About Autopsy
Autopsy is a digital forensics software from Sleuth Kit Labs that provides a comprehensive open-source platform for analyzing digital evidence. It includes Cyber Triage, a Malware Scanner, and an Importer, so users can evaluate and process digital data efficiently. The platform supports the investigation of various digital artifacts and enables investigators to uncover critical information from a wide range of devices. Additionally, Autopsy offers a user-friendly interface that simplifies the complex task of digital forensics. Key capabilities: Cyber Triage Malware Scanner Importer Open-source User-friendly interface Best for: digital forensics professionals that need to analyze and investigate digital evidence.
Autopsy is the premier, full-featured, open-source digital forensics platform that democratizes digital investigation. Built on the powerful The Sleuth Kit (TSK), it provides an intuitive graphical interface and a comprehensive, modular suite of tools that compete effectively with expensive commercial alternatives. Its major strengths are its zero-cost entry, multi-user capability for collaboration, and its highly extensible architecture that allows users to write custom modules. It is an ideal solution for law enforcement and corporate examiners working with tight budgets who require standard forensic features (keyword search, timeline analysis, web artifact extraction) and robust security. While it can be resource-intensive with large data sets, Autopsy remains the top choice for accessible, transparent, and court-ready digital forensic analysis.
Pros & Cons
- Supports multiple examiners working simultaneously on the same case data over a network
- Provides a user-friendly GUI for the powerful, command-line The Sleuth Kit
- Allows investigators and developers to write custom modules (plug-ins) in Java or Pytho
- Mastering the full range of ingest modules and deeply technical features requires a specialized training and learning.
- Dedicated enterprise-level support and training require a paid subscription from Sleuth Kit Labs.
- The software experiences occasional slowdowns when processing extremely large disk images or huge volumes of data.
Features
Key features
Provides an easy-to-use, intuitive GUI that simplifies the powerful, command-line functionalities of TSK, making deep forensic analysis accessible to a wider user base.
Offers an advanced graphical event viewing interface that helps investigators visualize and filter file system and artifact activity over time to reconstruct the sequence of events.
Designed as an end-to-end platform where investigators can add functionality through community-developed or custom modules (Java/Python) for highly specialized analysis.
Performs fast, powerful, and indexed searching across all files, recovered content, and metadata to quickly find files or artifacts containing relevant terms.
Supports multiple examiners working on the same case simultaneously from different machines, significantly accelerating large-scale investigations.
Additional features
Handles various data sources, including disk images (E01, RAW, VHD), logical files, and local folders, performing parallel processing for speed.
Uses PhotoRec and other tools to recover deleted files from unallocated space based on file signatures.
Automatically extracts and parses history, bookmarks, cookies, and cache from popular browsers (Chrome, Firefox, IE) to trace user activity.
Flags known malicious files (using hash sets like NIST NSRL) and ignores known safe files, focusing the examiner's attention on critical data.
*Parses Windows Registry files and LNK files to extract vital information about past system configuration, program execution, and recently accessed files.
Extracts EXIF data from images (JPEG) and video files, providing location, time, and camera information.
*Parses email, contact files, and messaging databases to visualize communication relationships and content.
Allows the correlation of data across multiple cases by storing and sharing information about files, devices, and results.
Identifies files where the actual file signature does not match the extension (e.g., a .jpg file that is actually an executable), indicating potential concealment.
Generates professional, detailed reports in formats like HTML, PDF, and CSV/Excel for court presentation and stakeholder review.
Pricing
Countries & Languages
Interface languages
Billing currencies
No reviews yet
Be the first to drop a review
Alternatives to Autopsy
EnCase Forensic
EnCase Forensic is a digital forensic software from Opentext that enables investigators to gather digital…
FARO Zone 3D (FARO.com)
FARO Zone 3D is a forensic visualization software from FARO that supports the analysis, reconstruction,…
SceneWorks
SceneWorks is a software platform from SpheronVR that focuses on creating immersive virtual reality experiences.…
Phonexia Orbis Investigator
Phonexia Orbis Investigator is a forensic audio analysis software from Phonexia that provides tools for…
Spot something wrong or outdated?
Suggest a correction — a reviewer verifies every change.
About Autopsy
Autopsy is a digital forensics software from Sleuth Kit Labs that provides a comprehensive open-source platform for analyzing digital evidence. It includes Cyber Triage, a Malware Scanner, and an Importer, so users can evaluate and process digital data efficiently. The platform supports the investigation of various digital artifacts and enables investigators to uncover critical information from a wide range of devices. Additionally, Autopsy offers a user-friendly interface that simplifies the complex task of digital forensics. Key capabilities: Cyber Triage Malware Scanner Importer Open-source User-friendly interface Best for: digital forensics professionals that need to analyze and investigate digital evidence.
Autopsy Details
Autopsy's In-App Market Place
Does Autopsy have an in-app market place?
Yes
How many Mini-Apps in the marketplace?
1
Mini Apps
N/A
Pricing Options
Accepted Payment Currencies
USD ($), EUR (), GBP ()
Pros & Cons
- Supports multiple examiners working simultaneously on the same case data over a network
- Provides a user-friendly GUI for the powerful, command-line The Sleuth Kit
- Allows investigators and developers to write custom modules (plug-ins) in Java or Pytho
- Mastering the full range of ingest modules and deeply technical features requires a specialized training and learning.
- Dedicated enterprise-level support and training require a paid subscription from Sleuth Kit Labs.
- The software experiences occasional slowdowns when processing extremely large disk images or huge volumes of data.
Autopsy's Support Options
Autopsy's Alternatives
EnCase Forensic
EnCase Forensic is a digital forensic software from Opentext that enables investigators to gather digital…
FARO Zone 3D (FARO.com)
FARO Zone 3D is a forensic visualization software from FARO that supports the analysis, reconstruction,…
SceneWorks
SceneWorks is a software platform from SpheronVR that focuses on creating immersive virtual reality experiences.…
Phonexia Orbis Investigator
Phonexia Orbis Investigator is a forensic audio analysis software from Phonexia that provides tools for…
