Introduction to Autopsy

An autopsy is an open-source digital forensics tool developed by Basis Technology, first released in 2000. It is a free-to-use and quite efficient tool for hard drive investigation with features like multi-user cases, timeline analysis, registry analysis, keyword search, email analysis, media playback, EXIF analysis, malicious file detection, and much more.

It can analyze Windows and UNIX disks and file systems such as (NTFS, FAT, Ext 2/3, etc.)

Features of Autopsy

Multi-User Cases	-	Collaborate with fellow examiners on large cases.
Timeline Analysis	-	Displays system events in a graphical interface to help identify activity.
Keyword Search	-	Text extraction and index searched modules enable you to find files that mention specific terms and find regular expression patterns.
Web Artifacts	-	Extracts web activity from common browsers to help identify user activity.
Registry Analysis	-	Uses RegRipper to identify recently accessed documents and USB devices.
LNK File Analysis	-	Identifies shortcuts and accessed documents
Email Analysis	-	Parses MBOX format messages, such as Thunderbird.
EXIF	-	Extracts geolocation and camera information from JPEG files.
Robust File System Analysis	-	Support for common file systems, including NTFS, FAT12/FAT16/FAT32/ExFAT, HFS+, ISO9660 (CD-ROM), Ext2/Ext3/Ext4, Yaffs2.
Thumbnail Viewer	-	Displays thumbnails of images to help quick view pictures.
Unicode Strings Extraction	-	Extracts strings from unallocated space and unknown file types in many languages
Hash Set Filtering	-	Displays thumbnails of images to help quick view pictures.
File Type Detection	-	based on signatures and extension mismatch
Android Support	-	Extracts data from SMS, call logs, contacts, Tango, Words with Friends, and more.

You might be interested in, 

• Autopsy - Installation
• Autopsy - Create New Case

We hope this helps. If any suggestions or doubts you can add a comment and we will reply as soon as possible.