Answer was 250mb but the database file is 101,376 KB which is 101.376 MB. None of the answers provided is near a rough estimate of how big the the database file is.
On my system, it shows as 225 MB (235,929,600 bytes), so close enough. Input image file is 3.36 GB (3,613,676,437 bytes). Did you get the right file?
I believe so. The question, if I remember correctly, was asking how big the autopsy.db file was. Maybe I was looking at the wrong file.
Yes, it was my autopsy.db file that reported as 225MB.
To get a db file of 101MB, I’m thinking there may be two possible reasons: 1) you used a different input image file (smaller, or with fewer files) resulting in fewer lines in the db, or 2) your settings for adding the file were different than instructed, so less data populated the database.
Weird. I went to Google Drive to download device1_laptop.e01 but instead got device1_laptop-002.e01.
I think that’s where the problem is. I may have used the wrong file and it seems to only affect that one question. All else was correct.
Mine was 230.400 KB. Please check that you are looking at the hosting machine of Autopsy
I redid the lab and when I got to question #5 again, my autopsy.db size is still 101,376kb
I double checked each step one by one and this is still the case lol
Hi All,
Can anyone tell me how you find the anser to “Roughly how big is the case database (in megabytes)?” .I found it by going the the case folder and find the size is 225MB. Is there any way we can find directly from autopsy application. If yese can you please share with me
Thanks
Tahir
That answer is not found in the Autopsy application. It is only found in Windows File Explorer
Hi Rob
Thanks a lot
Appreciate that
Tahir
No problem!
Glad I could help out!
I am using linux os and i’ve configured autopsy in my laptop but people says that you can only check in windows file explorer so will i get satisfaction in linux ?
On Linux you can use the block size in MB as follows:
case1$ ls -l --block-size=M
It sounds like you did some ingest module processing, rather than skipping that step for the demonstration. You should check the log files, under the case folder. If they are more than a couple of kb, that might indicate that ingest module processing was initialized. I know that when I subsequently processed the forensic image, the database swelled to 300mb.
Hate to break it to you but I did skip the ingest module processing part (having everything deselected as instructed).
It seems that if ingest module processing of any sort was done, the autopsy.db file would be larger with more processing being done.
Rob,
I did not intend to disparage you personally and you are not “breaking it to me” in any case. I was just proposing a scenario which would have given the results you are seeing.
My apologies. I didn’t mean to come across sarcastic lol. I know you didn’t do anything personal. I appreciate that you were trying to help.
Hi
The problem is that the file downloaded MUST BE 3.37GB size, check it.
I get a diferent size, a lower file, for download problem, when Autopsy process this (partial) file, get a db size lower that the test indicates.
I had to try 3 times, to get the right file
@RobM762 I’m doing it right now and got 101 MB as well (looking in Win Explore), was going to post same question. I followed the same requirements I believe. I’m using Autopsy 4.12 on Win 7, you?