Cyber Triage Autopsy Importer

What Does It Do

The importer allows you to open a Cyber Triage incident in Autopsy.


In order to give Autopsy the ability to open Cyber Triage incidents, you must first install the Cyber Triage Autopsy Importer plugin in Autopsy. First, go to the Integrations tab in the Options panel.

Click the ‘Export Plugin’ button, and select a directory to export the plugin file.

Close Cyber Triage and open Autopsy. In Autopsy, go to the ‘Plugins’ menu under ‘Tools’.

Go to the ‘Downloaded’ tab, and click ‘Add Plugins…’.

Select the plugin and click ‘Install’.

Data Folder

You may wish to configure the Data Folder so that Autopsy can find Cyber Triage file content. Select the ‘Options’ menu option from the ‘Tools’ menu, and go to the ‘Cyber Triage’ tab.

Ensure that the Data Folder is the same in Cyber Triage. For a typical install, the Data Folder will be located at ‘C:\Users\\AppData\Local\cybertriage’.

Viewing a Cyber Triage Incident in Autopsy

From the incident dashboard, select the ‘All Items in Autopsy Case’ menu option, and select your Autopsy cases directory. This will generate a directory for the case along with the Autopsy case file.

Close Cyber Triage, and open Autopsy. From Autopsy, you should now be able to open the exported case.

Supported Functionality

At this time, the following functionality is supported:

  • See Cyber Triage data From Standard in Autopsy
  • Perform Keyword search in Autopsy
  • View Timeline in Autopsy
Capability Supported 
See Cyber Triage data From Standard in Autopsy Yes (as of 3.8)
See Cyber Triage data from Team in Autopsy No
See Autopsy-created data in Cyber Triage Partial (as of 3.8)
Keyword search in Autopsy Yes (as of 3.8)
Timeline in Autopsy Yes (as of 3.8)
Run Autopsy and Cyber Triage simultaneously No