Autopsy (software)
Autopsy is a user interface that makes it simpler to deploy many of the open source programs and plugins used in the Sleuth Kit collection.[1] The graphical user interface displays the results from the forensic search of the underlying volume making it easier for investigators to flag pertinent sections of the data. The tool is largely maintained by Basis Technology Corp. with the assistance of programmers throughout the community. The company sells support services and training for using the product.[2]
The tool is designed with these principles in mind:
- Extensible—The user should be able to add new functionality by creating plugins that can analyze all or part of the underlying data source.
- Frameworks—The tool will offer some standard approaches for ingesting data, analyzing it and reporting any findings so developers can follow the same design patterns when possible.
- Ease of Use—The Autopsy Browser must offer the wizards and historical tools to make it easier for users to repeat their steps without excessive reconfiguration.
The core browser can be extended by adding modules that help scan the files (called "ingesting"), browse the results (called "viewing") or summarize results (called "reporting"). A collection of open-source modules allow customization.
Version 2 of Autopsy is written in Perl and it runs on all major platforms including Linux, Unix, Mac OS X, and Windows. It relies upon the Sleuth Kit to analyze the disk. Version 2 is released under the GNU GPL 2.0.[3]
Autopsy 3.0 is written in Java using the NetBeans platform. It runs only on Windows at this time and is released under the Apache license 2.0.[3]
Autopsy depends on a number of libraries with various licenses.[3]