Autopsy User Documentation  3.1
Graphical digital forensics platform for The Sleuth Kit and other tools.
Cases

You need to create a case before you can analyze data in Autopsy. A case can contain one or more data sources (disk images, disk devices, logical files). The data sources can be from multiple drives in a single computer or from multiple computers. It's up to you.

Each case has its own directory that is named based on the case name. The directory will contain configuration files, a database, reports, and other files that modules generates. The main Autopsy case configuration file has an ".aut" extension.

Creating a Case

splashscreen.PNG

There are several ways to create a new case:

The New Case wizard dialog will open and you will need to enter the case name and base directory. A directory for the case will be created inside of the "base directory". If the directory already exists, you will need to either delete the existing directory or choose a different combination of names.

case-newcase.png

You will also be prompted for optional information, such as investigator name and case number.

After you create the case, you will be prompted to add a data source, as described in Adding a Data Source.

Opening a Case

To open a case, either:

Navigate to the case directory and select the ".aut" file.


Copyright © 2012-2015 Basis Technology. Generated on Mon Oct 19 2015
This work is licensed under a Creative Commons Attribution-Share Alike 3.0 United States License.