Run a Forensics Lab in Tines

From the submitter: This story is a POC which tries to copy the functionality of forensic tools like FTK Toolkit and Autopsy. Although not at the same level of complexity the story has the core elements of those tools like, having the ability to create Forensic Cases, parsing disk images created using FTK Imager, viewing internal disk structures (as hex or table where possible), view what files were saved or deleted on disk and also dump files or disk regions for further investigation. For the purpose of this competition and also being limited by the 1MB file size, the story is built to only parse disk images formatted with the FAT filesystem type. The technologies used in this story are Tines (95%) and AWS (5%). The AWS environment is set up to use a Lambda Function, S3 bucket and an API gateway which allows communication between AWS and Tines.

Community author

Todoran Horia

How it works

Import this story to your tenant, from where you can adapt it to meet your unique needs.

Import

Was this story helpful?

Get to know Tines

Meet the product

Features & capabilities

Cases

Workbench

AI in Tines

Build apps

What’s new?

Solutions

By product

Professional services

By team

Tines for

Partners

Federal

MSSPs

Blog

Tines Blog →

Discover & Learn

Case studies

Library

University

Tines Explained ^↗

Customer center

Company

About

Careers

Stay in touch

Contact

Slack Community ^↗

Newsroom