Autopsy (GUI) in Linux

Hello world. This is a short writeup of Autopsy(GUI) in Kali workstation

Download Autopsy from → https://www.autopsy.com/download/

Run Autopsy as root

It prompts a program information, the version number listed as 2.24 with the path to the Evidence Locker folder as /var/lib/autopsy and an address http://localhost:9999/autopsy to open it on a web browser.

The autopsy web-browser

After clicking on http://localhost:9999/autopsy , it will be redirected to the home page of autopsy. This tool is running on our local web server accessing the port 9999.

If the port is somehow not free, run : fuser -k 9999/tcp . This will kill any process running in port 9999

Creating a new case

There will be three options on the home page: ‘OPEN CASE’, NEW CASE’, ‘HELP’

For forensic investigation, we need to create a new case and arrange all the information and evidences. Select ‘NEW CASE’ and fill the necessary details

After filling the details click on New Case and Click on add host after then

This shows the destination where the case file will be stored i.e. /var/lib/autopsy/Diskimg_analysis/ , and the destination where its configuration file will be stored i.e. /var/lib/autopsy/Diskimg_analysis/case.aut

Adding the Host

After clicking on add host , fill the required details

After then, click on ADD HOST

Add Image