Multiverse 2.357
paused to apply patches
The makers of Autopsy and The Sleuth Kit forensic software are offering their Autopsy training course for a month for all those of us who are staying at home due to Covid-19. The course is from Basis Technology and the offer ends on May 15th. Go here for details: https://autopsy.com/support/training/covid-19-free-autopsy-training/
Autopsy is a general purpose toolkit for digital forensic investigations. It provides a GUI for their Sleth Kit software and other software, and is extensible via modules. The nice thing about Autopsy is the ability to automate the process of churning through and organizing large amounts of data like images from laptops and smartphones.
Basically you feed Autopsy data from disk images and let it parse through the files and then feed the results through modules to analyze. You end up with file and data -centric views of the source, or communications-based views of the data, or a chronological timeline of events and activity.
The latest version has apparently added the ability to work as teams, using a shared central repository, and that collborative capability has been integrated into many of the basic functions of the software. This is probably a huge deal for organizations with large enough teams to have specialization, that can now have people working on their individual areas of expertise. Best of all it’s free, although osme 3rd party modules are not, and the company offers paid support for corporate customers.
There’s no telling how many pieces of FOSS utilities Autopsy uses under the hood, but it covers most of the bases. In the course I saw mentions of regripper, photorec and more, but also they have added custom code for some parts where nothing quite fit the goals for a particular part of the system.
I didn’t see any ability to handle IoS device images like iPhones, and that’s an issue. A philosophical complaint I have is that it’s written in Java, which I try to keep off my machines. A better way to get platform cross-compatibility of course, is to be web-based like this tool used to be. In fact, forensic-oriented linux distros come with the old web-based version 2.x installed by default. Those did not support using a central repository, so it’s not a viable alternative for many teams.
All in all, I was quite happy to learn about this product, which has changed substantially from the version I had installed. I must comment too that the training course was very well done. As someone who used to create online training for a living take my word for it! There are sample files that go with the course too, so you can try the concepts that are explained in the course. I encourage anyone who is interested to try it today!