Autopsy

Description

Autopsy ® is a digital forensics platform and graphical interface to The Sleuth Kit® and other digital forensics tools. It is used by law enforcement, military, and corporate examiners to investigate what happened on a computer. You can even use it to recover photos from your camera’s memory card.

Usage

Syntax

autopsy [-c] [-C] [-d evid_locker] [-i device filesystem mnt] [-p port] [remoteaddr]

Options

  -c: force a cookie in the URL
  -C: force NO cookie in the URL
  -d dir: specify the evidence locker directory
  -i device filesystem mnt: Specify info for live analysis
  -p port: specify the server port (default: 9999)
  remoteaddr: specify the host with the browser (default: localhost)

Example

Autopsy requires a directory name Evidence_Locker. This is where the Case evidence is stored, and many other files to make Autopsy work properly.

cyborg@cyborg:~$ mkdir Documents/Evidence_Locker

Start Autopsy.

cyborg@cyborg:~$ autopsy -d /home/cyborg/Documents/Evidence_Locker/

============================================================================

                       Autopsy Forensic Browser 
                  http://www.sleuthkit.org/autopsy/
                             ver 2.24 

============================================================================
Evidence Locker: /home/cyborg/Documents/Evidence_Locker
Start Time: Tue Oct 27 12:30:59 2015
Remote Host: localhost
Local Port: 9999

Open an HTML browser on the remote host and paste this URL in it:

    http://localhost:9999/autopsy

Keep this process running and use <ctrl-c> to exit

Open the given link in Browser :

autopsy Autopsy

Make A  New Case :

autopsy new case Autopsy

 

 

Case Create , Now click on Add Host:

autopsy case created Autopsy

 

 

Fill The Details of the Host :

autopsy host Autopsy

 

 

Add Image to the case :

autopsy image Autopsy

0 Comments

Leave a reply

CONTACT US

We're are building as a community and a team. Be a part of it.

Sending

©2017 Ztrela Knowledge Solutions Pvt. Ltd

Log in with your credentials

Forgot your details?