2.6 - Autopsy Forensics #
Autopsy is the premier end-to-end open source digital forensics platform. Built by Basis Technology with the core features you expect in commercial forensic tools, Autopsy is a fast, thorough, and efficient hard drive investigation solution that evolves with your needs.
2.6.1 Lab Objectives #
By the end of this lab you should be able to:
- Install Autopsy Forensics.
- Change configuration if required to run on 4K monitors.
- Download and install additional python plugins.
2.6.2 Installing Autopsy #
You can download Autopsy directly from the website and grab the latest version 4.20.0 for Windows.
Use winget: winget install SleuthKit.Autopsy
2.6.3 Running Autopsy on 4k monitors #
If you run Autopsy on a 4k monitor you will notice that everything is quite tiny. You can fix this by right clicking on the Autopsy icon and selecting properties, and “Change high DPI settings” to System (Enhanced).
While you are there I recommend selecting “Run this program as an administrator” and saving your changes.
2.6.4 Other tweaks #
Open Autopsy and then go to Tools > Options.
Application #
- You can increase the Maximum JVM Memory for your system. I have 32GB available and set the Maximum to 14GB*.
View #
- When displaying times - I set this to GMT
- Maximum number of Results to show in table - This is essentially pagination (how many results per page in the results table). I like to scroll so I set this to zero.
2.6.5 Adding Python Plugins #
These plugins greatly increase the number of ingest parsers that can run by Autopsy: https://github.com/markmckinnon/Autopsy-Plugins.
- Clone or download the repository to your local machine.
- Open Autopsy.
- Go to Tools > Python Plugins.
- This will open the directory where the plugins should reside - C:\Users\username\AppData\Roaming\autopsy\python_modules.
- Make sure that the plugins are copied directly into the folder and you don’t copy the higher level directory first.
You should see the plugin folder directly in the python_modules folder as shown above.