SANS Digital Forensics and Incident Response Blog: Tag - Autopsy

A Step-by-Step introduction to using the AUTOPSY Forensic Browser

by Craig Wright

This is a brief tutorial on how to use the Autopsy Forensic Browser as a front end for the Sleuthkit. This tool is an essential for Linux forensics investigations and can be used to analyze Windows images.

We will start with the presumption that you have the Forensic Toolkit Installed (whether through the use of a Live CD such as Helix or if it is installed on a Forensic Workstation). Autopsy is built into the SANS Investigative Forensic Toolkit Workstation (SIFT Workstation) that you can download from forensics.sans.org. You can start Autopsy by clicking on the magnifying glass in the upper right corner.

Step 1 - Start the Autopsy

...