Fundamentals of Digital Forensics
6. Forensic analysis with free suites of use
6.2. Autopsy The Sleuth kit
The Sleuth Kit® is a library and also a set of tools that allows the analysis of FAT, NTFS, Ext2/3/4 and UFS file systems, including those commonly used by the Linux Operating System, it also allows the analysis of files and folders, recover deleted files, create a timeline of file activities, perform expression searches and use databases of hashs.
https://github.com/sleuthkit/sleuthkit/blob/develop/NEWS.txt
Autopsy - Autopsy is the graphical user interface (GUI) of The Sleuth Kit. It is one of the open source platforms, developed to take advantage of The Sleuth Kit's capabilities to perform forensic analysis on devices such as hard drives, media cards, smartphones, among others. It also integrates other forensic tools, both open source and/or commercial, through plug-ins or complementary modules in Java or Python..
https://github.com/sleuthkit/autopsy/blob/develop/NEWS.txt
Autopsy's simple graphical interface is presented (Figure 73).
Figure 73 - Analysis with Autopsy
It contains a left side menu with categorised information, identifying files by extension type and MIME Type, but also all the categories they belong to (- Categorisation of files in Autopsy Figure 74).
Figure 74 - Categorisation of files in Autopsy
Versions
https://github.com/sleuthkit/autopsy/releases/
Source Code
https://github.com/sleuthkit/autopsy
Tasks and requests
https://github.com/sleuthkit/autopsy/issues