Autopsy Scoring: Finding the Relevant Data with Analysis Results

A big theme with the Basis Technology team has been on bubbling up the relevant data in Autopsy. This year, the backend databases of Cyber Triage and Autopsy combined and the scoring features of Cyber Triage are now in Autopsy. We’re going to talk about how this helps you focus on relevant data faster.

In this talk, we’ll talk about analysis results, conclusions, scores, and combining individual scores to make an aggregate score such as “Notable” or “Likely Notable”. We’ll talk about how modules can create scores and how examiners see them. We’ll cover some other example modules and their use of scores. Scoring is an important capability when making sure examiners see the most relevant data first and we’re excited to share how we’re doing this.

Brian Carrier
Basis Technology

As CTO at Basis Technology, Brian Carrier leads the digital forensics team, which builds software for incident response, digital forensics, and custom mission needs. He is the author of the book, File System Forensic Analysis—used as a textbook in many college-level forensics classes—and developer of several open-source digital forensics analysis tools, including The Sleuth Kit and Autopsy. Brian is an active practitioner in the field of digital forensics and continues to develop new techniques for incident response and forensics. He implements his broad and deep practical experience in open source software, which makes that knowledge available to incident response and law enforcement professionals, saving them time in the field.

Brian has a Ph.D. in computer science from Purdue University and worked previously for @stake as a research scientist and the technical lead for their digital forensics lab and incident response team. Brian is the chairperson for the Open Source Digital Forensics Conference (OSDFCon). Besides OSDFCon, Brian has spoken at conferences including DOD Cyber Crime Conference (as keynote speaker), High Tech Crime Investigators Association (HTCIA), Digital Forensics Research Workshop (DFRWS), American Academy of Forensic Sciences (AAFS), National Cyber Crime Conference (NCCC), and Techno Security.