Autopsy (software)
   HOME

TheInfoList



Click Here for Items Related To - Autopsy (software)
OR:
Autopsy (software) on:   [Wikipedia]   [Google]   [Amazon]

Autopsy is a
computer program A computer program is a sequence or set of instructions in a programming language for a computer to Execution (computing), execute. It is one component of software, which also includes software documentation, documentation and other intangibl ...
that performs forensic searches of computer storage volumes. It is maintained by Basis Technology Corp. and community programmers. Basis Technology Corp. sells support services and training for the program.


Features


Cataloguing

Autopsy hashes the files in the
volume Volume is a measure of regions in three-dimensional space. It is often quantified numerically using SI derived units (such as the cubic metre and litre) or by various imperial or US customary units (such as the gallon, quart, cubic inch) ...
it is analyzing, unpacking compressed archives including ZIP and
JAR A jar is a rigid, cylindrical or slightly conical container, typically made of glass, ceramic, or plastic, with a wide mouth or opening that can be closed with a lid, screw cap, lug cap, cork stopper, roll-on cap, crimp-on cap, press-on ca ...
. It extracts image
metadata Metadata (or metainformation) is "data that provides information about other data", but not the content of the data itself, such as the text of a message or the image itself. There are many distinct types of metadata, including: * Descriptive ...
stored as
EXIF Exchangeable image file format (officially Exif, according to JEIDA/JEITA/CIPA specifications) is a standard that specifies formats for images, sound, and ancillary tags used by digital cameras (including smartphones), scanners and other system ...
values and stores keywords in an index. Further, Autopsy parses and
catalogues Catalog or catalogue may refer to: *Cataloging **in science and technology ***Library catalog, a catalog of books and other media ****Union catalog, a combined library catalog describing the collections of a number of libraries *** Calendar (arch ...
some email and contact file formats, flags phone numbers, email addresses, and files, as well as
SQLite SQLite ( "S-Q-L-ite", "sequel-ite") is a free and open-source relational database engine written in the C programming language. It is not a standalone app; rather, it is a library that software developers embed in their apps. As such, it ...
or
PostgreSQL PostgreSQL ( ) also known as Postgres, is a free and open-source software, free and open-source relational database management system (RDBMS) emphasizing extensibility and SQL compliance. PostgreSQL features transaction processing, transactions ...
database stores occurrences of names, domains, phone numbers, and
Windows Windows is a Product lining, product line of Proprietary software, proprietary graphical user interface, graphical operating systems developed and marketed by Microsoft. It is grouped into families and subfamilies that cater to particular sec ...
registry files indicating past connections to
USB Universal Serial Bus (USB) is an industry standard, developed by USB Implementers Forum (USB-IF), for digital data transmission and power delivery between many types of electronics. It specifies the architecture, in particular the physical ...
devices. Multiple file systems can be catalogued in the same repository.


Search

Autopsy can perform rule-based searches of indexed files, including searches for recent activity. It can generate reports in
HTML Hypertext Markup Language (HTML) is the standard markup language for documents designed to be displayed in a web browser. It defines the content and structure of web content. It is often assisted by technologies such as Cascading Style Sheets ( ...
or
PDF Portable document format (PDF), standardized as ISO 32000, is a file format developed by Adobe Inc., Adobe in 1992 to present documents, including text formatting and images, in a manner independent of application software, computer hardware, ...
format containing the results of searches. A partial image of files returned by a search can be saved in VHD format.


File recovery

Autopsy can be used to recover data that has been infected by
WannaCry The WannaCry ransomware attack was a worldwide cyberattack in May 2017 by the WannaCry ransomware cryptoworm, which targeted computers running the Microsoft Windows operating system by encrypting data and demanding ransom payments in the form ...
ransomware Ransomware is a type of malware that Encryption, encrypts the victim's personal data until a ransom is paid. Difficult-to-trace Digital currency, digital currencies such as paysafecard or Bitcoin and other cryptocurrency, cryptocurrencies are com ...
.


Tools

Autopsy includes a
graphical user interface A graphical user interface, or GUI, is a form of user interface that allows user (computing), users to human–computer interaction, interact with electronic devices through Graphics, graphical icon (computing), icons and visual indicators such ...
to display its results, wizards and historical tools to repeat configuration steps, and
plug-in Plug-in, plug in or plugin may refer to: * Plug-in (computing), a software component that adds a specific feature to an existing computer program ** Audio plug-in, adds audio signal processing features ** Photoshop plugin, a piece of software that ...
support. Both open-source and closed-source Modules exist for the core browser, including functionality related to scanning files, browsing results, and summarizing findings.


File systems

Supported file systems include: *
NTFS NT File System (NTFS) (commonly called ''New Technology File System'') is a proprietary journaling file system developed by Microsoft in the 1990s. It was developed to overcome scalability, security and other limitations with File Allocation Tabl ...
*
FAT In nutrition science, nutrition, biology, and chemistry, fat usually means any ester of fatty acids, or a mixture of such chemical compound, compounds, most commonly those that occur in living beings or in food. The term often refers specif ...
*
ExFAT exFAT (Extensible File Allocation Table) is a file system optimized for flash memory such as USB flash drives and SD cards, that was introduced by Microsoft in 2006. exFAT was proprietary until 28 August 2019, when Microsoft published its spe ...
*
HFS+ HFS Plus or HFS+ (also known as Mac OS Extended or HFS Extended) is a journaling file system developed by Apple Inc. It replaced the Hierarchical File System (HFS) as the primary file system of Apple computers with the 1998 release of Mac OS 8. ...
*
Ext2 ext2, or second extended file system, is a file system for the Linux kernel (operating system), kernel. It was initially designed by French software developer RĂ©my Card as a replacement for the extended file system (ext). Having been designed ...
*
Ext3 ext3, or third extended filesystem, is a journaling file system, journaled file system that is commonly used with the Linux kernel. It used to be the default file system for many popular Linux distributions but generally has been supplanted by ...
*
Ext4 ext4 (fourth extended filesystem) is a journaling file system for Linux, developed as the successor to ext3. ext4 was initially a series of backward-compatible extensions to ext3, many of them originally developed by Cluster File Systems for ...
* YAFFS2


Dependencies

Autopsy runs open source programs and plugins included in
The Sleuth Kit The Sleuth Kit (TSK) is a Open-source software, open-source Library (computing), library and collection of utilities for Unix-like operating systems and Microsoft Windows, Windows that is used for extracting and parsing data from disk drives and ...
. It depends on a number of libraries with various licenses. It uses
SQLite SQLite ( "S-Q-L-ite", "sequel-ite") is a free and open-source relational database engine written in the C programming language. It is not a standalone app; rather, it is a library that software developers embed in their apps. As such, it ...
and
PostgreSQL PostgreSQL ( ) also known as Postgres, is a free and open-source software, free and open-source relational database management system (RDBMS) emphasizing extensibility and SQL compliance. PostgreSQL features transaction processing, transactions ...
databases to store information. Its keyword search indices are built with
Lucene Apache Lucene is a free and open-source search engine software library, originally written in Java by Doug Cutting. It is supported by the Apache Software Foundation and is released under the Apache Software License. Lucene is widely used as a ...
and SOLR.


Version history


References


External links


Autopsy official website

The Sleuth Kit official website
{{DEFAULTSORT:Autopsy Browser Free security software Unix security-related software Hard disk software Digital forensics software Software using the Apache license