Autopsy is a digital forensics program for Windows developed to analyze RAW or E01 disk images, local drives, and directories to ascertain potential causes of an event. It features support for a wide range of file system types, including NTFS, FAT, HFS, Ext2, Ext3, and UFS.

Start new case

With the aid of the included wizards, you can initiate a new case by simply clicking on the Next button. Various analysis modules are available for selection. It is possible to present information on recent actions, conduct hash lookups, extract archives, parse EXIF images, and more.

A key benefit of this utility lies in the incorporation of the ingest method. Basically, it allows analysis results to be accessible as they are generated in real time. This eliminates the need to wait for the entire process to conclude first.

Digital forensics tools

Hash lookup operations are designed to identify malware files and other issues requiring attention. The program conducts this procedure across various formats. Relying on Apache Solr, the keyword search module empowers you to define strings and offers support for regular expressions.

The software also serves for the extraction of URLs, bookmarks, and downloaded files from browsers. It enables the viewing of installed applications, analysis of the registry, and retrieval of email addresses and IDs associated with connected devices.

Features

free to download and use;
compatible with modern Windows versions;
allows you to investigate computer events;
you can analyze disk images and drives;
it is possible to extract email addresses.