Autopsy (GUI) in Linux

Hello world. This is a short writeup of Autopsy(GUI) in Kali workstation

Download Autopsy from → https://www.autopsy.com/download/

Run Autopsy as root

It prompts a program information, the version number listed as 2.24 with the path to the Evidence Locker folder as /var/lib/autopsy and an address http://localhost:9999/autopsy to open it on a web browser.

The autopsy web-browser

After clicking on http://localhost:9999/autopsy , it will be redirected to the home page of autopsy. This tool is running on our local web server accessing the port 9999.

If the port is somehow not free, run : fuser -k 9999/tcp . This will kill any process running in port 9999

Creating a new case

There will be three options on the home page: ‘OPEN CASE’, NEW CASE’, ‘HELP’

For forensic investigation, we need to create a new case and arrange all the information and evidences. Select ‘NEW CASE’ and fill the necessary details