Autopsy (software)
This article contains promotional content. (September 2023) |
Autopsy is a computer program that performs forensic searches of computer storage volumes. It is maintained by Basis Technology Corp. and community programmers. Basis Technology Corp. sells support services and training for the program.[1]
Features
[edit]Cataloguing
[edit]Autopsy hashes the files in the volume it is analyzing. It unpacks compressed archives including ZIP and JAR. It extracts image metadata stored as EXIF values. It stores keywords in an index. It parses and catalogues some email and contact file formats. It flags phone numbers, email addresses, and files. Its SQLite or PostgreSQL database stores occurrences of names, domains, phone numbers, and Windows registry files indicating past connections to USB devices. Multiple file systems can be catalogued in the same repository.
Search
[edit]Autopsy can perform rule-based searches of indexed files, including searches for recent activity. It can generate reports in HTML or PDF format containing the results of searches. A partial image of files returned by a search can be saved in VHD format.
File recovery
[edit]Autopsy can be used to recover data that has been infected by WannaCry ransomware.[2]
Tools
[edit]Autopsy includes a graphical user interface to display its results, wizards and historical tools to repeat configuration steps, and plug-in support. Both open-source and closed-source Modules exist for the core browser, including functionality related to scanning files, browsing results, and summarizing findings.
File systems
[edit]Supported file systems include:
Dependencies
[edit]Autopsy runs open source programs and plugins included in The Sleuth Kit.[3] It depends on a number of libraries with various licenses.[4] It uses SQLite and PostgreSQL databases to store information. Its keyword search indices are built with Lucene and SOLR.
Version history
[edit]Version | Language | Operating systems | License |
---|---|---|---|
2.0 | Perl | Linux, Unix, MacOS, Windows | GNU GPL 2.0[4] |
3.0 | Java | Apache license 2.0[4] | |
4.0 | Windows, Linux, MacOS |
References
[edit]- ^ "Digital Forensics". Basis Technology Corp. 23 December 2013.
- ^ S. C. Nayak, V. Tiwari and B. K. Samanthula, "Review of Ransomware Attacks and a Data Recovery Framework using Autopsy Digital Forensics Platform," 2023 IEEE 13th Annual Computing and Communication Workshop and Conference (CCWC), Las Vegas, NV, USA, 2023, pp. 0605–0611, doi: 10.1109/CCWC57344.2023.10099169.
- ^ "The Sleuth Kit (TSK) & Autopsy: Open Source Digital Forensics Tools". Brian Carrier.
- ^ a b c "Autopsy: License". Brian Carrier.