How to use Autopsy for Digital Forensics Analysis

Open Autopysy

When you select autopsy, it will open a prompt where you see a program information, the version number listed as 2.24 with the path to the Evidence Locker folder as /var/lib/autopsy and an address http://localhost:9999/autopsy to open it on a web browser.

Create a New Case

There will be three options on the home page: ‘OPEN CASE’, NEW CASE’, ‘HELP’

Creating a Image File

We need to import an image file of the system we want to investigate. Creating this image file is the first step of forensic investigation. The reason for doing this is analysis cannot be conducting on an original storage device. A disk Image can be defined as a file that stores the contents and structure of a data storage device such as a hard drive, CD drive, phone, tablet, RAM, or USB. This image file can be taken locally or remotely.

The Case Management Prompt

Now we have successfully imported the file for investigation. Let’s check the integrity by selecting an option ‘IMAGE INTEGRITY’.

File Analysis

Let’s click on ‘ANALYZE’.



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Irfan Shakeel

Irfan Shakeel


Cyber security researcher @InfosecEdu @Alienvault #Tech writer @HuffingtonPost @developerWorks Author of 7-Weeks OSINT Program. CEO & Founder of @ehackingdotnet