Digital forensics tools should be intuitive and approachable so that they can be effectively used by non-technical investigators. Autopsy 3 uses wizards to help the investigator know what the next step is, uses common navigation techniques to help them find their results, and tries to automate as much as possible to reduce errors.

Several features were added to make sure Autopsy was easy to use for non-technical users.

  • Wizards are used in several places to guide the user through common steps.
  • History is maintained so that the user can use back and forward buttons to back track after they have gone down an investigation path.
  • Previous settings are often saved with the modules so that you can more easily analyze the next image with the same settings as the last image.

Autopsy's default view is a simple interface where all of the analysis results can always be found in a single tree on the left(screen shot). When the examiner is looking for something, he should immediately review the tree. He doesn't have to dig through menus or layers of tabs to find the information.

Autopsy tries to be non-invasive with popups and messages from the background tasks that are running. The motivation for this is that you could be focusing on an investigation path based on some web activity or keyword search results. By having to deal with messages from background ingest modules, you could get distracted. The ingest inbox is where modules send messages. You can then open the inbox when you are ready to see the results, review what has been found since you last opened it, and choose which results to start focusing on.