Soft82.com » Windows » Home & Education » Science » Autopsy 3.0.0b1 / 2.27

Autopsy Description

Investigate your computer with the help of this tool

The Autopsy Forensic Browser is a graphical interface to the command line digital investigation analysis tools in The Sleuth Kit. Together, they can analyze Windows and UNIX disks and file systems (NTFS, FAT, UFS1/2, Ext2/3).

The Sleuth Kit and Autopsy are both Open Source and run on UNIX platforms (you can use Cygwin to run them both on Windows). As Autopsy is HTML-based, you can connect to the Autopsy server from any platform using an HTML browser. Autopsy provides a "File Manager"-like interface and shows details about deleted data and file system structures.

Analysis Modes

* A dead analysis occurs when a dedicated analysis system is used to examine the data from a suspect system. In this case, Autopsy and The Sleuth Kit are run in a trusted environment, typically in a lab. Autopsy and TSK support raw, Expert Witness, and AFF file formats.
* A live analysis occurs when the suspect system is being analyzed while it is running. In this case, Autopsy and The Sleuth Kit are run from a CD in an untrusted environment. This is frequently used during incident response while the incident is being confirmed. After it is confirmed, the system can be acquired and a dead analysis performed.

Evidence Search Techniques

* File Listing: Analyze the files and directories, including the names of deleted files and files with Unicode-based names.
* File Content: The contents of files can be viewed in raw, hex, or the ASCII strings can be extracted. When data is interpreted, Autopsy sanitizes it to prevent damage to the local analysis system. Autopsy does not use any client-side scripting languages.
* Hash Databases: Lookup unknown files in a hash database to quickly identify it as good or bad. Autopsy uses the NIST National Software Reference Library (NSRL) and user created databases of known good and known bad files.
* File Type Sorting: Sort the files based on their internal signatures to identify files of a known type. Autopsy can also extract only graphic images (including thumbnails). The extension of the file will also be compared to the file type to identify files that may have had their extension changed to hide them.
* Timeline of File Activity: In some cases, having a timeline of file activity can help identify areas of a file system that may contain evidence. Autopsy can create timelines that contain entries for the Modified, Access, and Change (MAC) times of both allocated and unallocated files.
* Keyword Search: Keyword searches of the file system image can be performed using ASCII strings and grep regular expressions. Searches can be performed on either the full file system image or just the unallocated space. An index file can be created for faster searches. Strings that are frequently searched for can be easily configured into Autopsy for automated searching.
* Meta Data Analysis: Meta Data structures contain the details about files and directories. Autopsy allows you to view the details of any meta data structure in the file system. This is useful for recovering deleted content. Autopsy will search the directories to identify the full path of the file that has allocated the structure.
* Data Unit Analysis: Data Units are where the file content is stored. Autopsy allows you to view the contents of any data unit in a variety of formats including ASCII, hexdump, and strings. The file type is also given and Autopsy will search the meta data structures to identify which has allocated the data unit.
* Image Details: File system details can be viewed, including on-disk layout and times of activity. This mode provides information that is useful during data recovery.

Autopsy Download Button For Your Site

If you want to place a Download Button for Autopsy on your website just insert the following code:

If you want a Link to this page you can use one of the logos bellow:

Autopsy User Reviews

New Science Software

Atmel Studio May 25, 2012 The integrated development environment (IDE) for developing and debugging Atmel ARM				Micro-Cap May 24, 2012 An integrated schematic editor and mixed analog/digital simulator that provides an interactive
Machining Simulation May 24, 2012 Simulates CNC machines and system panel on computer				CIF2Cell May 24, 2012 A tool to generate the geometrical setup for various electronic structure codes
Breaktru Percent May 24, 2012 Calculate the percentage, tip and discount calculator				Multiwfn May 24, 2012 A Multifunctional Wavefunction Analyzer
ProCalc Portable May 24, 2012 ProCalc serves as a replacement for the standard Windows calculator				ProCalc May 24, 2012 ProCalc serves as a replacement for the standard Windows calculator
AVR delay loop generator May 24, 2012 A delay loops calculator				StatMat May 22, 2012 A mature PC based statistical analysis software package designed primarily for engineering
Poser Pro May 21, 2012 Add pre-rigged and fully textured 3D characters to your projects				B2 Spice A/D May 21, 2012 Create electrical circuit designs and perform simulations
Stellarium May 21, 2012 Stellarium is planetarium software that shows exactly what you see when you look up at the stars				AIM-Spice Student May 21, 2012 A general purpose analog simulator which contains models for most circuit elements
sRNA Workbench May 21, 2012 A new simple to use, downloadable sRNA software				GlycoWorkbench May 21, 2012 Semi-Automatic Interpretation and Annotation of Mass Spectra of Glycans
CReST May 21, 2012 CReST: The Cloud Research Simulation Toolkit				VBTheory Calculator May 21, 2012 Math calculations made easy
TDSL Personal Edition May 18, 2012 Provides information right on your PC for a large number of vacuum tubes				Bowtie May 17, 2012 An ultrafast, memory-efficient short read aligner for short DNA sequences

Last 7 Days Most Downloaded Science Products

Google Earth 201 downloads Google Earth allows you to point and zoom to anyplace on the planet that you want to explore				Stellarium 126 downloads Stellarium is planetarium software that shows exactly what you see when you look up at the stars
Stratego 119 downloads Stratego logic game.				VirtualBreadboard 113 downloads A simulation and development environment for embedded applications that use microcontrollers
Logger Pro 107 downloads Make data collection as simple as measure, analyze, and learn				PCB Wizard Standard Editions 90 downloads A powerful package for designing single-sided and double-sided printed circuit boards
Mobile Atlas Creator (formerly TrekBuddy Atlas Creator) 50 downloads TrekBuddy Atlas Creator is an program which creates offline atlases for the cell phones				GeoGebra 45 downloads Free mathematics software for learning and teaching
NASA World Wind 29 downloads Zoom from satellite altitude into any place on Earth				Lucid Electronics Workbench 19 downloads A useful utility for calculating resistor, regulator and power values

All Time Most Downloaded Science Products

Google Earth 234,677 downloads Google Earth allows you to point and zoom to anyplace on the planet that you want to explore				Stellarium 40,142 downloads Stellarium is planetarium software that shows exactly what you see when you look up at the stars
Stratego 59,734 downloads Stratego logic game.				VirtualBreadboard 6,338 downloads A simulation and development environment for embedded applications that use microcontrollers
Logger Pro 15,064 downloads Make data collection as simple as measure, analyze, and learn				PCB Wizard Standard Editions 4,045 downloads A powerful package for designing single-sided and double-sided printed circuit boards
Mobile Atlas Creator (formerly TrekBuddy Atlas Creator) 17,273 downloads TrekBuddy Atlas Creator is an program which creates offline atlases for the cell phones				GeoGebra 6,033 downloads Free mathematics software for learning and teaching
NASA World Wind 11,171 downloads Zoom from satellite altitude into any place on Earth				Lucid Electronics Workbench 6,133 downloads A useful utility for calculating resistor, regulator and power values