Question regarding Forensic Investigation - Autopsy Program
by mb1994 from LinuxQuestions.org on (#5EDTH)
Good afternoon,
I am currently working on an assignment where we need to analyze a USB stick using Autopsy and FTK imager. There are two documents (blade-runner.jpg and XCWP.pdf) that start at the same sector:
Blade-Runner.jpg (total size of 234467) begins at sector 40226 and ends at sector 40683.
XCWP.pdf (total size of 347263) begins at sector 40226 and ends at sector 40223.
I was able to successfully extract the Blade-Runner.jpg file as the file signature was actually a .zip folder but am now having a great deal of difficulty trying to recover the XCWP.pdf document. Does anyone have any ideas of how I might be able to recover this document using Autopsy?
Thanks
I am currently working on an assignment where we need to analyze a USB stick using Autopsy and FTK imager. There are two documents (blade-runner.jpg and XCWP.pdf) that start at the same sector:
Blade-Runner.jpg (total size of 234467) begins at sector 40226 and ends at sector 40683.
XCWP.pdf (total size of 347263) begins at sector 40226 and ends at sector 40223.
I was able to successfully extract the Blade-Runner.jpg file as the file signature was actually a .zip folder but am now having a great deal of difficulty trying to recover the XCWP.pdf document. Does anyone have any ideas of how I might be able to recover this document using Autopsy?
Thanks