Timeline AssignmentInstructions

  1. Do you have the two Dr. Evil E01 images downloaded to your computer? If not, please do this.
  2. Did you already download and install Autopsy on your workstation? If not, please do this. Also, don’t forget to watch the video on using Autopsy if you are not familiar with it. Note – the tool is very intuitive so you should not have problems with it.
  3. Ingest (load) the two E01 images into Autopsy by selecting File à Add Data Source. If you are not sure what is the data source– then select the Disk Image data source and you can browse to the E01 images. 
  4. Autopsy will then process the images. This should take about 10-20 minutes.

  1. Now click on the Timeline button on top of the Autopsy GUI and then familiarize yourself with the environment before answering these questions for total of 50 points. This timeline functionality is extremely powerful so click everywhere. Check out the different options. Right click a file and see what options are existing. I think you will be able to immediately grasp the possibilities of how you can pivot to a very specific MINUTE. See sample screenshot.

Questions (100 points)

  1. What website was searched on 8-25-2004?
  2. What was search query used on that website on 8-25-2004. Please provide screenshots.
  3. What websites were visited on 8-27-2004?. Please provide screenshots.
  4.  There was email activity on 07-27-1992. What was that email activity? Please provide screenshots.
  5. You want proof that Dr. Evil used Ghostware and you think it was done in August 2004. When exactly was this? Please provide screenshots.
  6. What software / driver is keys.text associated with? Please provide screenshots.
  7. Please send me a snapshot report.