Digital Forensics: Autopsy’s Magic in Recovering Deleted Data (2024)

Forensic science, also known as criminalistics, refers to the scientific principles and methods to support legal decision-making in criminal and civil matters. Forensic scientists collect, preserve, and analyze evidence during the course of an investigation. Some of the famous branches of forensics are:

1. Forensic Anthropology
2. Forensic Psychology
3. Forensic Toxicology
4. Digital Forensics
5. Forensics Ballistics
6. Forensic Pathology

Digital Forensics

It is the application of scientific and investigative methods to collect, analyze, preserve, and present electronic evidence in a court of law. It aims to maintain the integrity of digital evidence, identify perpetrators, and support legal proceedings by following a systematic and rigorous approach to data acquisition, analysis, and reporting. Some of the famous tools are autopsy, Wireshark, Volatility, The sleuth Kit, Digital Forensics Framework etc.

Objectives of Digital forensics are:

1. Identify, gather, and preserve the evidence of a cybercrime.
2. Gather evidence of cybercrimes in a forensically sound manner.
3. Estimate the potential impact of malicious activity on the victim and access the intent of the perpetrator.
4. Minimize the losses to the organization.
5. Protect the organization from similar incidents in the future.
6. Support the prosecution of an incident.

Sub- Branches of Digital forensics are:

1. Computer Forensics
2. Network Forensics
3. Malware Forensics
4. Mobile Forensics
5. Cloud Forensics
6. Email Forensics

Before using the tool Autopsy let’s see some amazing features of it.

1. Autopsy is designed with a user-friendly interface that makes it accessible to both new and experienced digital forensics professionals.
2. Autopsy supports the use of plugins, allowing users to extend its functionality based on specific investigative needs.
3. The tool includes a powerful keyword search functionality that allows investigators to search for specific terms or phrases within the digital evidence. Autopsy can also create an index of keywords to speed up the search process.
4. Autopsy facilitates the analysis of files on digital storage media. It can identify and carve out specific file types, even if they have been deleted or damaged, helping investigators recover important evidence.
5. Autopsy supports timeline analysis, providing a chronological view of events and activities on the system. This feature helps investigators reconstruct the sequence of actions taken by a user or an attacker.
6. Autopsy supports hashing of files and directories, enabling investigators to verify the integrity of digital evidence. Hash values can be used to confirm that evidence has not been tampered with during the investigation process.

Here, we start our journey with the autopsy tool to recover deleted files from your pen drive. Follow along with me to grasp the process and see the tool’s potential. I encourage you to explore its various features, from report generation to timeline analysis and disk imaging, ensuring that you will gain a better understanding for future. So, let’s start together!

Step 1: - Start Autopsy and select “New Case”.

Step 2: - Enter the “Case Name” and your directory. {Autopsy provides multi-user functionality, so select that if required.}

Step 3: - Enter Case Number and Examiner’s details, then click on Finish.

Step 4: - Specify the host name or else keep this setting as default.

Step 5: - Choose the required data source type, in this case Local Disk for recovering the deleted files from pen drive.

Step 6: - Select the correct drive and timezone and click on Next.

Step 7: - Select the modules you want to scan and click on Next. By default, it will select all the supported modules.

Step 8: - Now the Data source is already added, and file analysis has been started.

Step 9: - Once its done, you will be able to see all the files, both present and deleted, and here is the preview you will get. It would be great if you try this yourself and explore all the options. You can even save the files on our laptop or computer using extract functionality.

Hope you’ve gained a basic understanding of digital forensics and Autopsy! See you next Thursday — until then, enjoy exploring this tool.