sleuthkit/autopsy sleuthkit/autopsy

  • Stars
    star
    2,019
  • Rank 22,918 (Top 0.5 %)
  • Language
    Java
  • Created about 13 years ago
  • Updated about 1 year ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
sleuthkit/autopsy
github

sleuthkit

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Autopsy® is a digital forensics platform and graphical interface to The Sleuth Kit® and other digital forensics tools. It can be used by law enforcement, military, and corporate examiners to investigate what happened on a computer. You can even use it to recover photos from your camera's memory card. 
Autopsy 4
http://www.sleuthkit.org/
March 15, 2016


OVERVIEW

Autopsy is a graphical interface to The Sleuth Kit and other open source digital forensics tools. 
Autopsy 3 was a complete rewrite from Autopsy 2 to make it Java-based.
Autopsy 4 improves on Autopsy 3 by supporting collaboration on a single case by multiple users.     

Although Autopsy is designed to be cross-platform (Windows, Linux, MacOSX), the current version is fully functional and fully tested only on Windows. 
We have run it on XP, Vista, and Windows 7 with no problems. 

Autopsy 4 is released under the Apache 2.0 license.
Some libraries Autopsy uses may have different, but similar, open source licenses. 


INSTALLATION

For a Windows installation, all Autopsy dependencies are bundled with the installer provided.
There is no need for manual installation of additional dependencies if the Windows installer is used.

If you want the Japanese localized version, you must have the Japanese language pack (http://support.microsoft.com/kb/972813) installed and the default locale set to JA. (http://windows.microsoft.com/en-us/windows/change-system-locale#1TC=windows-7).


SUPPORT

There is a built-in help system in Autopsy once you get it started.  There is also a QuickStart Guide that comes with the installer.

Send any bug reports or feature requests to the sleuthkit-users e-mail list.
    http://www.sleuthkit.org/support.php


LICENSE

The Autopsy code is released under the Apache License, Version 2.  See LICENSE-2.0.txt for details.


EMBEDDED SOFTWARE

This section lists the software components and libraries that are used by 
Autopsy.   These tools are bundled with the Windows installer, unless specified otherwise.

JRE (Java Runtime Environment) 17
- Web page: https://www.oracle.com/java/technologies/downloads/#java17
- License: https://www.oracle.com/a/tech/docs/jdk17-lium.pdf

Netbeans 15 RCP platform and .jar files bundled with the platform
- Web page: https://netbeans.apache.org/
- License: https://www.apache.org/licenses/LICENSE-2.0

Sleuth Kit for analyzing disk images.
- Web page: http://www.sleuthkit.org/sleuthkit/
- License: http://sleuthkit.org/sleuthkit/licenses.php

Libewf for opening E01 files
- Web page: https://github.com/libyal/libewf
- License: http://www.gnu.org/licenses/lgpl.html

zlib for opening E01 files
- Web page: http://zlib.net/
- License: http://zlib.net/zlib_license.html

Solr (including Lucene and TIKA) for keyword search
- Web page: http://projects.apache.org/projects/solr.html
- License: http://www.apache.org/licenses/LICENSE-2.0

GStreamer for viewing video files
- Web page: http://gstreamer.freedesktop.org/
- License: http://www.gnu.org/licenses/lgpl.html

GStreamer 1.x Java Core for viewing video files
- Web page: https://github.com/gstreamer-java/gst1-java-core
- License: https://github.com/gstreamer-java/gst1-java-core/blob/master/LICENSE.md

Regripper for pulling recent activity
(Including custom plugins)
- Web page: http://regripper.wordpress.com/
- License: http://www.gnu.org/licenses/gpl.html

Pasco2 for pulling Internet Explorer activity
- Web page: http://sourceforge.net/projects/pasco2/
- License: http://www.gnu.org/licenses/gpl.html

Jericho for extracting content from HTML files
- Web page: http://jerichohtml.sourceforge.net/
- License: http://www.gnu.org/copyleft/lesser.html

Advanced installer 9 (Freeware)
(not embedded in Autopsy, but used to generate Autopsy installer.)
- Web page: http://www.advancedinstaller.com/

Metadata Extractor 2.6.2 for extracting Exif metadata
- Web page: http://www.drewnoakes.com/code/exif/
- License: http://www.apache.org/licenses/LICENSE-2.0

Reflections 0.9.8 for ingest module loading
- Web page: http://code.google.com/p/reflections 
- License: http://en.wikipedia.org/wiki/WTFPL

Sigar for process monitoring
- Web page: http://support.hyperic.com/display/SIGAR/Home
- License: http://support.hyperic.com/display/SIGAR/Home#Home-license

7Zip and 7Zip java bindings for 7Zip extractor module
- Web page: http://sevenzipjbind.sourceforge.net/
- License: http://sourceforge.net/directory/license:lgpl/

ImgScalr 4.2 for image resizing in image viewers
- Web page: http://www.thebuzzmedia.com/software/imgscalr-java-image-scaling-library/
- License: http://www.thebuzzmedia.com/software/imgscalr-java-image-scaling-library/#license

ControlsFX JavaFX GUI library
- Web page: http://fxexperience.com/controlsfx/
- License: https://bitbucket.org/controlsfx/controlsfx/src/default/license.txt?fileviewer=file-view-default

JFXtras JavaFX GUI library
- Web page: http://jfxtras.org/
- License: https://github.com/JFXtras/jfxtras#license

Mustache.java templating system
- Web page: https://github.com/spullara/mustache.java
- License: https://github.com/spullara/mustache.java/blob/master/LICENSE

Joda-Time date and time library
- Web page: http://www.joda.org/joda-time/
- License: http://www.joda.org/joda-time/license.html

TwelveMonkeys ImageIO plugins
- Web page: https://github.com/haraldk/TwelveMonkeys
- License: https://github.com/haraldk/TwelveMonkeys#license


EMBEDDED RESOURCES

This section lists other resources, such as icons, that are used by Autopsy.   

FAMFAMFAM Silk Icons v1.3
- Web page: http://www.famfamfam.com/lab/icons/silk/
- License: http://creativecommons.org/licenses/by/3.0/

Fugue Icons v3.5.6
- Web page: http://p.yusukekamiyamane.com/
- License: http://creativecommons.org/licenses/by/3.0/

WebHostingHub Glyphs
- Web page: http://www.webhostinghub.com/glyphs/
- License: http://creativecommons.org/licenses/by/3.0/

Splashy Icons (free as in free) 
- Web page: http://splashyfish.com/icons/

More Repositories

1

sleuthkit

The Sleuth Kit® (TSK) is a library and collection of command line digital forensics tools that allow you to investigate volume and file system data. The library can be incorporated into larger digital forensics tools and the command line tools can be directly used to find evidence.
C
2,349
star
2

scalpel

Scalpel is an open source data carving tool. It is not being actively maintained.
Shell
564
star
3

autopsy_addon_modules

Repo to store compiled modules or links to 3rd party add-on modules.
Python
332
star
4

hadoop_framework

This is a prototype system that uses Hadoop to process hard drive images.
Java
48
star
5

libewf_64bit

Copy of the libewf source code that is configured for a 64-bit MS Visual Studio build.
C
13
star
6

libvhdi_64bit

64-bit / VS 2015 version of libvhdi (https://github.com/libyal/libvhdi)
C
5
star
7

libvmdk_64bit

64-bit / VS 2015 version of libvmdk (https://github.com/libyal/libvmdk)
C
4
star
8

JavaStixBindings

We needed some jaxb bindings for STIX for an Autopsy module. This is temporary code until the official MITRE Java bindings are published.
Java
4
star
9

sleuthkit.github.com

website
2
star