Information Technology Reference
In-Depth Information
Analyzing an Android in Autopsy
In this example, we will be using a physical image of the Samsung Galaxy SIII. This
device was physically extracted using Cellebrite UFED Touch. The following steps should
be performed to correctly mount an Android image and to start your examination:
1. Download and install the current version of Autopsy from www.thesleuthkit.org .
2. Launch Autopsy and select the option to create a new case as shown in the follow-
ing screenshot:
The Autopsy tool screen
3. Fill out the case information and click on Finish .
4. Select Image File and navigate to the physical image of the Android device as
shown in the following screenshot. If more than one image file is provided for the
Android, simply select the first one.
Autopsy image loading
5. Select the ingest modules you wish to run against the Android device. The module
selections are shown in the following screenshot. Note that Law Enforcement mod-
ules are not listed and are provided only to those working in Law Enforcement and
the Federal Government. The following screenshot shows the ingest modules:
Search WWH ::




Custom Search