Quick Preview of Drives Using Autopsy

Ann Priestman
Basis Technology

Track 2

Triaging is useful to quickly determine which digital devices have contraband, intelligence, or evidence. You can the prioritize your efforts on those devices first. Autopsy has a variety of features that are targeted at triage and this talk will show you what they are and how to use them. Autopsy is free to download and use, so it is easy to add to your toolkit.

In this talk, we’ll cover making a USB device to triage a live computer or analyzing a USB-connected device. We’ll cover how you can make an image of the device during the triage and how to use ingest profiles to easily configure which modules and files to analyze. Autopsy can perform any of its analysis on the device during triage, including the typical hash analysis, keyword searches, and EXIF extraction.

Ann is a senior software engineer on the digital forensics team at Basis Technology. Prior to coming to Basis, she did the opposite as a software reverse engineer with the Department of Defense. In her free time, Ann is an obstacle racer and aspiring aerialist.