memorycomputer-forensics

Is it possible to examine a file . ad1 with autopsy?


I have to examine a file ".ad1" . Usually I use autopsy [I’m on windows] for memory analysis but with files ".ad1" I can't do it, can you help me to use it on autopsy or do I have to use another tool? Every time I upload the file to the software it shows me that it is completely empty and autopsy finds nothing.

Every time I upload the file to the software it shows me that it is completely empty and autopsy finds nothing. The tool shows me only the hex dump


Solution

  • Yes! You can. Use this Plugin

    Reference: https://tmairi.github.io/posts/dissecting-the-ad1-file-format/