75% found this document useful (4 votes)
1K views3 pages

Digital Forensic Analysis Lab Exercise

This lab exercise aims to provide hands-on experience in digital forensic analysis using common tools. Students will investigate a digital crime scenario from the 2012 National Gallery DC Attack using Autopsy Forensic Browser on a virtual machine. The steps include setting up the virtual environment, installing Autopsy, importing the scenario case files, analyzing evidence such as files, logs and artifacts, documenting findings of interest, and submitting a report. Students will learn the forensic investigation process while preserving evidence integrity.

Uploaded by

alshdadyfhmy398
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
75% found this document useful (4 votes)
1K views3 pages

Digital Forensic Analysis Lab Exercise

This lab exercise aims to provide hands-on experience in digital forensic analysis using common tools. Students will investigate a digital crime scenario from the 2012 National Gallery DC Attack using Autopsy Forensic Browser on a virtual machine. The steps include setting up the virtual environment, installing Autopsy, importing the scenario case files, analyzing evidence such as files, logs and artifacts, documenting findings of interest, and submitting a report. Students will learn the forensic investigation process while preserving evidence integrity.

Uploaded by

alshdadyfhmy398
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 3

Digital Forensic Analysis Lab Exercise

Objective: This lab is designed to provide hands-on experience with digital forensic analysis
tools, focusing on investigating digital crimes through a real-world scenario. Participants
will learn to utilize standard tools and understand the basics of the digital forensic
investigative process.
Tools Required:
1. VMware or equivalent virtualization platform
2. Autopsy Forensic Browser
3. A digital corpora scenario (2012 National Gallery DC Attack)
4. Notepad++ or another advanced text editor
Instructions:
Step 1: Setting Up the Environment
 Start by setting up a Virtual Machine (VM) using VMware or a similar virtualization
tool. This VM will act as your isolated environment for the forensic investigation.
 Install a Windows Operating System on the VM, as it is a prerequisite for the Autopsy
software.
Step 2: Autopsy Installation
 Download Autopsy from the official website here.
 Follow the installation guide to install Autopsy on your VM. Ensure all the required
plugins and modules are correctly set up.
Step 3: Scenario Setup
 Access the DigitalCorpora.org website and navigate to the “Scenarios” section.
Download the “2012 National Gallery DC Attack” data.
 Tracy’s phone on 2012-07-15 (other extraction tools) [EO1] [tar]
 Review the scenario’s background information to understand the context of the
digital crime you will investigate.
Step 4: Starting the Investigation
 Open Autopsy and start a new case. Name it appropriately, then add a new data
source: select the system image you downloaded from DigitalCorpora.
 1- Opean new case :

2- select the path to save your case :

3- New case information:


4- Select data source type:

 Configure the ingestion modules based on what aspects of the data you intend to
analyze (e.g., file type identification, keyword search, etc.).
Step 5: Analyzing the Evidence
 Utilize Autopsy’s tools to analyze the file system, recover deleted files, inspect the
registry settings (for a PC scenario), and any web artifacts. Look for anything out of
the ordinary or indicative of malicious activity.
 Document findings of interest. This can include text files, images, logs, or other
artifacts that might shed light on the incident.
Step 6: Log Analysis
 Use Notepad++ or your chosen text editor for an in-depth analysis of log files that
you’ve identified as relevant. Look for IP addresses, URLs, timestamp inconsistencies,
or suspicious entries.
Caution: Remember, don’t alter the original evidence. Always work on copies or images of
the data, as preserving the integrity of the evidence is paramount in digital forensics.
Lab Completion: Upon finishing the investigation and compiling the report, participants
should submit their findings to the instructor for review and feedback.

I wish you success


Eng.hassan alsufyani

You might also like