Autopsy | Tryhackme Walkthrough

3 min readApr 30, 2023

What is Autopsy?
“Autopsy is the premier open-source forensics platform which is fast, easy-to-use, and capable of analysing all types of mobile devices and digital media. Its plug-in architecture enables extensibility from community-developed or custom-built modules. Autopsy evolves to meet the needs of hundreds of thousands of professionals in law enforcement, national security, litigation support, and corporate investigation.”

Workflow Overview and Case Analysis:

Ques 1: What is the file extension of the Autopsy files?

Ans: .aut

Data Sources:

Ques 1: What is the disk image name of the “e01” format?

Ans: encase

The User Interface I:

Ques 1: Expand the “Data Sources” option; what is the number of available sources?

Ans: 4

Ques 2: What is the number of the detected “Removed” files?

Ans: 10

Check Recycle bin, which is under the Results, Extracted Contents section.

Ques 3: What is the filename found under the “Interesting Files” section?

Ans: googledrivesync.exe

The User Interface II:

Ques 1: What is the full name of the operating system version?

Ans: windows 7 ultimate service pack 1

Ques 2: What percentage of the drive are documents? Include the % in your answer.

Ans: 40.8%

Ques 3: Generate an HTML report as shown in the task and view the “Case Summary” section.
What is the job number of the “Interesting Files Identifier” module?

Ans: 10