mstoeck3/autopsy-flatpak
1
0
Fork 0
mirror of https://github.com/overcuriousity/autopsy-flatpak.git synced 2025-07-08 06:09:32 +00:00
Code Issues Packages Projects Releases Wiki Activity
autopsy-flatpak/docs/doxygen-user/case_management.dox
Karl Mortensen fb63a121ef Add ingest history
2016-06-29 12:48:04 -04:00

48 lines
2.3 KiB
Plaintext
Executable File
Raw Blame History

/*! \page cases_page Cases
You need to create a case before you can analyze data in Autopsy. A case can contain one or more data sources (disk images, disk devices, logical files). The data sources can be from multiple drives in a single computer or from multiple computers. It's up to you.
Each case has its own directory that is named based on the case name. The directory will contain configuration files, a database, reports, and other files that modules generates. The main Autopsy case configuration file has an ".aut" extension.
\section case_create Creating a Case
\image html splashscreen.PNG
There are several ways to create a new case:
- The opening splash screen has a button to create a new case.
- The "Case", "Create New Case" menu item
The New Case wizard dialog will open and you will need to enter the case name and base directory. A directory for the case will be created inside of the "base directory". If the directory already exists, you will need to either delete the existing directory or choose a different combination of names.
\image html case-newcase.PNG
NOTE: You will only have the option of making a multi-user case if you have configured Autopsy with multi-user settings. See \ref install_multiuser_page for installation instructions and \ref creating_multi_user_cases for details on creating multi-user cases.
You will also be prompted for optional information, such as investigator name and case number.
After you create the case, you will be prompted to add a data source, as described in \ref ds_add.
\section case_open Opening a Case
To open a case, either:
- Choose "Open Existing Case" or "Open Recent Case" from the opening splash screen.
- Choose the "Case", "Open Case" menu item or "Case", "Open Recent Case"
Navigate to the case directory and select the ".aut" file.
\section case_properties Viewing Case Properties
You can view the case properties by going to the "Case" menu and clicking "Case Properties". This will open a screen similar to one of the two following screenshots:
<br><br>
\image html single-user-case-properties.PNG
<br><br>
\image html multi-user-case-properties.PNG
<br><br>
You can use the "Ingest History" tab to view which data sources had which modules run upon them, and when, as shown in the screenshot below.
<br><br>
\image html case-properties-history-tab.PNG
<br><br>
*/
Reference in New Issue View Git Blame Copy Permalink