Installation folder, open the file, and look for the $LOCKDIR If you don ’ t recall the evidence locker path, navigate to the Autopsy Autopsy uses the evidence locker tosave results from examinations. If you closed your Web browser with Autopsy, restart it.īefore starting the examination with Sleuth Kit and Autopsy, download the GCFI-LX.00 n (with n representing a number from 1 to 5) image files fromĪnd copy folder to the evidence locker, which is the folder designated as the working area for Autopsy when it was installed.
%PARENTKEY ERROR PRODISCOVER BASIC HOW TO
In this activity, you learn how to use Sleuth Kit and Autopsy Browser to analyze a Linux Ext2 and Ext3 file system. Leave your Web browser open for the next activity.Īctivity 2: Examining a Case with Sleuth Kit and Autopsy Figure 8-14 shows the Autopsy main window.ħ. Select the current URL in the Address text box, right-click the URL, click Paste to insert the Autopsy URL, and then press Enter. Right-click the URL, as indicated in the terminal window, and then click Copy. Figure 8-13 show the results of this command.ĥ. For example, if you installed Autopsy Browser in /usr/local/autopsy-2.08, typeĬd usr/local/autopsy-2.08 and press Enter. Change the default location to the Autopsy Browser directory. If necessary, start your Linux computer and open a terminal window.Ģ. To run Sleuth Kit and Autopsy Browser, you need to have root privileges. The make command in the latest Sleuth Kit and Autopsy tarballs tests, compiles, and installs each tool.
%PARENTKEY ERROR PRODISCOVER BASIC INSTALL
After you have downloaded and extracted the source code and related files, read the README or INSTALL file for instructions explaining how to run the make command to complete the installation. The source code for these two tools is packaged into tarballs, which contain installation scripts you run from a terminal window with root privileges. Installing Sleuth Kit and Autopsy requires downloading and installing the most recent updates of these tools.įor the latest versions of Sleuth Kit and Autopsy Browser, download the most current source code from. To begin using Sleuth Kit and Autopsy, you need to install them on a UNIX system, such as Linux, FreeBSD, or Macintosh OS X. You will find these software under “ Software for Labs ” folder in Moodle.Īctivity 1: Installing Sleuth Kit and Autopsy In this lab, you will use Sleuth Kit and Autopsy. Submission on Moodle is mandatory as an evidence of participation. Marks will be given only to students who attend and participate during 2 hours laboratory class. Total Marks = 10 marks for 10 weeks (DIT and BNet) Submission Due: End of laboratory class, submit the file on Moodle at least 10 minutes before the end of laboratory class.