Enterprise-Scale Digital Forensics with Autopsy

Brian Carrier
Basis Technology

Autopsy

Digital Forensics using a single desktop computer doesn’t scale anymore for most labs. There is too much data to analyze. Labs need to be able to put more computers and more eyes on the data. In this talk, we’ll talk about how you can solve these problems using Autopsy’s Enterprise-level features.

We will talk about making multi-user cases to enable collaboration and running auto ingest nodes so that data is analyzed 24/7. We will cover the Central Repository and how it can be used to ensure that investigations are consistent and using the same hash sets. We will also talk about how you can store comments about files and artifacts in the Central Repository so that future investigators can see comments from past cases and learn what a file is used for.

Autopsy provides these features out of the box and for free. Learn how to take advantage of them.

Brian Carrier

Brian leads the digital forensics team at Basis Technology, which builds software for incident response, digital forensics, and custom mission needs. He is the author of the book File System Forensic Analysis and developer of several open source digital forensics analysis tools, including The Sleuth Kit and Autopsy. Brian has a Ph.D. in computer science from Purdue University and worked previously for @stake as a research scientist and the technical lead for their digital forensics lab and incident response team. Brian is the chairperson for the Open Source Digital Forensics Conference (OSDFCon) and involved with many conferences, workshops and technical working groups, including the Annual DFRWS Conference and the Digital Investigation Journal.