Autopsy (software)

From Wikipedia, the free encyclopedia
Jump to navigation Jump to search
Autopsy
DevelopersBrian Carrier, Basis Technology Corp.
Initial releaseMarch 19, 2001; 25 years ago (2001-03-19)
Stable release
4.22.1 / April 16, 2025; 14 months ago (2025-04-16)[1]
RepositoryGitHub
Written inJava
Engine
    Lua error in Module:EditAtWikidata at line 29: attempt to index field 'wikibase' (a nil value).
    Operating systemLinux, Windows, macOS
    Available inEnglish
    TypeComputer forensics
    LicenseApache 2.0

    Autopsy is a computer program that performs forensic searches of computer storage volumes. It is maintained by Basis Technology Corp. and community programmers. Basis Technology Corp. sells support services and training for the program.[citation needed]

    Features

    [edit | edit source]

    Cataloguing

    [edit | edit source]

    Autopsy hashes the files in the volume it is analyzing, unpacking compressed archives including ZIP and JAR. It extracts image metadata stored as Exif values and stores keywords in an index. Further, Autopsy parses and catalogues some email and contact file formats, flags phone numbers, email addresses, and files, as well as SQLite or PostgreSQL database stores occurrences of names, domains, phone numbers, and Windows registry files indicating past connections to USB devices. Multiple file systems can be catalogued in the same repository.

    [edit | edit source]

    Autopsy can perform rule-based searches of indexed files, including searches for recent activity. It can generate reports in HTML or PDF format containing the results of searches. A partial image of files returned by a search can be saved in VHD format.

    File recovery

    [edit | edit source]

    Autopsy can be used to recover data that has been infected by WannaCry ransomware.[2]

    Tools

    [edit | edit source]

    Autopsy includes a graphical user interface to display its results, wizards and historical tools to repeat configuration steps, and plug-in support. Both open-source and closed-source Modules exist for the core browser, including functionality related to scanning files, browsing results, and summarizing findings.

    File systems

    [edit | edit source]

    Supported file systems include:

    Dependencies

    [edit | edit source]

    Autopsy runs open source programs and plugins included in The Sleuth Kit.[3] It depends on a number of libraries with various licenses.[4] It uses SQLite and PostgreSQL databases to store information. Its keyword search indices are built with Lucene and SOLR.

    Version history

    [edit | edit source]
    Version Language Operating systems License
    2.0 Perl Linux, Unix, MacOS, Windows GNU GPL 2.0[4]
    3.0 Java Apache license 2.0[4]
    4.0 Java Windows, Linux, MacOS Apache license 2.0[4]

    References

    [edit | edit source]
    1. ^ Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value).
    2. ^ S. C. Nayak, V. Tiwari and B. K. Samanthula, "Review of Ransomware Attacks and a Data Recovery Framework using Autopsy Digital Forensics Platform," 2023 IEEE 13th Annual Computing and Communication Workshop and Conference (CCWC), Las Vegas, NV, USA, 2023, pp. 0605–0611, doi: 10.1109/CCWC57344.2023.10099169.
    3. ^ Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value).
    4. ^ a b c d Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value).
    [edit | edit source]
    Retrieved from "http://70.231.62.181/index.php?title=Autopsy_(software)&oldid=13130697"