Hopefully this is the right place and also this might end up being helpful. I’ve been documenting how I’m setting up Autopsy to use and then blogging CTF writeups using Autopsy, but wanted to share this page to see if anyone had any comments or recommendations or things that are obvious that I should add? Any feedback would be appreciated, its aimed at helping new people get using Autopsy.
You can leave comments here or you can comment on the page itself via github issues. The website is also my build and design and I’d like to think im spending more time on content
Seems like it would / will be very helpful for new users in getting started. I especially find the tip on turning on WAL journaling very helpful. That one is new to me. Thanks.
You mention the drive speed being the biggest bottle neck. I find that very true. I usually read from one drive and write to another. I.e. I have my case directory on an SSD and the source image / logical files on a separate disk. This seems to speed up the process quite a bit. Even when working with (slower) spinning disks.
Hello @fancy_flare, you mentioned in your post that @Mark_McKinnon shared with you a tip on turning on Wal journaling in the autopsy.db. If possible, are you able to direct me to that post (if it is available). I’d be interested.
Also, this is the first time I’ve ever seen this tip anywhere. IMHO, I think it should be built in as an option when performing in single case mode. (There may be / probably is a reason it is not.)
