This is so awesome! I'm super interested in digital forensic investigation and in the future I would love to work for The High Tech Crime Unit (HTCU) of Thames Valley Police (UK). I have just started looking in to digital forensic investigation and there's a lot to learn. I have a tiny bit of knowledge in penetration testing and general IT which helps quite a bit. Overall, awesome tutorial and have subscribed for future videos. Keep up the awesome work! :D
9:41 sir how you got direct to select data source? Actually i am very new to this app and i have to use this app for my internship. I don't know which data source type i should select to get what you have. Can you please help me?
Hey! Apologies for the random question but just regarding an issue I’m having with autopsy as I’m new to using it. In the extracted content metadata section the results tab is showing a file created in 2017 while the file meta data tab shows 2020 A bit confused which creation date I should be recording! Thanks for any help!
thanks for you videos. you videos are so easy to understand. love it. i'm starting to learn about forensic investigation topic. you videos are helping me a lot. could you make a video sometimes about how someone can start to learn about forensic topic. specially when they just started and where to start and maybe lab setup.. .keep up good work and looking for new videos every week if possible ;)
Hey Josh, can you suggest a good test disk image for someone learning DF, I went to Digital Corpora, but some were too advanced for my skill level (dealing with networks) and the one dealing with the terrorist attack in DC was not available.
Hello. Check out dfir.training - he has a great list of resources: www.dfir.training/index.php/lists/test-images-and-challenges If you want something very basic with a guide I highly recommend Linux LEO: www.linuxleo.com/
If the phone was assigned a drive letter (like E:), it should show up when you try to add source type "Local Disk", then select the drive letter. In older phones you can set your phone to be a "USB Mass Storage Device." Newer phones use MTP. MTP will likely cause problems with Autopsy reading directly. If you are trying to 'do forensics' on the device, connecting directly is not recommended. Even with a write blocker, the device may still make changes to the data. It is better to make an image of the mobile device, and analyze the image with Autopsy.
Sorry about that. Here they are: Autopsy: sleuthkit.org/autopsy/download.php Digital Corpora (test images): digitalcorpora.org/ NIST NSRL (known hash set): www.nsrl.nist.gov/ Please let me know if I missed anything.
If the suspect changed the child exploitation video or image extensions to a totally random, non existing file extension (e.x P01.jpg to P01.aym) how would you be able to tell Autopsy to look for these file extensions? I mean if you do not know the file extension .aym just looking for file types that are not recognised by windows or any other OS?
Neri Matrixx Meta data. There's a neat little tool that can dig into md5 hash and exif data as well as xmp. If you are actually looking into chil abuse look for contact sheets they are databases with md5 hashes of known files.
Bramantyo Adi first check that your offset is correct. Use mmls to list partition information and get the starting offset and verify the file system type. If the offset is correct, try adding -f and the fstype. For some reason sleutkit cannot auto detect the installed fs.
After processing a source file, Autopsy will show a directory tree view on the left-hand side. At the bottom of that view, you should see "Tags." Expand that, and if you have created bookmarks, you will see "Bookmarks." You must tag or bookmark at least one item before the category shows up in the menu.
If you're trying to add local disks (like C:) then you will have to start Autopsy with administrator privileges. If you are opening disk images you can open it as a normal user.
Autopsy is the best kept secret in digital forensics. Love the tool, and love this video. Thank you.
hello may I know how to identify bookmarks?
A video that isn't boring. THANK YOU!! this was super informative and easy to understand
Appreciation. But just Seven minutes dedicated on naming and storing your investigation. Thankyou for the video.
This is an amazing video. Easy and to the point explanation. Excellent work.
This is so awesome! I'm super interested in digital forensic investigation and in the future I would love to work for The High Tech Crime Unit (HTCU) of Thames Valley Police (UK). I have just started looking in to digital forensic investigation and there's a lot to learn. I have a tiny bit of knowledge in penetration testing and general IT which helps quite a bit. Overall, awesome tutorial and have subscribed for future videos. Keep up the awesome work! :D
Skip to 5:18 if youre confident in your ability to name a fucking file
What is the monitoring system on the right side of your screen? Thank you
that's a widget rainmeter
it is probably conky
9:41 sir how you got direct to select data source? Actually i am very new to this app and i have to use this app for my internship. I don't know which data source type i should select to get what you have. Can you please help me?
Hello. Can i know what u are running on the right side of your windows
Very clever making the binary in your description a divider as well as a watermark. "DFScience"
What is the information column on the right? It's called how and could you tell me the software reference please
I need more🔥🔥🔥. Thank you very much for the learning. Can you suggest me where else should I study this?
perfect presentation thank so much and good bless u
Hey! Apologies for the random question but just regarding an issue I’m having with autopsy as I’m new to using it.
In the extracted content metadata section the results tab is showing a file created in 2017 while the file meta data tab shows 2020
A bit confused which creation date I should be recording! Thanks for any help!
well done on your efforts, a fantastically presented video! . A must watch
Do you Know how to install Autopsy on Mac??
thanks for you videos. you videos are so easy to understand. love it. i'm starting to learn about forensic investigation topic. you videos are helping me a lot. could you make a video sometimes about how someone can start to learn about forensic topic. specially when they just started and where to start and maybe lab setup.. .keep up good work and looking for new videos every week if possible ;)
Thanks a lot Ahsan. I think I can make a video about how to get started in forensics. Let me know if you need anything else.
is steganography detected with autopsy?
Hello the video is great thank you for the explanation
I have aquestion my file encrypted with the ransomeware can i fix them with the prog
Thank you so much all your videos,
and one more thing, could also record your video in high quality. i can only see it 360 not 720p. would be great
Yeah - any newer videos should be up to 1080p. Let me know if you have any trouble.
How to find last OS shutdown time by a user in Autopsy?
Hey Josh, can you suggest a good test disk image for someone learning DF, I went to Digital Corpora, but some were too advanced for my skill level (dealing with networks) and the one dealing with the terrorist attack in DC was not available.
Hello. Check out dfir.training - he has a great list of resources: www.dfir.training/index.php/lists/test-images-and-challenges If you want something very basic with a guide I highly recommend Linux LEO: www.linuxleo.com/
Thank you
I can't get it to recognize my phone, even though my phone is visible under "This PC". Does Autopsy not recognize phones?
If the phone was assigned a drive letter (like E:), it should show up when you try to add source type "Local Disk", then select the drive letter. In older phones you can set your phone to be a "USB Mass Storage Device." Newer phones use MTP. MTP will likely cause problems with Autopsy reading directly. If you are trying to 'do forensics' on the device, connecting directly is not recommended. Even with a write blocker, the device may still make changes to the data. It is better to make an image of the mobile device, and analyze the image with Autopsy.
Okay, which program should I use to make an image of the device? I'm completely brand new at this.
Great video, would it be possible to get the links mentioned?
Sorry about that. Here they are:
Autopsy: sleuthkit.org/autopsy/download.php
Digital Corpora (test images): digitalcorpora.org/
NIST NSRL (known hash set): www.nsrl.nist.gov/
Please let me know if I missed anything.
@@DFIRScience Do you have a guide on best practice for making a computer into an iso without tampering with the information?
If the suspect changed the child exploitation video or image extensions to a totally random, non existing file extension (e.x P01.jpg to P01.aym) how would you be able to tell Autopsy to look for these file extensions? I mean if you do not know the file extension .aym just looking for file types that are not recognised by windows or any other OS?
Neri Matrixx Meta data. There's a neat little tool that can dig into md5 hash and exif data as well as xmp. If you are actually looking into chil abuse look for contact sheets they are databases with md5 hashes of known files.
Good one. but background music is interrupting
sorry, I just figured out the video problem. at home ICAN watch your videos with HD quality. but in my university lower quality.
Can you help me ? I aopruciate your answer. While im trying to mount image i had error massage : cannot determine file system : offset 63. Thank you
Bramantyo Adi first check that your offset is correct. Use mmls to list partition information and get the starting offset and verify the file system type. If the offset is correct, try adding -f and the fstype. For some reason sleutkit cannot auto detect the installed fs.
may I know how to identify bookmarks?
After processing a source file, Autopsy will show a directory tree view on the left-hand side. At the bottom of that view, you should see "Tags." Expand that, and if you have created bookmarks, you will see "Bookmarks." You must tag or bookmark at least one item before the category shows up in the menu.
@@DFIRScience its okay now. I have downloaded the wrong version of the tool. That's why it wont show up. Thank you anyway ❤️
please i need help with my assignment please i beg off you
Awesome. Thank you.
thanks!
i guess u need a disk image for android phone ... how to image a phone... ?? thx
Bro, Disks were not detected .
If you're trying to add local disks (like C:) then you will have to start Autopsy with administrator privileges. If you are opening disk images you can open it as a normal user.
>Widnows 10
Hmm.
(I mean I still subscribed it just made me giggle.)
Better without the music. The music is distracting from your speaking.
Thanks for the feedback!
@@DFIRScience you are in my digital forensics class as recommended watching.
@@rosiemaldonado8309 cool! Let me know if you have any questions. 😸
Where can I get free evidence files for testing
Various disk images can be found at the Digital Corpora: digitalcorpora.org/
Uh...
Sweet Jesus, man! A 30-minute video and 5 minutes are spent on the case name?
Sure is. Most labs I've worked in have no naming standards. It's one of the easiest ways to organize across the team, but often overlooked.
5 minutes spent on the case name what a waste of time i wont even watch the rest