The arguments are as follows:
When started, the program will display a URL to paste into an HTML browser. The browser must support frames and forms. The Autopsy Forensic Browser will allow an investigator to analyze images generated by dd(1) for evidence. The program allows the images to be analyzed by browsing files, blocks, inodes, or by searching the blocks. The program also generates Autopsy reports that include collection time, investigators name, and MD5 hash values.
When set to 1 (default is 0), the server will exit after STIMEOUT seconds of inactivity (default is 3600). This setting is recommended if cookies are not used.BASEDIR
Directory where cases and forensic images are located. The images must have simple names with only letters, numbers, ’_’, ’-’, and ’.’. (See FILES).TSKDIR
Directory where The Sleuth Kit binaries are located.NSRLDB
Location of the NIST National Software Reference Library (NSRL).INSTALLDIR
Directory where Autopsy was installed.GREP_EXE
Location of grep(1) binary.STRINGS_EXE
Location of strings(1) binary.
The Evidence Locker is where all cases and hosts will be saved to. It is a directory that will have a directory for each case. Each case directory will have a directory for each host.<CASE_DIR>/case.aut
This file is the case configuration file for the case. It contains the description of the case and default subdirectories for the hosts.<CASE_DIR>/investigators.txt
This file contains the list of investigators that will use this case. These are used for logging only, not authentication.<HOST_DIR>/host.aut
This file is where the host configuration details are saved. It is similar to the ’fsmorgue’ file from previous versions of Autopsy. It has an entry for each file in the host and contains the host description.md5.txt
Some directories will have this file in it. It contains MD5 values for important files in the directory. This makes it easy to validate the integrity of images.
Send documentation updates to <doc-updates at sleuthkit dot org>
Table of Contents