Sleuth Kit and Autopsy

Sleuth Kit and Autopsy are investigation tools for Digital Forensics. Autopsy Forensics Browser is a graphical interface to the command line digital investigation analysis tool in Sleuth Kit. Similar other Disk Assay tools like Photo Rec and Foremost, this tool will exist used for recovering the lost files from the file arrangement. It can be run both in Windows and Linux. First download the files from the website.

1. Autopsy

ii. Sleuth Kit

Later the download extract the files into a directory.

ane. Beginning get into the Sleuth Kit directory.

2. Run the configure file. P.S: This should exist run without any errors

3. Then run the brand command. This may have some time 🙂

4. Then type brand install, yous should be a super user to run this command

shankie@ubuntu:~/Desktop/Download/Tools$ cd sleuthkit-4.0.1/ shankie@ubuntu:~/Desktop/Download/Tools/sleuthkit-4.0.ane$ ./configure shankie@ubuntu:~/Desktop/Download/Tools$ make shankie@ubuntu:~/Desktop/Download/Tools/sleuthkit-4.0.1$ sudo make install

Sleuth Kit Configuration is finished next moving to Autopsy,

1. Get into the dissection folder

two. Run the configure file. If you run it, it will prompt for the NIST NSR library hash file configuration and printing no for it. Side by side prompt will be regarding the Evidence Locker directory path. Dissection saves the configuration files, logs, output everything in this directory. Create a directory of your own proper noun and provide it' path proper name in the prompt. I am creating a directory with proper noun  "Evidence_Locker" in my habitation directory.

                  shankie@ubuntu:~/Desktop/Download/Tools$ cd dissection-two.24/ shankie@ubuntu:~/Desktop/Download/Tools/autopsy-2.24$ ./configure

3. Creating the Show Locker binder. P.S:

                  shankie@ubuntu:~$ mkdir Evidence_Locker shankie@ubuntu:~/Evidence_Locker$ pwd /habitation/shankie/Evidence_Locker

P.Due south: Paste your path proper name of the directory in the prompt. This is mine :p

                  Enter the directory that you want to apply for the Evidence Locker:  /home/shankie/Evidence_Locker

Yep, you lot are done with the installation office! Will execute and see what happens!

                  shankie@ubuntu:~/Desktop/Download/Tools/autopsy-2.24$ ./dissection  ============================================================================  Autopsy Forensic Browser  http://www.sleuthkit.org/autopsy/  ver two.24  ============================================================================  Show Locker: /dwelling/shankie/Evidence_Locker  Kickoff Fourth dimension: Fri November xvi 12:02:32 2022  Remote Host: localhost  Local Port: 9999  Open an HTML browser on the remote host and paste this URL in it:  http://localhost:9999/autopsy  Keep this process running and use <ctrl-c> to exit

There you lot go, paste the URL in your browser. Should come like this in your browser