hello may I know how to identify bookmarks?

that's a widget rainmeter

it is probably conky

Thanks a lot Ahsan. I think I can make a video about how to get started in forensics. Let me know if you need anything else.

Yeah - any newer videos should be up to 1080p. Let me know if you have any trouble.

Hello. Check out dfir.training - he has a great list of resources: www.dfir.training/index.php/lists/test-images-and-challenges If you want something very basic with a guide I highly recommend Linux LEO: www.linuxleo.com/

Sorry about that. Here they are: Autopsy: sleuthkit.org/autopsy/download.php Digital Corpora (test images): digitalcorpora.org/ NIST NSRL (known hash set): www.nsrl.nist.gov/ Please let me know if I missed anything.

@@DFIRScience Do you have a guide on best practice for making a computer into an iso without tampering with the information?

If the phone was assigned a drive letter (like E:), it should show up when you try to add source type "Local Disk", then select the drive letter. In older phones you can set your phone to be a "USB Mass Storage Device." Newer phones use MTP. MTP will likely cause problems with Autopsy reading directly. If you are trying to 'do forensics' on the device, connecting directly is not recommended. Even with a write blocker, the device may still make changes to the data. It is better to make an image of the mobile device, and analyze the image with Autopsy.

Okay, which program should I use to make an image of the device? I'm completely brand new at this.

Neri Matrixx Meta data. There's a neat little tool that can dig into md5 hash and exif data as well as xmp. If you are actually looking into chil abuse look for contact sheets they are databases with md5 hashes of known files.

Bramantyo Adi first check that your offset is correct. Use mmls to list partition information and get the starting offset and verify the file system type. If the offset is correct, try adding -f and the fstype. For some reason sleutkit cannot auto detect the installed fs.

After processing a source file, Autopsy will show a directory tree view on the left-hand side. At the bottom of that view, you should see "Tags." Expand that, and if you have created bookmarks, you will see "Bookmarks." You must tag or bookmark at least one item before the category shows up in the menu.

@@DFIRScience its okay now. I have downloaded the wrong version of the tool. That's why it wont show up. Thank you anyway ❤️

If you're trying to add local disks (like C:) then you will have to start Autopsy with administrator privileges. If you are opening disk images you can open it as a normal user.

Thanks for the feedback!

@@DFIRScience you are in my digital forensics class as recommended watching.

@@rosiemaldonado8309 cool! Let me know if you have any questions. 😸

(I mean I still subscribed it just made me giggle.)

Various disk images can be found at the Digital Corpora: digitalcorpora.org/

Sure is. Most labs I've worked in have no naming standards. It's one of the easiest ways to organize across the team, but often overlooked.