Overview

Introduction

The Linux and Macintosh File Systems module provides you with the instructions and devices to develop your hands on skills in the following topics:

  • Using Sleuth Kit and Autopsy
  • Hands-On Project 7-1
  • Hands-On Project 7-2
  • Hands-On Project 7-3

Exercise 1 - Using Sleuth Kit and Autopsy

Sleuth Kit and Autopsy can be installed on 32-bit or 64-bit Windows versions, and version 2 can be installed in Linux or Mac OS X. You can find current and past versions of Sleuth Kit and Autopsy Forensic Browser at www.sleuthkit.org.

Older versions of Sleuth Kit and Autopsy are available at Web sites listed on Sleuth Kit’s main page. The RPM Package Manager utility makes installing these tools in Red Hat and Fedora Linux much easier. Several other Linux distributions have tools for installing RPM packages. Check their documentation to see how they handle RPM packages.

In Linux, Sleuth Kit must be installed before Autopsy Forensic Browser, or Autopsy isn’t installed correctly. In Windows, however, the order of installation isn’t critical. In addition, when you’re running Autopsy Forensic Browser in Mac or Linux, you must preface all commands with sudo.

In this exercise, Sleuth Kit and Autopsy have been pre-installed on PLABKSRV01 device.

Comprehensive Learning

See the full benefits of our immersive learning experience with interactive courses and guided career paths.