Skip to content
/ autopsy-project Public

An autopsy forensic investigation project to educate the use of autopsy

2 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

aswinvk28/autopsy-project

BranchesTags

Repository files navigation

An autopsy project that includes imaging a usb drive and retrieving a report from the drive

Disk-Imaging.gif

It is safer to perform investigation on a Mac or Windows OS because Windows platforms do provide hardware write protection while performing disk imaging on computer hard disk drives. Linux based operating systems do have software write protection. If you have systems such as USB stick containing Linux OS, that is safer to use in case of Linux.

Imaging the USB drive

sudo ./dcfldd-1.3.4-1/dcfldd if=/dev/sdc1 of=./images/usb-image.dd conv=noerror,sync bs=4096

Installing dcfldd

wget http://prdownloads.sourceforge.net/dcfldd/dcfldd-1.3.4-1.tar.gz?download

./configure
make install

Running autopsy

docker-compose up -d --build

Generating report

source ./run_project.sh /opt/autopsy/images/usb-image.dd output.md

About

An autopsy forensic investigation project to educate the use of autopsy

Resources

Readme
Activity

Stars

2 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages