Autopsy software is digital forensic software that forensic investigators and law enforcement agencies can use to analyze and investigate digital evidence obtained from electronic devices such as computers, smartphones, tablets, and other storage media.

Autopsy software provides tools and features for examining and extracting data from digital devices in a forensically sound manner. It allows investigators to search for files, recover deleted data, analyze metadata, view file contents, and generate reports detailing their findings.

Some typical features of autopsy software include:

•     Disk Imaging: Creating a forensic image of the storage media to preserve the original evidence.

•     File Recovery: Identifying and recovering deleted or hidden files from the disk image.

•     Keyword Search: Searching for specific terms or keywords within the digital evidence.

•     File Analysis: Analyzing file metadata and contents to extract information relevant to the investigation.

•     Timeline Analysis: Creating a timeline of events based on file creation, modification, and access timestamps.

•     Hashing and Integrity Checking: Calculating hash values to ensure the integrity of the evidence and verify its authenticity.

•     Reporting: Generating detailed reports summarizing the findings of the forensic analysis.

Autopsy software plays a crucial role in digital forensic investigations by helping investigators collect, preserve, and analyze evidence to support legal proceedings, such as criminal prosecutions or civil litigation.

Autopsy is a powerful utility and can do a lot. We will focus on the basics of what it can do:

• Creating a new case

• Adding a data source

• View data

  • Delete files

  • By size

  • By type

  • Email addresses

  • Timeline

• Keyword search

• Hash Analysis

• Report