Introduction to Autopsy – The Sleuth Kit
Autopsy offers GUI access to a variety of investigative command-line tools from The Sleuth Kit, including file analysis, image and file hashing, deleted file recovery, and case management, among other capabilities. Autopsy can be problematic when installing but, fortunately for us, comes built into Kali Linux, and is also very easy to set up and use.
Although the Autopsy browser is based on The Sleuth Kit, features of Autopsy differ when using the Windows version as compared to the Linux version. Some of the official features offered by The Sleuth Kit and Autopsy 2.4 in Kali Linux include:
- Image analysis: Analyzing directories and files including sorting files, recovering deleted files, and previewing files
- File activity timelines: Creating timelines based on timestamps of files when they were written, accessed, and created
- Image integrity: Creating MD5 hashes of the image file used, as well as individual files
- Hash databases: Matching digital hashes or...
