Join Jungwoo Ryoo for an in-depth discussion in this video Searching, part of Learning Computer Forensics (2014).
…Having the ability to search in a computer forensics investigation is essential.…Investigators always have a need to do their search, based on…a keyword related to the nature of the case he or she is working on.…To demonstrate how a search is conducted,…using a computer forensics suite, we'll be using a tool called Autopsy here.…Autopsy, is one of the most popular computer forensic software suites out…there, and I highly recommend it.…
Let's start autopsy by clicking on the icon on the desktop.…Do a right click, select Run As Administrator.…We'll start by clicking on Create New Case.…Type your case name, we'll use searching.…Choose your base directory if it's not already chosen.…In my case, I used desktop.…Click on Next, and use case number 001,…examiner, and click on Finish.…
Now the step involves loading an image.…I already created an image of an evidence drive, so we'll be using that image for…this exercise.…Before you click on Browse, make sure the option Image File is selected.…Click on Browse, choose USB Image.001.…
- Understanding computer forensics
- Understanding partitioning
- Using a hex editor
- Preparing a target drive
- Acquiring data
- Ensuring data integrity with hashing
- Indexing and searching
- Generating a report
Skill Level Intermediate
Q: Which operating systems support built-in write blocking?
Q: Are there other ways to access deleted files in the usbimage.001 file?
Small Office Networking to Connect, Share, and Printwith Garrick Chow3h 23m Appropriate for all
1. Understanding Computer Forensics
2. Preparing for a Computer Forensics Investigation
3. Preserving Data
4. Acquiring Data
5. Analyzing Data
Next steps1m 1s
- Mark as unwatched
- Mark all as unwatched
Are you sure you want to mark all the videos in this course as unwatched?
This will not affect your course history, your reports, or your certificates of completion for this course.Cancel
Take notes with your new membership!
Type in the entry box, then click Enter to save your note.
1:30Press on any video thumbnail to jump immediately to the timecode shown.
Notes are saved with you account but can also be exported as plain text, MS Word, PDF, Google Doc, or Evernote.