Digital forensics with Autopsy
Now that we have our sample image file downloaded (or perhaps even a forensically acquired image of our own), let's proceed with the analysis using the Autopsy browser by first getting acquainted with the different ways to start Autopsy.
Starting Autopsy
Autopsy can be started in two ways. The first uses the Applications
menu by clicking on Applications
| 11 - Forensics
| autopsy
:
Alternatively, we can click on the Show applications icon (last item in the side menu) and type autopsy
into the search bar at the top-middle of the screen and then click on the autopsy
icon:
Once the autopsy
icon is clicked, a new terminal is opened showing the program information along with connection details for opening the The
Autopsy Forensic Browser
.
In the following screenshot, we can see that the version number is listed as 2.24
with the path to the Evidence Locker
folder as /var/lib/autopsy
:
To open the Autopsy browser, position the mouse over the link in the terminal, then right...