Autopsy is a free and open source analysis tool initially developed by Brian Carrier. Autopsy started as a Graphical User Interface for the underlying Linux-based SleuthKit toolset, but the latest release (version 3) is a standalone tool built for Windows. Autopsy can be downloaded at http://www.sleuthkit.org/autopsy/.
Autopsy is not intended to perform acquisitions of mobile devices, but can analyze the most common Android filesystems (such as YAFFS and ext). For this example, we will load a full physical image obtained via dd from an HTC Droid DNA, as outlined in Chapter 5, Extracting Data Physically from Android Devices.
Creating a case in Autopsy
On opening Autopsy, the user will be prompted to choose Create New Case, Open Recent Case ...