Scribd
Upload
35 views3 pages

CEH-B20 Final Project

Uploaded by

that.is.naufal
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
35 views3 pages

CEH-B20 Final Project

Uploaded by

that.is.naufal
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 3

Forensic Analysis of a .

dd Image using Autopsy


Objective

Perform forensic analysis on a .dd image file using Autopsy and find the details.

Prerequisites

1. Software:
o Autopsy installed on your system. (Windows/Linux/Mac)
o dd image file provided by the instructor (e.g., evidence.dd).
2. Knowledge:
o Basics of forensic investigations.
o Understanding of file systems (e.g., NTFS, FAT32).

Lab Setup

1. Download the .dd image file from the link


2. https://drive.google.com/file/d/1LRPDSLn7ywiGg-rjFE0t-
uUfN80R_ejh/view?usp=sharing
3. Install and configure Autopsy if not already installed.

procedure

1. Start Autopsy

1. Open Autopsy on your computer.


2. Create a new case:
o Case Name: StudentName_CaseStudy
o Base Directory: Choose a directory for storing case data.
3. Fill in case details such as investigator name and case number.

2. Add the Disk Image

1. In the Case Dashboard, click on "Add Data Source".


2. Select "Disk Image or VM File" and click Next.
3. Browse and select the .dd file (e.g., evidence.dd).
4. Assign a name to the data source (e.g., "ForensicDisk") and click Next.
5. Wait for Autopsy to process the image.
Details to Extract

1. File Analysis:
2. Keyword Search:
3. Recover Deleted Files:
4. Web Artifacts:
5. Metadata Extraction:

4. Note Key Findings

Record key findings during your investigation:

• Suspicious files.
• Evidence of deleted data.
• Any sensitive information (passwords, emails, etc.).
• Observations about timestamps or anomalies.

5. Generate a Report

1. Go to the Generate Report section.


2. Select the type of report (HTML, Excel, etc.).
3. Add a summary of your findings and conclusions.
4. Save and export the report.

Tasks for Students

1. List all deleted files recovered, including their file paths.


2. Provide screenshots of:
o Metadata of a suspicious file.
o Browser history analysis.
3. Write a short paragraph explaining how the .dd image relates to the forensic
investigation.

Project Submission

• Submit the exported report along with your observations and answers to the tasks in a
Word or PDF document.
• Include screenshots of your analysis as evidence.
Tips

• Use filters to simplify your analysis (e.g., filtering by file type or date).
• Pay attention to files in the Recycle Bin or Temporary Internet Files.
• Document everything; proper documentation is crucial in forensic investigations

You might also like