Using Past Data to Determine Relevance in Autopsy

Brian Carrier
Basis Technology

A big theme for Autopsy recently has been on making sure that the most relevant data is elevated to the user. The new File Discovery UI can take number of past occurrences into account of a file to help prioritize the file. The more a file was seen before and not tagged, the less likely it is to be shown to you in future cases. Instead, you can focus on the new and unique files not seen before.

In this talk, we’ll show the new File Discovery UI, the Central Repository that stores hashes from your past cases, and how the two work together. We’ll also talk about future directions of the File Discovery UI and how you can save your search settings to more quickly triage data. \

About Brian Carrier

As CTO at Basis Technology, Brian Carrier leads the digital forensics team, which builds software for incident response, digital forensics, and custom mission needs. He is the author of the book, File System Forensic Analysis—used as a textbook in many college-level forensics classes—and developer of several open-source digital forensics analysis tools, including The Sleuth Kit and Autopsy. Brian is an active practitioner in the field of digital forensics and continues to develop new techniques for incident response and forensics. He implements his broad and deep practical experience in open source software, which makes that knowledge available to incident response and law enforcement professionals, saving them time in the field.

Brian has a Ph.D. in computer science from Purdue University and worked previously for @stake as a research scientist and the technical lead for their digital forensics lab and incident response team. Brian is the chairperson for the Open Source Digital Forensics Conference (OSDFCon). Besides OSDFCon, Brian has spoken at conferences including DOD Cyber Crime Conference (as keynote speaker), High Tech Crime Investigators Association (HTCIA), Digital Forensics Research Workshop (DFRWS), American Academy of Forensic Sciences (AAFS), National Cyber Crime Conference (NCCC), and Techno Security.