Autopsy User Documentation  4.1
Graphical digital forensics platform for The Sleuth Kit and other tools.
Shared Drive Authentication



If your shared drive is a Windows-hosted shared drive, you will likely need to provide authentication for each machine that connects to the shared drive. This guide only covers Windows-hosted shared drives.

To authenticate with Windows and allow access to a shared drive, you will need:

Using Windows Explorer, in the address bar enter two slashes "\\" followed by the storage machine's IP address and press Enter. An example is shown below with the text "\\10.10.152.211" entered.

urlInAddressbar.PNG



You will see a dialog similar to the following, asking for your credentials.



credentialsWithDomain.PNG



If you have a domain name, add it in the top box before the "\". Follow the slash with your username. If you have no domain name, just use your username with no slashes. Add your password in the next box down and place a check mark in "Remember my credentials", then click "OK".

Next, we will do the same steps over again, using the hostname of the machine. This is necessary to authenticate with both IP address access and hostname access. If you do not know the hostname, you may find it by pinging the IP address with the "-a" flag set. It will look something like the screenshot below, where we find the hostname associated with the IP address 10.10.142.56   is   win-kmort-4863.basistech.net.



getHostname.PNG



In Windows Explorer, use this hostname preceded by two slashes, "\\", in the address bar as shown below and press enter.



hostname.PNG



You will see a screen similar to the screenshot below. Do the same steps with domain, username, and password as you did above.



toConnect.PNG



Do these steps for each machine that will be accessing the shared drive.






Note that if you are familiar with the Windows Credential Manager, you may use this tool to manage credentials. These credentials can also be managed from the command line using the "net use" command. To get to Credential Manager click on to Start, and typing "Credential Manager" and pressing enter. A screenshot of the Windows Credential Manager with some domain names intentionally blanked out is shown below.



credentialManager.PNG



Also note that authentication and access can be an issue when passwords change. When passwords change, for every computer using a credential that is no longer valid, you will need to redo the above steps. One indicator this is a problem is seeing the text: "The system detected a possible attempt to compromise security. Please ensure that you can contact the server that authenticated you."   Do not forget to re-authenticate with both the IP address and the hostname.



Copyright © 2012-2016 Basis Technology. Generated on Tue Oct 25 2016
This work is licensed under a Creative Commons Attribution-Share Alike 3.0 United States License.