Autopsy

The Autopsy Forensic Browser serves as a graphical interface to the command line digital forensic analysis tools in The Sleuth Kit. Together, they enable analysis of file systems such as NTFS, FAT, FFS, EXT2FS, and EXT3FS on Windows and UNIX systems.

Autopsy is designed for forensic investigators needing a user-friendly way to examine disk images and live systems. It supports evidence locker management and live analysis configurations, making it suitable for both post-mortem investigations and real-time data acquisition.

Key use cases include recovering deleted files, analyzing file timelines, and generating reports for legal proceedings. The tool integrates seamlessly with Sleuth Kit's backend for comprehensive disk analysis.

Autopsy operates as a web-based server that provides a graphical interface to The Sleuth Kit's command-line tools. It runs on a specified port (default 9999), allowing browser access from localhost or remote hosts. Users configure evidence lockers for storing case data and can perform live analysis by specifying device, filesystem, and mount point. Cookie handling in URLs controls session management.