Autopsy User Documentation  4.19.0
Graphical digital forensics platform for The Sleuth Kit and other tools.
Communications Visualization Tool

Table of Contents

Overview

The Communications Visualization Tool gives a consolidated view of all communication events for the case. This allows an analyst to quickly view communications data such as:

Usage

The Communications Visualization Tool is loaded through the Tools->Communications menu item.

cvt_main.png

From the left hand column, you can choose which devices to display, which types of data to display, and optionally select a time range. You can also choose to limit the display to only the most recent communications. After any changes to the filters, use the Apply button to update the tables. You can hide this column by clicking the left arrow at the top of the column.

The middle column displays each account, its device and type, and the number of associated messages (emails, call logs, etc.). By default it will be sorted in descending order of frequency. The middle column and the right hand column both have a UI Quick Search feature which can be used to quickly find a visible item in their section's table.

Selecting an account in the middle column will bring up the data for that account in the right hand column. There are four tabs that show information about the selected account.

Visualization

The Visualize tab in the middle panel will show a graph of one or more accounts selected in the Browse tab.

To start, right click the first account you want to view.

cvt_select_account.png

There are two options, which are equivalent when no accounts have previously been selected:

After selecting either option, the middle tab will switch to the Visualize view and the graph will be displayed.

cvt_visualize.png

The options at the top allow you to clear the graph and resize the graph. The nodes in the graph can be dragged around and nodes and edges can be selected to display their messages or relationships in the right side tab. For example, in the image below only one node has been selected so the Messages viewer is displaying only messages involving that email address.

cvt_links.png

If you click the "Snapshot Report" button, you can generate a report similar to the HTML report module. Select a name for your report, which will be saved to the "Reports" folder in the current case. The Snapshot Report will contain two pages. The first will have a summary of the case, and second will contain the current graph along with your filter settings.

cvt_snapshot.png

Copyright © 2012-2021 Basis Technology. Generated on Fri Aug 6 2021
This work is licensed under a Creative Commons Attribution-Share Alike 3.0 United States License.