As for today (May 1st), the item 8 is not in the lab 6, so I was not aware that I needed to tag the file as notable. So I fail on the first question on Section 10, since nothing was tagged previously. In this case, I located the file by myself, But I think the Lab on Section 6 was modified to remove this step of tagging the file.
@carrier can you confirm that?
Hello,
Thank you for your interest in Autopsy Training.
As you can see from the attached screenshot, it t is indeed in the published version of the course, perhaps you inadvertently missed it while walking through the steps?
Thank you
Iāve had the same problem as Ross and others in that after adding the data source and running the ingest, nothing new is added to the interesting files. Iām wondering if the rule set for interesting files needs to be updated and then running the related ingest rule should be done to achieve the desired result.
Same problem
I have marked the file (DS: laptop.e1) as notable, and I can find the files in question on the mediacard.
.
However I donāt see any correlation notice, and the new files is not flagged.
My problem is that every now and then (not consistently) Iām getting a pop-up which explains that there is no commection to CR, so the module cannot run.
I have restarted Autopsy a few times, but it makes no difference.
That sounds very much like something on your endpoint is either blocking the CR database and/or creation, or somehow your CR got corrupted. You may have to completely uninstall Autopsy, including removing the folders under your user profile, and reinstall it again. Or, if you are familiar with where Autopsy stores data, you could try just deleting, and then re-initializing , the CR related data, again.
I got this issue too, I continued on another computer and forgot to do step 8 in Section 6 
This is very accurate, but you must also add the hash set of the Rensik in the restaurant to the hash set> Ransom Case or Create a new Hashset for the hash associated with that file. You only have to do this for that IMG_20191024_155744.jpg file if you donāt actually have the central repository (CR) setup properly.
The reason being is that the correlation engine doesnāt parse data based on hash values. As seen in Quiz question True or False: The correlation engine module extracts and calculates data, such as hash values.
So if the CR is setup the file marked as notable will always get correlated and notify you of a unique hit in the mailbox. If you donāt have the CR working than you had to right click and add that hash signature to the hash list and it will populate a unique hit because its stored locally as a unique variable that can be parsed through ingest modules.
I have tried to reinstalled Autopsy and it doesnāt prompt me to configure the database engine in the installation.
can someone update on the issue ?
