Introduction To Autopsy | An Open-Source Digital Forensics Tool

In this article we are going to learn about autopsy which is an open-source tool for digital forensics

In this article, we are going to learn about Autopsy, which is an open-source digital forensics tool. We are going to see What is Autopsy, Features of Autopsy, How to Use Autopsy with Demo, and many more questions like this.

What is Autopsy?

“Autopsy® is a digital forensics platform and graphical interface to The Sleuth Kit® and other digital forensics tools. It is used by law enforcement, military, and corporate examiners to investigate what happened on a computer. You can even use it to recover photos from your camera’s memory card.” — Official Website

Basically, the autopsy is a free open-source tool that supports a wide range of other digital forensics modules and tools.

The Autopsy is computer software that makes it simpler to deploy many of the open-source programs and plugins used in The Sleuth Kit.[1] The graphical user interface displays the results from the forensic search of the underlying volume making it easier for investigators to flag pertinent sections of data. The tool is largely maintained by Basis Technology Corp. with the assistance of programmers from the community.


  • Multi-User Cases: Collaborate with fellow examiners on large cases. 
  • Timeline Analysis: Displays system events in a graphical interface to help identify activity. 
  • Keyword Search: Text extraction and index searched modules enable you to find files that mention specific terms and find regular expression patterns. 
  • Web Artifacts: Extracts web activity from common browsers to help identify user activity. 
  • Registry Analysis: Uses RegRipper to identify recently accessed documents and USB devices. 
  • LNK File Analysis: Identifies shortcuts and accessed documents 
  • Email Analysis: Parses MBOX format messages, such as Thunderbird. 
  • EXIF: Extracts geo location and camera information from JPEG files.
  • Media Playback and Thumbnail viewer. 
  • Robust File System Analysis: Support for common file systems, including NTFS, FAT12/FAT16/FAT32/ExFAT, HFS+, ISO9660 (CD-ROM), Ext2/Ext3/Ext4, Yaffs2, 
  • Unicode Strings Extraction: Extracts strings from unallocated space and unknown file types in many languages 
  • File Type Detection based on signatures and extension mismatch detection. 
  • Interesting Files Module will flag files and folders based on name and path. 
  • Android Support: Extracts data from SMS, call logs, contacts, Tango, Words with Friends, and more.

How to install Autopsy?

Autopsy Comes preinstalled in Kali Linux. Although, it is highly recommended that one use the autopsy in windows for a better GUI experience.

Official Website –

You can download the autopsy for any architecture of Windows 64-bit or 32-bit. Also, there is a .deb package that you can use to install in Linux.

Download it for windows and install it like any other program with the installer.

Autopsy Demo

In this section, we are going to see a small demo on how to add the image source file and create a case in autopsy for further investigation.

For this demo, we are going to use a free memory sample.

You can find all the free memory samples here to test any of the digital forensics tools.

Autopsy Main Screen | Cybervie

This is how the autopsy screen will look like after running the program. Now we have to create a new case here.

New case autopsy | Cybervie

After clicking new case, fill in the required information like a case number and base directory and all the necessary information.

Add source autopsy | cybervie

Now, after filing the information we will be present at this screen where we have to select add source and then select the host. Use Generate new host to generate new host for new cases.

Data source type Autopsy | Cybervie

Now we have to select the type of source we are adding. In this demo, I am adding a Disk image file so I will select first. Then click next.

Select DATA Source| Cybervie

Here we have to select the location of the image file which we have to analyze. Then click next.

Configure Ingest | Cybervie

In this panel, we have to select the ingest or modules or the things we have to extract from the image files. and click next.


Never select all the ingest when analyzing a big file because it may take a lot of time to Ingest.

Now it will analyze the ingest and give you the result.

So, this is how the results look like and here we can analyze all the things we need.

Like this how we can analyze the deleted files from the disk this process is known as File Carving and we can do it that easily on the autopsy.

This is the list of things we can extract and analyze from a disk image file.

So, This is it for this demo you can try downloading different images and try it yourself on the autopsy.


Memory Samples for testing –

File Carving blog –

Autopsy official Documentation –

Share the Post...

About Cybervie

Cybervie provides best cyber security training program in hyderabad, India.This cyber security course enables you to detect vulnerablities of a system, wardoff attacks and manage emergency situations. Taking a proactive approach to security that can help organisations to protect their data, Cybervie has designed its training module based on the cyber security industry requirements with three levels of training in both offensive and defensive manner, and use real time scenarios which can help our students to understand the market up-to its standard certification which is an add on advantage for our students to stand out of competition in an cyber security interview.

More Info – Click Here

Recent Posts

Follow Us on Youtube

Cyber Security Training Program 2020

Cyber security Course offered by Cybervie prepares students for a path of success in a highly demanding and rapidly growing field of cyber security. The course is completely designed with an adaptable mindset, where the program allows the student to complete the course work at their own pace while being able to complete weekly assignments. Hence, also making it convenient for busy working professionals to pursue the training to help them advance their career in cyber security.

Cybervie has designed the training module based on the cyber security industry requirements in both offensive and defensive manner, using real time scenarios which help our students to understand the market standards.

Sign up for our Newsletter

Interested in Cyber Security Training Program 2020 – Click Here

Open chat
Hello 👋
How can we help you?