elasticsearch
Rosette Search Essentials for Elasticsearch
 
HLT 2013 - Big Data Navigation and Discovery by Stefan Andreasen & Jeff Godbold
HLT 2013 - Big Data Navigation and Discovery by Stefan Andreasen & Jeff GodboldHLT 2013 - Big Data Navigation and Discovery by Stefan Andreasen & Jeff Godbold
HLT 2013 - Big Data Navigation and Discovery by Stefan Andreasen & Jeff Godbold
 
HLT 2013 - Triaging Foreign Language Documents for MEDEX by Brian Carrier
HLT 2013 - Triaging Foreign Language Documents for MEDEX by Brian CarrierHLT 2013 - Triaging Foreign Language Documents for MEDEX by Brian Carrier
HLT 2013 - Triaging Foreign Language Documents for MEDEX by Brian Carrier
 
OSS 2013 - Real World Facets with Entity Resolution by Benson Margulies
OSS 2013 - Real World Facets with Entity Resolution by Benson MarguliesOSS 2013 - Real World Facets with Entity Resolution by Benson Margulies
OSS 2013 - Real World Facets with Entity Resolution by Benson Margulies
 
HLT 2013 - Adapting News-Trained Entity Extraction to New Domains and Emergin...
HLT 2013 - Adapting News-Trained Entity Extraction to New Domains and Emergin...HLT 2013 - Adapting News-Trained Entity Extraction to New Domains and Emergin...
HLT 2013 - Adapting News-Trained Entity Extraction to New Domains and Emergin...
 
HLT 2013 - From Research to Reality: Advances in HLT by David Murgatroyd
HLT 2013 - From Research to Reality: Advances in HLT by David MurgatroydHLT 2013 - From Research to Reality: Advances in HLT by David Murgatroyd
HLT 2013 - From Research to Reality: Advances in HLT by David Murgatroyd
 
A Lightning Introduction To Clouds & HLT - Human Language Technology Conference
A Lightning Introduction To Clouds & HLT - Human Language Technology ConferenceA Lightning Introduction To Clouds & HLT - Human Language Technology Conference
A Lightning Introduction To Clouds & HLT - Human Language Technology Conference
 
Moving Beyond Entity Extraction to Entity Resolution - Human Language Technol...
Moving Beyond Entity Extraction to Entity Resolution - Human Language Technol...Moving Beyond Entity Extraction to Entity Resolution - Human Language Technol...
Moving Beyond Entity Extraction to Entity Resolution - Human Language Technol...
 
Big Data Triage with Rosette Human Language Technology Conference
Big Data Triage with Rosette Human Language Technology ConferenceBig Data Triage with Rosette Human Language Technology Conference
Big Data Triage with Rosette Human Language Technology Conference
 
Multilingual Search and Text Analytics with Solr - Open Source Search Conference
Multilingual Search and Text Analytics with Solr - Open Source Search ConferenceMultilingual Search and Text Analytics with Solr - Open Source Search Conference
Multilingual Search and Text Analytics with Solr - Open Source Search Conference
 

Kürzlich hochgeladen

TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
UK Journal
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
vu2urc
 

Kürzlich hochgeladen (20)

AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation Strategies
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdf
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of Brazil
 

OSDF 2013 - Autopsy 3: Extensible Desktop Forensics by Brian Carrier

  • 1. Autopsy 3: Extensible Desktop Forensics Brian Carrier VP Digital Forensics Basis Technology
  • 2. Part 1: What is Autopsy? 2
  • 3. Elevator Pitch • Autopsy is an open source desktop digital forensics tool that is: – Easy to use – Extensible – Capable 3
  • 4. Brief History • 2001: First Open Source Release – Interface to The Sleuth Kit – Linux and OS X only • 2010: Started v3 from scratch as a platform – Inspired by OSDFCon discussions – Windows-based – Automated – Some US Army funding (with 42Six Solutions) – 3.0.0 released in September, 2012. 4
  • 6. Easy To Use • Auto detect as much as possible. • Guide you to next step: – After case is created: Start Add Data Source Wizard • All results are found in the tree. • History buttons to allow you to back out. • …. 6
  • 7. Frameworks • Ingest Modules analyze media on import – Hash analysis, keyword search,… • Content viewers display files – Text, image, text analytics, video triage, … • Report modules generate final reports – HTML, XML, … • ... • Would love feedback from other developers! 7
  • 8. Fast Results • Don’t wait until ingest is over to see results. • Provided as soon as they are known. • Indexed keyword search results: – Given every 5 minutes. • Prioritize user folders first. 8
  • 9. Standard Features • File System Analysis (via The Sleuth Kit) – NTFS, FAT, HFS+, ExtX, UFS, ISO9660, YAFFS2, etc. • Hash calculation and lookup • Keyword search (via SOLR) • Web artifact extraction • EXIF and image analysis • Tagging and Reporting • View by file types, sizes, etc. • View pictures and videos 9
  • 10. Part 2: What Is New Since OSDFCon 2012? 10
  • 11. Improvements • Many performance & stability improvements • Bug fixes • Better HTML Reports (speed, content, etc.) • Error reporting in lower right bubbles • Ingest Inbox updates • More developer docs and sample modules • Closer to Linux / OS X installers • New logo 11
  • 13. OS X Screen Shot 13
  • 14. New Features • Data Sources: – Local (logical) files and local drives – Ext4 and Yaffs2 (via Sleuth Kit) • Analytics: – ZIP / Archive Module – Raw RegRipper output – File Metadata viewer – Beta Timeline Viewer 14
  • 15. New Features (2) • General: – Tags and bookmarks – 64-bit Version (faster, more memory) – Multi-select tagging and exporting • External modules: – Basis Technology’s Video Triage module – Basis Technology’s Text Gisting module 15
  • 18. Download Stats • Version 3.0.6 had almost 15,000 official downloads between June and October. 18
  • 19. Part 3: What Is Coming? 19
  • 20. Future Features • Updatable Hash Databases (SQLite-based) • Delete Tags • Carving via Scalpel (need to plug memory leaks) • ExFAT support (via NPS contract) • OS X and Linux installers • New focus on optimizing for search – Keyword search UI – Filtering of files 20
  • 21. Future Features • Training: – Next Course: March 19-20 in Herndon, VA. • Online forum for users and developers • More third-party modules…. – Module Competition 21
  • 22. DHS Funded Effort • Problems: – Increasing backlogs from more media – Decreasing law enforcement budgets • Proposed Solution: – Make tools that are tailored towards common law enforcement use cases. • Image and video analysis • Timeline analysis – Release as free, open source Autopsy modules. 22
  • 23. Image Analysis • Incorporate techniques used by photo management software into digital forensics software. • Enable law enforcement to: – Quickly identify known images – Efficiently review child exploitation images of unknown victims. • Beta will be available in January. – Looking for law enforcement users. 23
  • 26. Get Involved • Download now: – http://www.sleuthkit.org/ • Join sleuthkit-users e-mail list. • Follow @sleuthkit on twitter for updates. • Develop modules instead of stand-alone tools. • Questions? 26