Autopsy – A Digital Forensic Tool

Autopsy is a forensic tool that is used by law enforcement, military, and corporate examiners to investigate what happened on a computer or a smartphone. It has a plug-in architecture that allows you to find add-on modules or develop custom modules in Java or Python.


Autopsy offers the following features:




  • Multi-User Cases: Collaborate with fellow examiners on large cases.



  • Timeline Analysis: Displays system events in a graphical interface to help identify activity.



  • Keyword Search: Text extraction and index searched modules enable you to find files that mention specific terms and find regular expression patterns.



  • Web Artifacts: Extracts web activity from common browsers to help identify user activity.



  • Registry Analysis: Uses RegRipper to identify recently accessed documents and USB devices.



  • LNK File Analysis: Identifies shortcuts and accessed documents.



  • Email Analysis: Parses MBOX format messages, such as Thunderbird.



  • EXIF: Extracts geolocation and camera information from JPEG files.



  • File Type Sorting: Group files by their type to find all images or documents.



  • Media Playback: View videos and images in the application and not require an external viewer.



  • Thumbnail viewer: Displays thumbnail of images to help quick view pictures.



  • Robust File System Analysis:Support for common file systems, including NTFS, FAT12/FAT16/FAT32/ExFAT, HFS+, ISO9660 (CD-ROM), Ext2/Ext3/Ext4, Yaffs2, and UFS from The Sleuth Kit.



  • Hash Set Filtering: Filter out known good files using NSRL and flags known bad files using custom hash sets in HashKeeper, md5sum, and EnCase formats.



  • Tags: Tag files with arbitrary tag names, such as ‘bookmark’ or ‘suspicious’, and add comments.



  • Unicode Strings Extraction:Extracts strings from unallocated space and unknown file types in many languages (Arabic, Chinese, Japanese, etc.).



  • File Type Detection based on signatures and extension mismatch detection.



  • Interesting Files Module will flag files and folders based on name and path.

  • Android Support: Extracts data from SMS, call logs, contacts, Tango, Words with Friends, and more.


Download Autospy

Comments

Post a Comment

Popular posts from this blog

Reverse-Engineering the Peugeot 207’s CAN bus

Image
Here’s a classic “one thing led to another” car hack. [Alexandre Blin] wanted a reversing camera for his old Peugeot 207 and went down a rabbit hole which led him to do some extreme CAN bus reverse-engineering with Arduino and iOS . Buying an expensive bezel, a cheap HDMI display, an Arduino, a CAN bus shield, an iPod touch with a ghetto serial interface cable that didn’t work out, a HM-10 BLE module, an iPad 4S, the camera itself, and about a year and a half of working on it intermittently, he finally emerged poorer by about 275€, but victorious in a job well done. A company retrofit would not only have cost him a lot more, but would have deprived him of everything that he learned along the way. Adding the camera was the easiest part of the exercise when he found an after-market version specifically meant for his 207 model. The original non-graphical display had to make room for a new HDMI display and a fresh bezel, which cost him much more than the display. Besides displaying the cam...
Read more

The world’s new largest flash drive is the 2TB Kingston DataTraveler Ultimate GT

​So metimes, you need to be able to carry a preposterously large amount of storage in a more portable form factor. Enter Kingston’s DataTraveler Ultimate GT, the “world's highest capacity USB flash drive.” Available in either a relatively diminutive 1TB size, or a more staggering 2TB behemoth, there is a very good chance that the DataTraveler Ultimate GT offers more storage space in a gum stick-sized form than your laptop does in its entire hard drive. Obviously, the world’s high-capacity flash drive doesn’t come in a simple plastic shell, but rather a zinc-alloy casing for improved durability. Unfortunately (or fortunately, depending on your perspective), the DataTraveler Ultimate GT uses a USB 3.1 adapter, not USB-C, so you’ll need to break out a dongle to use it with some newer laptops. The USB 3.0 DataTraveler Ultimate GT will be out in February 2017. Pricing has not yet been announced, but it’s probably safe to assume that the world’s highest-capacity flash drives could also b...
Read more

World’s Fastest Camera Takes 5 Trillion Photos Per Second, Can Pause Moving Light

Image
High-speed cameras taking 100,000 pictures in one second are enough to fascinate us. But what about a camera that can film at a rate of 5 trillion images per second. It’s created by the researchers Elias Kristensson and Andreas Ehn at the Lund University in Sweden. The camera can make light slow enough that it could be analyzed by humans. In other words, it can be used to record events happening in the 0.2 trillionths of a second. In 2011, a similar camera device was created by the MIT Media Lab. But it was slower and capable of capturing 1 trillion images per second. The researchers demonstrated the camera by filming photons of light traveling a distance equivalent to the thickness of a paper. The trillion camera works in a different way in comparison to the normal high-speed cameras. [youtube https://www.youtube.com/watch?v=2fjP02EpJac?feature=oembed&w=669&h=502] In the method, laser light pulses with a unique code are slashed on the subject. The reflected pulses captured by ...
Read more