How to use Autopsy for Computer Forensice
Irfan Shakeel
I am on a mission to create a secure cyber world ???| Director @ CIP Cyber | Creating ICS/OT Security Content ????
Autopsy is one of the digital forensics tools use to investigate what happened on a computer. It offers a GUI access to variety of investigative command-line tools from The Sleuth Kit including image file hashing, deleted file recovery, file analysis and case management. Autopsy produces results in real time, making it more compatible over other forensics tools.
It comes preinstalled in kali linux so Lets start the Kali Virtual Machine. You will find the option ‘forensics’ in the application tab. Select ‘autopsy’ from the list of forensics tools.
Open Autopysy
When you select autopsy, it will open a prompt where you see a program information, the version number listed as 2.24 with the path to the Evidence Locker folder as /var/lib/autopsy and an address https://localhost:9999/autopsy to open it on a web browser.
Click on that link and open it in your Kali web browser, you will be redirected to the home page of autopsy. This tool is running on our local web server accessing the port 9999.
Create a New Case
There will be three options on the home page: ‘OPEN CASE’, NEW CASE’, ‘HELP’
For forensic investigation, we need to create a new case and arrange all the information and evidences. Select ‘NEW CASE’
Read the complete story in the ehacking blog.