Autopsy

Autopsy is a free and open source analysis tool initially developed by Brian Carrier. Autopsy started as a Graphical User Interface for the underlying Linux-based SleuthKit toolset, but the latest release (version 3) is a standalone tool built for Windows. Autopsy can be downloaded at http://www.sleuthkit.org/autopsy/.

Autopsy is not intended to perform acquisitions of mobile devices, but can analyze the most common Android filesystems (such as YAFFS and ext). For this example, we will load a full physical image obtained via dd from an HTC Droid DNA, as outlined in Chapter 5, Extracting Data Physically from Android Devices.

Creating a case in Autopsy

On opening Autopsy, the user will be prompted to choose Create New Case, Open Recent Case ...

Get Learning Android Forensics now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.