In this video walkthrough, we covered disk analysis with Autopsy. We performed forensic analysis on the disk to extract artifacts. The scenario is taken from TryHackMe Autopsy room.

Learn how to use Autopsy to investigate artifacts from a disk image. Use your knowledge to investigate an employee who is being accused of leaking private company data.

Get Computer Forensics Notes

Room Link

Answers to the questions

What is the full name of the operating system version?

What percentage of the drive are documents? Include the % in your answer.

The majority of file events occurred on what date? (MONTH DD, YYYY)

What is the name of an Installed Program with the version number of

A user has a Password Hint. What is the value?

Numerous SECRET files were accessed from a network drive. What was the IP address?

What web search term has the most entries?

What was the web search conducted on 3/25/2015 21:46:44?

What binary is listed as an Interesting File?

What self-assuring message did the ‘Informant’ write for himself on a Sticky Note? (no spaces)

Video Walk-through



About the Author

Cybersecurity Trainer MS in Cybersecurity Expertise in Healthcare and Finance Industries Penetration tester and compliance auditor

View Articles