Autopsy forensic browser, version 2
The Autopsy Forensic Browser (Autopsy) is a graphical interface to the command line digital investigation analysis tools in The Sleuth Kit. Together, they can analyze Windows and UNIX disks and file systems such as:
The The Sleuth Kit and Autopsy are both Open Source and run on UNIX platforms. As Autopsy is HTML-based, you can connect to the Autopsy server from any platform using a web browser. Autopsy provides a "File Manager"-like interface and shows details about deleted data and file system structures.
Current state
As of 2014, Autopsy 2.24 is the last version of Autopsy that supports non-Windows platforms. Since Autopsy 2.24 was released in 2010, it cannot support all features introduced in latest The Sleuth Kit versions. Various modifications introduced in Sleuthkit since 2010 break Autopsy 2.24.
There are several known conflicts between Autopsy 2.24 and Sleuthkit 4.1.3:
- Autopsy cannot normally jump through directories on HFS.
- Autopsy cannot handle Sun VTOC.
- Autopsy cannot view timelines in most cases.
Also, Ext4 file creation timestamps cannot be viewed in the Autopsy "File Manager"-like interface. Unofficial patch exists to fix or "hack around" these issues.