Organizing Sponsor
Introducing the Autopsy Logical Imager
Ann Priestman
Basis Technology
Track 2
Sometimes you don’t have the time or authorization to make a full disk image and you want to collect only a subset of files from a live system. The new logical imager tool in Autopsy allows you to do that and this talk will cover how to use this new feature.
The logical imager collects only files that meet certain criteria, which are based on attributes such as name or path. This talk will cover how to create those rules, how to run the imager, and how to import the results back into Autopsy. The imager saves all of the data it reads into a sparse VHD file and we will discuss that format and where else you can use it.
About Ann PriestmanAnn is a senior software engineer on the digital forensics team at Basis Technology. Prior to coming to Basis, she did the opposite as a software reverse engineer with the Department of Defense. In her free time, Ann is an obstacle racer and aspiring aerialist.