autopsy

Start Autopsy server

$ autopsy

$ autopsy -p [9999]

$ autopsy [localhost]

$ autopsy -d [path/to/locker]

autopsy [-c] [-C] [-d evidlocker] [-i device filesystem mnt] [-p port] [addr_]

autopsy is a graphical interface for The Sleuth Kit forensic analysis tools. It starts a local web server and provides a browser-based interface for disk analysis, file recovery, and forensic investigation.
The tool allows examiners to analyze file systems, recover deleted files, create timelines, and search for evidence without command-line knowledge.

-p port

HTTP server port (default: 9999)

Force cookie inclusion in URL (even for localhost)

Force no cookie in URL

Specify evidence locker directory (overrides default)

Enable live analysis mode (specify device, filesystem type, and mount point)

IP address or hostname restricting which client can connect

- File system analysis
- Deleted file recovery
- Timeline creation
- Keyword searching
- Hash filtering
- Image mounting

For authorized forensic investigation only. Web interface requires browser. Legacy version (v2); Autopsy 4 is a standalone Java desktop application. The Sleuth Kit tools must be installed.

Autopsy was created by Brian Carrier as a web-based front-end for The Sleuth Kit, first released in 2001. Version 4 (2015) moved to a Java desktop application.

sleuthkit(1), foremost(1), bulk_extractor(1)