HOME

TheInfoList



Click Here for Items Related To - Autopsy (software)
OR:
Autopsy (software) on:   [Wikipedia]   [Google]   [Amazon]

Autopsy is computer software that makes it simpler to deploy many of the open source programs and plugins used in
The Sleuth Kit The Sleuth Kit (TSK) is a library and collection of Unix- and Windows-based utilities for extracting data from disk drives and other storage so as to facilitate the forensic analysis of computer systems. It forms the foundation for Autopsy, a bet ...
. The graphical user interface displays the results from the forensic search of the underlying volume making it easier for investigators to flag pertinent sections of data. The tool is largely maintained by Basis Technology Corp. with the assistance of programmers from the community. The company sells support services and training for using the product. The tool is designed with these principles in mind: * ''Extensible'' — the user should be able to add new functionality by creating plugins that can analyze all or part of the underlying data source. * ''Centralised'' — the tool must offer a standard and consistent mechanism for accessing all features and modules. * ''Ease of Use'' — the Autopsy Browser must offer the wizards and historical tools to make it easier for users to repeat their steps without excessive reconfiguration. * ''Multiple Users'' — the tool should be usable by one investigator or coordinate the work of a team. The core browser can be extended by adding modules that help scan the files (called "ingesting"), browse the results (called "viewing") or summarize results (called "reporting"). A collection of open-source modules allow customization.


Process

Autopsy analyzes major file systems (NTFS, FAT, ExFAT, HFS+, Ext2/Ext3/Ext4, YAFFS2) by hashing all files, unpacking standard archives (ZIP, JAR etc.), extracting any EXIF values and putting keywords in an index. Some file types like standard email formats or contact files are also parsed and cataloged. Users can search these indexed files for recent activity or create a report in HTML or PDF summarizing important recent activity. If time is short, users may activate triage features that use rules to analyze the most important files first. Autopsy can save a partial image of these files in the VHD format.


Correlation

Investigators working with multiple machines or file systems can build a central repository of data allowing them to flag phone numbers, email addresses, file or other pertinent data that might be found in multiple places. The SQL Lite or PostgreSQL data base stores the information so investigators can find all occurrences of names, domains, phone numbers or USB registry entries.


Language

Version 2 of Autopsy is written in Perl and it runs on all major platforms including Linux, Unix, macOS, and Windows. It relies upon
The Sleuth Kit The Sleuth Kit (TSK) is a library and collection of Unix- and Windows-based utilities for extracting data from disk drives and other storage so as to facilitate the forensic analysis of computer systems. It forms the foundation for Autopsy, a bet ...
to analyze the disk. Version 2 is released under the
GNU GPL The GNU General Public License (GNU GPL or simply GPL) is a series of widely used free software licenses that guarantee end users the four freedoms to run, study, share, and modify the software. The license was the first copyleft for general us ...
2.0. Autopsy 3.0 is written in
Java Java (; id, Jawa, ; jv, ꦗꦮ; su, ) is one of the Greater Sunda Islands in Indonesia. It is bordered by the Indian Ocean to the south and the Java Sea to the north. With a population of 151.6 million people, Java is the world's List ...
using the
NetBeans NetBeans is an integrated development environment (IDE) for Java (programming language), Java. NetBeans allows applications to be developed from a set of modular software components called ''modules''. NetBeans runs on Microsoft Windows, Windows, ...
platform. It was released under the Apache license 2.0. Autopsy 4.0 runs on
Windows Windows is a group of several proprietary graphical operating system families developed and marketed by Microsoft. Each family caters to a certain sector of the computing industry. For example, Windows NT for consumers, Windows Server for serv ...
,
Linux Linux ( or ) is a family of open-source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991, by Linus Torvalds. Linux is typically packaged as a Linux distribution, which ...
, and
macOS macOS (; previously OS X and originally Mac OS X) is a Unix operating system developed and marketed by Apple Inc. since 2001. It is the primary operating system for Apple's Mac computers. Within the market of desktop and lapt ...
. Autopsy depends on a number of libraries with various licenses. It works with SQLite and PostgreSQL databases to store information. The indices for searching keywords are built with
Lucene Apache Lucene is a free and open-source search engine software library, originally written in Java by Doug Cutting. It is supported by the Apache Software Foundation and is released under the Apache Software License. Lucene is widely used as a ...
/ SOLR.


References


External links


Autopsy official website

The Sleuth Kit official website
{{DEFAULTSORT:Autopsy Browser Computer forensics Free security software Unix security-related software Hard disk software Digital forensics software Software using the Apache license