help for first time user

Autopsy Help
1

Hi there - i am using autopsy to help diagnose any effects of a malware Powershell script that I ran on my computer.

I would love to get any assistance that other more experienced users are willing to provide.

For context, right after I ran the bad script, I realized what I had done and turned off my computer. Since then I have not booted back into my normal Windows environment.

I downloaded a copy of Autopsy onto a Hirens bootable USB, and from there I installed it on my C drive on the infected computer. I started the process of analyzing my entire Physical Drive, which took a couple of days. That sure took a longer time than I was expecting (the drive is 1TB), but maybe that is normal.

That is now 100% complete, but I am seeing that Autopsy has now been working for several hours to do three other things:

  1. “iOS Analyzer (iLEAPP) for PhysicalDrive0”

  2. “Analyzing analysis results from PhysicalDrive0”

  3. “Analyzing data artifacts from PhysicalDrive0”

Unfortunately, none of these processes show any kind of progress bar, so I have no idea if they are near completion, stuck, etc.

Is it normal that these would take a long time, and is there anything else from what I have described so far that is incorrect or unusual?

Thanks in advance for any help.

2

Try running it in a.sandbox malware analysis tool.

That would give quicker answers!

3

iLEAPP stands for “iOS Logs, Events, And Plists Parser.” It’s for analyzing an image of an Apple product. If you run ingest again to analyze your Windows computer, you can uncheck it.

1TB is a LOT of info to parse through and will take a bit of time. Since it’s been 9 days, do you have an update? I think you’re taking a novel approach and, successful or not, everyone here would benefit from a write up when you are done.

There is a progress bar. Click on Help then Get Ingest Progress Snapshot. It even has a reload button so you can track progress.

If it is hanging, click on Help then Thread Dump. If Notepad doesn’t automatically open, click on Help then Open Log Folder and it’ll be in there. Here is some documentation on troubleshooting.