Autopsy (software)

Last updated

Autopsy is a computer program that performs forensic searches of computer storage volumes. It is maintained by Basis Technology Corp. and community programmers. Basis Technology Corp. sells support services and training for the program. [1]

Contents

Features

Cataloguing

Autopsy hashes the files in the volume it is analyzing. It unpacks compressed archives including ZIP and JAR. It extracts image metadata stored as EXIF values. It stores keywords in an index. It parses and catalogues some email and contact file formats. It flags phone numbers, email addresses, and files. Its SQLite or PostgreSQL database stores occurrences of names, domains, phone numbers, and Windows registry files indicating past connections to USB devices. Multiple file systems can be catalogued in the same repository.

Autopsy can perform rule-based searches of indexed files, including searches for recent activity. It can generate reports in HTML or PDF format containing the results of searches. A partial image of files returned by a search can be saved in VHD format.

File recovery

Autopsy can be used to recover data that has been infected by WannaCry ransomware. [2]

Tools

Autopsy includes a graphical user interface to display its results, wizards and historical tools to repeat configuration steps, and plug-in support. Both open-source and closed-source Modules exist for the core browser, including functionality related to scanning files, browsing results, and summarizing findings.

File systems

Supported file systems include:

Dependencies

Autopsy runs open source programs and plugins included in The Sleuth Kit. [3] It depends on a number of libraries with various licenses. [4] It uses SQLite and PostgreSQL databases to store information. Its keyword search indices are built with Lucene and SOLR.

Version history

VersionLanguageOperating systemsLicense
2.0 Perl Linux, Unix, MacOS, Windows GNU GPL 2.0 [4]
3.0 Java Apache license 2.0 [4]
4.0 Windows, Linux, MacOS

Related Research Articles

In computing, Open Database Connectivity (ODBC) is a standard application programming interface (API) for accessing database management systems (DBMS). The designers of ODBC aimed to make it independent of database systems and operating systems. An application written using ODBC can be ported to other platforms, both on the client and server side, with few changes to the data access code.

<span class="mw-page-title-main">SQLite</span> Serverless relational database management system (RDBMS)

SQLite is a database engine written in the C programming language. It is not a standalone app; rather, it is a library that software developers embed in their apps. As such, it belongs to the family of embedded databases. It is the most widely deployed database engine, as it is used by several of the top web browsers, operating systems, mobile phones, and other embedded systems.

<span class="mw-page-title-main">Data definition language</span> Syntax for defining data structures

In the context of SQL, data definition or data description language (DDL) is a syntax for creating and modifying database objects such as tables, indices, and users. DDL statements are similar to a computer programming language for defining data structures, especially database schemas. Common examples of DDL statements include CREATE, ALTER, and DROP. If you see a .ddl file, that means the file contains a statement to create a table. Oracle SQL Developer contains the ability to export from an ERD generated with Data Modeler to either a .sql file or a .ddl file.

An SQL INSERT statement adds one or more records to any single table in a relational database.

eZ Publish is an open-source enterprise PHP content management system that was developed by the Norwegian company Ibexa. eZ Publish is now maintained by 7x. eZ Publish is freely available under the GNU GPL version 2 license, as well as under proprietary licenses that include commercial support. In 2015, eZ Systems introduced eZ Platform to replace eZ Publish with a more modern and future-proof solution. In 2024, 7x released eZ Publish 6.0 (stable) to replace eZ Publish 5.4 with a more modern and future-proof solution compatible with PHP 7.x and 8.x software. In 2024/02 7x followed up its first release (6.0) with a powerful second release 6.0.1 containing key installation bugfixes and a brand new database backend for flat file database called SQLite that is mature and stable ready to use to simplify your website or web application. In 2024/03 7x continues to develop and release monthly updates to eZ Publish with the release of version 6.0.2 which provides default design improvements and many more extensions enabled for use by default.

ADO.NET is a data access technology from the Microsoft .NET Framework that provides communication between relational and non-relational systems through a common set of components. ADO.NET is a set of computer software components that programmers can use to access data and data services from a database. It is a part of the base class library that is included with the Microsoft .NET Framework. It is commonly used by programmers to access and modify data stored in relational database systems, though it can also access data in non-relational data sources. ADO.NET is sometimes considered an evolution of ActiveX Data Objects (ADO) technology, but was changed so extensively that it can be considered an entirely new product.

The following tables compare general and technical information for a number of relational database management systems. Please see the individual products' articles for further information. Unless otherwise specified in footnotes, comparisons are based on the stable versions without any add-ons, extensions or external programs.

<span class="mw-page-title-main">The Sleuth Kit</span>

The Sleuth Kit (TSK) is a library and collection of Unix- and Windows-based utilities for extracting data from disk drives and other storage so as to facilitate the forensic analysis of computer systems. It forms the foundation for Autopsy, a better known tool that is essentially a graphical user interface to the command line utilities bundled with The Sleuth Kit.

BasisTech is a software company specializing in applying artificial intelligence techniques to understanding documents and unstructured data written in different languages. It has headquarters in Somerville, Massachusetts with a subsidiary office in Tokyo. Its legal name is BasisTech LLC.

Web2py is an open-source web application framework written in the Python programming language. Web2py allows web developers to program dynamic web content using Python. Web2py is designed to help reduce tedious web development tasks, such as developing web forms from scratch, although a web developer may build a form from scratch if required.

Thomas G. Lane is a computer scientist dedicated to open-source software. In a 2000 survey, he was listed as one of the top 10 contributors to an intended-to-be-representative sample of open-source software, having contributed 0.782% of the total code.

<span class="mw-page-title-main">TACTIC (web framework)</span> Web-based, open source workflow platform and digital asset management system

TACTIC is a web-based, open source workflow platform and digital asset management system supported by Southpaw Technology in Toronto, ON. Designed to optimize busy production environments with high volumes of content traffic, TACTIC applies business or workflow logic to combined database and file system management. Using elements of digital asset management, production asset management and workflow management, TACTIC tracks the creation and development of digital assets through production pipelines. TACTIC is available under both commercial and open-source licenses, and also as a hosted cloud service through Amazon Web Services Marketplace.

The Open Computer Forensics Architecture (OCFA) is a distributed open-source computer forensics framework used to analyze digital media within a digital forensics laboratory environment. The framework was built by the Dutch national police.

List & Label is a professional reporting tool for software developers. It provides comprehensive design, print and export functions. The software component runs on Microsoft Windows and can be implemented in desktop, cloud and web applications. List & Label can be used to create user-defined dashboards, lists, invoices, forms and labels. It supports many development environments, frameworks and programming languages such as Microsoft Visual Studio, Embarcadero RAD Studio, .NET Framework, .NET Core, ASP.NET, C++, Delphi, Java, C Sharp and some more. List & Label either retrieves data from various sources via data binding, or works database independent. Reports are designed and created in the so-called List & Label Designer and then exported into a multitude of formats like PDF, Excel, XHTML and RTF. Since version 27 a web report designer for ASP.NET MVC is available.

ownCloud Free software for cloud computing

ownCloud, a Kiteworks Company, is a free and open-source software project for content collaboration and sharing and syncing of files in distributed and federated enterprise scenarios. It allows companies and remote end-users to organize their documents on servers, computers, and mobile devices and work with them collaboratively while keeping a centrally organized and synchronized state.

The following is provided as an overview of and topical guide to databases:

The following outline is provided as an overview of and topical guide to MySQL:

<span class="mw-page-title-main">CAINE Linux</span> Linux distribution

CAINE Linux is an Italian Linux live distribution managed by Giovanni "Nanni" Bassetti. The project began in 2008 as an environment to foster digital forensics and incidence response (DFIR), with several related tools pre-installed.

<span class="mw-page-title-main">Jam.py (web framework)</span> Python web framework

Jam.py is free and open-source low-code/no-code "full stack" WSGI rapid application development framework for the JavaScript and Python programming language.

References

  1. "Digital Forensics". Basis Technology Corp. 23 December 2013.
  2. S. C. Nayak, V. Tiwari and B. K. Samanthula, "Review of Ransomware Attacks and a Data Recovery Framework using Autopsy Digital Forensics Platform," 2023 IEEE 13th Annual Computing and Communication Workshop and Conference (CCWC), Las Vegas, NV, USA, 2023, pp. 0605–0611, doi: 10.1109/CCWC57344.2023.10099169.
  3. "The Sleuth Kit (TSK) & Autopsy: Open Source Digital Forensics Tools". Brian Carrier.
  4. 1 2 3 "Autopsy: License". Brian Carrier.