Login
Login

Autopsy (software)

{{Short description|Computer forensics software}}

{{Multiple issues|

{{Advert|date=September 2023}}

{{More citations needed|date=June 2025}}

}}

{{Infobox software

| logo =

| screenshot =

| caption =

| developer = Brian Carrier, Basis Technology Corp.

| released = {{start date and age|2001|03|19}}

| latest release version = 4.22.1

| latest release date = {{Start date and age|2025|04|16}}{{cite web|title=releases|url=https://github.com/sleuthkit/autopsy/releases|website=github.com|access-date=May 16, 2025}}

| repo = [https://github.com/sleuthkit/autopsy GitHub]

| programming_language = Java

| operating_system = Linux, Windows, macOS

| language = English

| genre = Computer forensics

| license = Apache 2.0

| website = {{Official URL}}

}}

Autopsy is a computer program that performs forensic searches of computer storage volumes. It is maintained by Basis Technology Corp. and community programmers. Basis Technology Corp. sells support services and training for the program.{{citation needed|date=May 2025}}

Features

= Cataloguing =

Autopsy hashes the files in the volume it is analyzing, unpacking compressed archives including ZIP and JAR. It extracts image metadata stored as EXIF values and stores keywords in an index. Further, Autopsy parses and catalogues some email and contact file formats, flags phone numbers, email addresses, and files, as well as SQLite or PostgreSQL database stores occurrences of names, domains, phone numbers, and Windows registry files indicating past connections to USB devices. Multiple file systems can be catalogued in the same repository.

= Search =

Autopsy can perform rule-based searches of indexed files, including searches for recent activity. It can generate reports in HTML or PDF format containing the results of searches. A partial image of files returned by a search can be saved in VHD format.

= File recovery =

Autopsy can be used to recover data that has been infected by WannaCry ransomware.S. C. Nayak, V. Tiwari and B. K. Samanthula, "Review of Ransomware Attacks and a Data Recovery Framework using Autopsy Digital Forensics Platform," 2023 IEEE 13th Annual Computing and Communication Workshop and Conference (CCWC), Las Vegas, NV, USA, 2023, pp. 0605–0611, doi: 10.1109/CCWC57344.2023.10099169.

= Tools =

Autopsy includes a graphical user interface to display its results, wizards and historical tools to repeat configuration steps, and plug-in support. Both open-source and closed-source Modules exist for the core browser, including functionality related to scanning files, browsing results, and summarizing findings.

File systems

Supported file systems include:

Dependencies

Autopsy runs open source programs and plugins included in The Sleuth Kit.{{cite web |title=The Sleuth Kit (TSK) & Autopsy: Open Source Digital Forensics Tools |url=https://www.sleuthkit.org |publisher=Brian Carrier}} It depends on a number of libraries with various licenses.{{cite web |title=Autopsy: License |url=https://www.sleuthkit.org/autopsy/licenses.php |publisher=Brian Carrier}} It uses SQLite and PostgreSQL databases to store information. Its keyword search indices are built with Lucene and SOLR.

Version history

class="wikitable"

|+

!Version

!Language

!Operating systems

!License

2.0

|Perl

|Linux, Unix, MacOS, Windows

|GNU GPL 2.0

3.0

|Java

|

|Apache license 2.0

4.0

|Java

|Windows, Linux, MacOS

|Apache license 2.0

References

External links

  • [https://www.autopsy.com/ Autopsy official website]
  • [https://www.sleuthkit.org/ The Sleuth Kit official website]

{{DEFAULTSORT:Autopsy Browser}}

Category:Free security software

Category:Unix security-related software

Category:Hard disk software

Category:Digital forensics software

Category:Software using the Apache license