Hello sir! Thank you for this content. I am doing a sample project on how to create a new case in autopsy. I am using an old iPhone of mine. From what I am researching, would I need to backup my iPhone on an external hard drive as you did and then upload it into FTK imager and then upload to autopsy?
That will be slightly different. You'll need to get the iphone file in a format that autopsy can read. There is a newer ingest module - iLEAPP - it's looking for a tar file. You can extract that a couple of ways. - Or if you have access you can use a tool specifically for mobile forensics. - if not, and you want to use Autopsy anyways, just look for more information on iLEAPP.
Hi, do you know what the advantages are of performing a physical image of a USB drive over performing a logical image of a USB drive? I am writing an assignment on digital forensic examinations and would appreciate the help! Thanks
Logical - you are getting just that partition. There could be other partitions, hidden partitions, and unallocated space that you would ignore without getting the physical. Logical can be quicker, but if you have ability to get the full device, it is going to be a richer capture.
![Twenty One Pilots - “The Line” (from Arcane Season 2) [Official Music Video]](http://i.ytimg.com/vi/E2Rj2gQAyPA/mqdefault.jpg)
Ty you helped me complete my assignment in 5 mins…ty!
Hello sir! Thank you for this content. I am doing a sample project on how to create a new case in autopsy. I am using an old iPhone of mine. From what I am researching, would I need to backup my iPhone on an external hard drive as you did and then upload it into FTK imager and then upload to autopsy?
That will be slightly different. You'll need to get the iphone file in a format that autopsy can read. There is a newer ingest module - iLEAPP - it's looking for a tar file. You can extract that a couple of ways. - Or if you have access you can use a tool specifically for mobile forensics. - if not, and you want to use Autopsy anyways, just look for more information on iLEAPP.
Hi, how can I contact u apart from the comments section?
Hi, do you know what the advantages are of performing a physical image of a USB drive over performing a logical image of a USB drive? I am writing an assignment on digital forensic examinations and would appreciate the help! Thanks
Logical - you are getting just that partition. There could be other partitions, hidden partitions, and unallocated space that you would ignore without getting the physical. Logical can be quicker, but if you have ability to get the full device, it is going to be a richer capture.