// arsenal·Forensics & REIntermediateFOSS

Autopsy

Open-source digital-forensics GUI on top of The Sleuth Kit.

Forensics & RE

$ autopsy --help

Autopsy

// what it is

Description

Brian Carrier's graphical front-end for The Sleuth Kit. Loads disk images and timelines, recovers deleted files, runs file-type analysis, ingests hash databases (NSRL), and produces reports suitable for litigation.

// use cases

What people use it for

Disk-image triage
Deleted-file recovery
Timeline reconstruction

// facts

category: Forensics & RE
platforms: LIN · WIN · MAC
license: FOSS
difficulty: Intermediate

// links

// related in Forensics & RE

Forensics & REAdvanced

Volatility

Open-source memory-forensics framework — reads RAM images and reconstructs system state.

FOSS

LIN·WIN·MAC

open entry →

Forensics & REBeginner

FTK Imager

Exterro's free disk-imaging utility — the de facto standard for forensic disk capture.

Freemium

WIN·MAC

open entry →

Forensics & REAdvanced

Ghidra/ghee-druh/

NSA's open-source reverse-engineering platform with a strong decompiler.

FOSS

LIN·WIN·MAC

open entry →