Academic & Research
Curriculum instructors need to be able to teach digital forensics process by showing how the tools work “under the hood.” Autopsy’s hash database, keyword search, tagging, and reporting features enable instructors to focus on the forensic investigative process. Autopsy is also valuable for graduate and post-graduate research, with its modularity enabling students to develop new digital forensics functionality.
Why Open Source for Academics?
Extremely cost effective
Autopsy is free to download, use, change, develop, and use for instruction. This has two advantages:
- No need to negotiate licensing arrangements each year, as you would with commercial tools.
- Students can install the software at home as well as on school lab computers. This means they are not limited to only working in the lab that has the dongles, so they can get their work done anywhere. Moreover, they can continue to use the full featured software indefinitely even after they complete courses.
Assignment and curriculum development
Set up a sample case and distribute a copy to each student so they can follow along during a lecture or continue the investigation at home, including generating their own reports.
Students can additionally:
- Use Autopsy to write a standard procedure for analysis.
- Become part of the open source digital forensics community by identifying gaps in Autopsy’s functionality and posting feedback to the community issue tracker.
Autopsy as a Development Program
Autopsy was written to be a forensics platform that supports various types of plug-in analysis modules. If your students are interested in Python or Java programming, they can learn about analysis techniques by building modules. For example, they can learn about EXIF data in images by writing a module to detect JPEG files and parse the fields that store the camera make and model.
Similarly, your students can research new techniques by building Autopsy modules. Perhaps they are researching ways of detecting encrypted files, carving deleted files, or finding malware.
For the student, the main benefit of writing an Autopsy module versus a stand-alone program is that Autopsy takes care of handling file systems, deleted files, and the UI. The student can dedicate their focus to parsing JPEG files and executables.
By using an open source platform, students can easily distribute their work and become contributors to the community. To get them started, developer documentation outlines step-by-step instructions on how to create modules.