Premise
In this video walkthrough, we covered disk analysis with Autopsy. We performed forensic analysis on the disk to extract artifacts. The scenario is taken from TryHackMe Autopsy room.
Learn how to use Autopsy to investigate artifacts from a disk image. Use your knowledge to investigate an employee who is being accused of leaking private company data.
Room Link
https://tryhackme.com/room/btautopsye0
Answers to the questions
What is the full name of the operating system version?
What percentage of the drive are documents? Include the % in your answer.
The majority of file events occurred on what date? (MONTH DD, YYYY)
What is the name of an Installed Program with the version number of 6.2.0.2962?
A user has a Password Hint. What is the value?
Numerous SECRET files were accessed from a network drive. What was the IP address?
What web search term has the most entries?
What was the web search conducted on 3/25/2015 21:46:44?
What binary is listed as an Interesting File?
Video Walk-through