Autopsy User Documentation  4.5.0
Graphical digital forensics platform for The Sleuth Kit and other tools.
Embedded File Extraction Module

What Does It Do

The Embedded File Extractor module opens ZIP, RAR, other archive formats, Doc, Docx, PPT, PPTX, XLS, and XLSX and sends the derived files from those files back through the ingest pipeline for analysis.

This module expands archive files to enable Autopsy to analyze all files on the system. It enables keyword search and hash lookup to analyze files inside of archives

NOTE: Certain media content embedded inside Doc, Docx, PPT, PPTX, XLS, and XLSX might not be extracted.

Configuration

There is no configuration required.

Using the Module

Select the checkbox in the Ingest Modules settings screen to enable the Archive Extractor.

Ingest Settings

There are no runtime ingest settings required.

Seeing Results

Each file extracted shows up in the data source tree view as a child of the archive containing it,

zipped_children_1.PNG



and as an archive under "Views", "File Types", "Archives".

zipped_children_2.PNG

Copyright © 2012-2016 Basis Technology. Generated on Thu Dec 14 2017
This work is licensed under a Creative Commons Attribution-Share Alike 3.0 United States License.