Autopsy 3.1.1

A forensics application that can investigate raw disk images, local drives or logical files, providing support for the major file system types

  Add it to your Download Basket!

 Add it to your Watch List!

0/5

Rate it!

What's new in Autopsy 3.1.1:

  • Improvements:
  • New time line feature
  • New Interesting Files module
  • Added support for Python modules
Read full changelog
report
malware
send us
an update
LICENSE TYPE:
GPL 
FILE SIZE:
281 MB
OUR RATING:
4.0/5
DEVELOPED BY:
Brian Carrier
USER RATING:
3.7/5 4
CATEGORY:
C: \ Others \ Miscellaneous
12 Autopsy Screenshots:
Autopsy - In the main window of Autopsy users can search for specific cases, as well as add images to themAutopsy - The File menu allows users to add new cases or open existing ones and view their propertiesAutopsy - The Tools menu provides users with the possibility of generating reports and of searching for files based on attributesAutopsyAutopsyAutopsyAutopsyAutopsyAutopsyAutopsyAutopsyAutopsy
Autopsy is a diagnose and forensic tool capable of analyzing raw or E01 disk images, local drives and directories in order to determine possible causes of an event.
The application supports NTFS, FAT, HFS, Ext2, Ext3 and UFS file system types, enabling you to investigate the input (IMG, DD, 001, AA, RAW and E01 files, local disks or logical files) and generate complete reports in HTML, XLS, TXT format or a TSK body file used for creating an event timeline.

Thanks to the built-in wizards, creating a new 'case' becomes just a matter of pressing a few 'Next' buttons. There are multiple analysis modules that you can choose from: the application can display data on the recent actions, perform hash lookup, extract archives, parse exif images, search for keywords and view unallocated storage space.

One of the main advantages of Autopsy is the implementation of the ingest method, which makes the analysis results available to the user as they are obtained, without waiting for the whole procedure to be completed first.

Hash lookup operations are intended to detect malware files and other issues that require your attention. Autopsy processes multiple formats during this procedure, in an attempt to determine the NSRL database format, find the EnCase hashset file, test the compliance with the HashKeeper standard and verify the integrity of the file.
Relying on Apache SOLR, the keyword search module allows you to define relevant strings and provides support for regular expressions.

The application can also be used for extracting URLs, bookmarks and downloaded files from browsers, viewing installed applications, analyzing the registry or extracting e-mail addresses and IDs of the connected devices.

Autopsy can process disk images or directories to help you generate an event timeline. It assists you in putting the pieces together and determining what might have caused an incident to happen in the first place.

Autopsy was reviewed by , last updated on November 11th, 2014

Runs on: Windows All

feature list

#registry analysis #investigate PC #extract unicode string #investigate #investigation #analysis #analyze

Add your review!

SUBMIT