Correlate Cases and Get Intelligence

Overview Starting with Autopsy 4.5.0, you can now determine when a file or phone number (or other artifact) was seen in a previous case. You can also be alerted when an artifact was found that was previously marked as “bad”. These features are possible because of new...

Triage Media With Autopsy 4.4.0

With the new Autopsy 4.4.0 release, we introduced some new triage features that help you more quickly answer some questions about a hard drive or smart phone. The goal of this blog is to give you an overview of the features. I’m going to cover when and how to use...

Autopsy 4.1.0 Release

Autopsy 4.1.0 has been released after a long drought. So, it has a longer list of features than usual. You can download it from sleuthkit.org. Here is a quick summary of biggish features: New list view in the timeline module.  This view adds to the existing counts...

Python Autopsy Module Tutorial #3: The Report Module

It’s time for the final Python tutorial in this series and just in time to give you a chance to write something for the OSDFCon Autopsy Module Competition. In our last two blog posts, we built Python Autopsy file ingest modules that analyzed the data sources as they...