12

Autopsy Forensic Browser

Autopsy and The Sleuth Kit go hand in hand. Both were created by Brian Carrier. The Sleuth Kit is a powerful suite of Command-Line Interface (CLI) forensic tools, whereas Autopsy is the Graphical User Interface (GUI; pronounced gooey) that sits on top of The Sleuth Kit and is accessed through a web browser. The Sleuth Kit supports disk image file types, including Raw Data Dump (DD), EnCase (.01), and Advanced Forensic Format (AFF).

The Sleuth Kit uses CLI tools to perform the following tasks:

  • Find and list allocated and unallocated (deleted) files, and even files hidden by rootkits
  • Reveal NTFS Alternate Data Streams (ADS) where files can be concealed within other files
  • List files by type
  • Display metadata information ...

Get Digital Forensics with Kali Linux - Third Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.