Running Autopsy 3 Digital Forensics Platform on WinFE Lite for Triage Forensics


Blog

circle_hash

Windows Forensics Environment (WinFE) is a bootable operating system environment that can be used for forensic examinations. It provides a live boot environment that allows you to examine a suspect computer in a forensically sound way. We thought it would be a good exercise to determine if Autopsy 3 could run in this environment.

As it turns out, Autopsy 3 works pretty well out of the box in WinFE Lite, making it a good choice for doing triage analysis. WinFE Lite is build of WinFE.

Due to some dependencies in Autopsy that aren’t available in the WinFE Lite environment, not all functionality exists. Specifically, you will be unable to view videos or open zip files.

The instructions for installing and running Autopsy 3 in WinFE Lite on the SleuthKitWiki. Both WinFE Lite and Autopsy 3 are free tools that can provide a powerful triage forensics environment with a little pre-work. Having a bootable device with these tools on it, can be an invaluable resource to any investigator.

 

[rb_sharing facebook=”true” twitter=”true” google=”true” pinterest=”true” width=”1/1″ el_position=”first last”]