Tools/autopsy-203

From ChekMate Security Group

Package Directory: /opt/Operator_Extras/Tools/autopsy-203

The Autopsy Forensic Browser is a graphical interface to utilities found in The Sleuth Kit, which are open source tools for the forensic analysis of Microsoft and UNIX file systems. It allows the allocated and deleted files, directories, data units, and meta data of file system images to be analyzed in a read-only environment. Images can be searched for strings and regular expressions to recover deleted material. It also allows one to create a detailed time line of the Modified, Access, and Changed times of files. Hash databases are used to identify if a file is known to be good or bad. Files can also be organized based on their file type - instead of just viewing them by directory listings.

Autopsy is HTML-based and uses a client-server model. The Autopsy server runs on many UNIX systems and the client can be any platform with an HTML browser. This enables one to create a flexible environment with a central Autopsy server and several remote clients. For incident response scenarios, a CD with The Sleuth Kit and Autopsy can be created to allow the responder read-only remote access to a suspect system from an HTML-browser on a trusted system.

Autopsy will not modify the original images and the integrity of the images can be verified in Autopsy using MD5 values.