Autopsy and FTK Imager Tools Quiz

Questions and Answers

What are the key tasks involved in using the Autopsy software?

Recover Word files, images, search key words, create a case, choose data format, find deleted files, tag files, recover deleted files, search keywords, generate reports.

How can you create a case in Autopsy software?

Create a case by providing a name and details for the case.

What is the exercise involving regular expression in Autopsy software?

Finding all phone numbers using regular expression.

What is the purpose of examining a file in a USB using TSK in Autopsy software?

To show details of the image format, file system details, list allocated and deleted file names, recover deleted files, extract data units, and display statistics.

Why is Autopsy considered a powerful digital forensic tool?

Autopsy can extract information from digital devices and generate timeline reports.

What are some of the steps involved in recovering deleted files using Autopsy software?

Tag the file, create a tag for reporting, tag both deleted files, and recover the deleted file.

What is the primary purpose of email analytics?

To track how subscribers interact with emails and optimize email campaigns for better performance

What tool is used to analyze the email header and check for SPF and DKIM authentication in the experiment?

MXtoolbox analyzer

What does SPF authentication help to analyze in email analysis?

Whether the received mail is intentionally correct

What is the purpose of using DKIM authentication in email analysis?

To analyze whether the received mail is intentionally correct

What is the name of the tool used to generate a timeline report in Experiment 9?

Autopsy

What is the outcome of performing email analysis using the steps outlined in Experiment 8?

To know about the correct or incorrect domain

What tool can be used to create disk images that Autopsy performs operations on?

FTK Imager

What is the last step in the process of generating a report using Autopsy?

Click 'Close' to close the report generation progress window.

In the context of email analysis, what is SPF authentication?

SPF (Sender Policy Framework) is a method used to prevent sender address forgery and detect email spoofing.

In the context of email analysis, what is DKIM authentication?

DKIM (DomainKeys Identified Mail) is a method used to validate the authenticity of email messages.

What is MXToolbox used for?

MXToolbox is a tool used for email server diagnostics, including checking blacklists and performing email deliverability tests.

What is the main purpose of generating timeline reports using Autopsy?

The main purpose of generating timeline reports using Autopsy is to visualize and analyze the activity on a digital device over a period of time.

Study Notes

Autopsy Tasks

• Autopsy can recover deleted files, including Word files and images
• Search for key words using regular expressions
• Steps to create a case in Autopsy:
  • Create a case with a name and details
  • Choose the data format and image file
  • Find and tag deleted files
  • Recover deleted files and search for keywords
  • Generate reports
• Exercise: Find all phone numbers using regular expression

Examining a File in USB using TSK

• Download a USB image
• Use TSK to show the details of the image format
• Show file system details and statistics, including layout, sizes, and labels
• List allocated and deleted file names in a directory
• Display deleted entries only
• Recover deleted file using inode
• Extract the data units of a file (e.g. letter1.txt)
• Display the statistics and details about a given metadata structure
• Extract the contents of a given data unit
• List the details about data units and extract the unallocated space of the file system
• Extract the contents of a given data unit in Hex

Email Analysis

• Email analytics is the method of tracking how subscribers interact with emails
• MxToolBox is a tool that provides free, fast, and accurate network diagnostic and lookup tools
• Steps to analyze an email:
  • Open the email and click on "more" and then "original message"
  • Copy the header to the clipboard and analyze it using MxToolbox analyzer
  • Check for SPF and DKIM authentication
  • Determine if the received mail is from a correct or incorrect domain

Generating a Timeline Report using Autopsy

• Autopsy performs operations onto disk images created using tools like FTK Imager
• Steps to install Autopsy:
  • Download and install Autopsy for 64bit
  • Run as administrator
  • Select "desktop option" and install
• Steps to generate a timeline report:
  • Open Autopsy and create a new case
  • Add a data source and select the appropriate data source type
  • Generate a report in Excel format
  • Configure the returned results and select "All results" or "Tagged results"
  • Autopsy will generate the report and show the link where it is saved

Description

This quiz covers the use of Autopsy for operations on disk images, created with tools like FTK Imager. Learn about installing Autopsy and setting up a new case, adding data sources, and more. Follow the provided steps to get started with using Autopsy.