autopsy

Start Autopsy server

$ autopsy

$ autopsy -p [8080]

$ autopsy -b

autopsy [-p port] [-b]

autopsy is a graphical interface for The Sleuth Kit forensic analysis tools. It provides a web-based browser interface for disk analysis, file recovery, and forensic investigation.
The tool allows examiners to analyze file systems, recover deleted files, create timelines, and search for evidence without command-line knowledge.

-p port

HTTP server port (default: random)

Open browser automatically

- File system analysis
- Deleted file recovery
- Timeline creation
- Keyword searching
- Hash filtering
- Image mounting

For authorized forensic investigation only. Web interface requires browser. Legacy version; Autopsy 4 is a standalone Java application. The Sleuth Kit tools must be installed.

Autopsy was created by Brian Carrier as a web-based front-end for The Sleuth Kit, first released around 2003. Version 4 (2014) moved to a Java desktop application.

sleuthkit(1), foremost(1), photorec(1)