In this lab you will need to work in your group. There are two things that you will need to do. You are provided with a forensic image already created with the FTK Imager for examination. This image can be downloaded from Moodle section Lab Material→Lab work week 3. You will need to load Autopsy (a tool for digital forensics) and search for evidence. We will assume that the evidence is relevant to “dogs” due to the sensitivity of the task. If you have Windows, you can quickly download the Autopsy tool and install it. The windows tool has a nice and easy GUI to use (Autopsy – Download). If you want to use any type of Linux environment, you can access Autopsy. Once in Autopsy you will be asked to create a case and use the keyword search functionality and identify any relevant evidence.
You can also follow the material on how to use Autopsy that will be covered in week 9.
Questions: What type of keywords would you use if you are searching for dogs? Produce a relevant list. By investigating the extracted files, is there anything noticeable? What type of evidence can you gather? In the end of the lab, you will need to produce an evidence list that could be used for the next stage of the investigation.
The report for week 3’s section should include all the answers relevant to the questions posed above and, in the end, a full list of identified evidence should be presented. This part of the report should not exceed 3 pages.