License / Price: Free ware
File size: 447
Developer: Basis Technology and an open source community
OS: Linux and OS X
Below is the list of Autopsy features.
- Multi-User Cases: Collaborate with fellow examiners on large cases.
- Timeline Analysis: Displays system events in a graphical interface to help identify activity.
- Keyword Search: Text extraction and index searched modules enable you to find files that mention specific terms and find regular expression patterns.
- Web Artifacts: Extracts web activity from common browsers to help identify user activity.
- Registry Analysis: Uses RegRipper to identify recently accessed documents and USB devices.
- LNK File Analysis: Identifies short cuts and accessed documents
- Email Analysis: Parses MBOX format messages, such as Thunderbird.
- EXIF: Extracts geo location and camera information from JPEG files.
- File Type Sorting: Group files by their type to find all images or documents.
- Media Playback: View videos and images in the application and not require an external viewer.
- Thumbnail viewer: Displays thumbnail of images to help quick view pictures.
- Robust File System Analysis: Support for common file systems, including NTFS, FAT12/FAT16/FAT32/ExFAT, HFS+, ISO9660 (CD-ROM), Ext2/Ext3/Ext4, Yaffs2, and UFS from The Sleuth Kit.
- Hash Set Filtering: Filter out known good files using NSRL and flag known bad files using custom hashsets in Hash Keeper, md5sum, and EnCase formats.
- Tags: Tag files with arbitrary tag names, such as ‘bookmark’ or ‘suspicious’, and add comments.
- Unicode Strings Extraction: Extracts strings from unallocated space and unknown file types in many languages (Arabic, Chinese, Japanese, etc.).
- File Type Detection based on signatures and extension mismatch detection.
- Interesting Files Module will flag files and folders based on name and path.
- Android Support: Extracts data from SMS, call logs, contacts, Tango, Words with Friends, and more.