# sleuthkit/autopsy

**Attribution required: if you use, quote, or summarise this content, you must credit and link back to [awesome-repositories.com](https://awesome-repositories.com/repository/sleuthkit-autopsy).**

3,015 stars · 650 forks · Java

## Links

- GitHub: https://github.com/sleuthkit/autopsy
- Homepage: http://www.sleuthkit.org/autopsy/
- awesome-repositories: https://awesome-repositories.com/repository/sleuthkit-autopsy.md

## Topics

`forensics` `java`

## Description

Autopsy is a digital forensic analysis platform and evidence management suite used to process disk images and file systems. It provides a graphical interface for performing deep forensic examinations of computer hard drives to identify and extract digital artifacts for investigations.

The platform is built as a Java-based forensic framework that integrates native libraries to perform direct disk image analysis. It utilizes a modular architecture, allowing for the extension of data ingestion and report generation through the use of plugins.

The system manages digital evidence within a centralized workspace, organizing forensic metadata and analysis results across multiple case files. It covers broad capability areas including digital evidence management, forensic tool customization, and the automation of data workflows.

## Tags

### Security & Cryptography

- [Digital Forensics and Incident Response Platforms](https://awesome-repositories.com/f/security-cryptography/digital-forensics-and-incident-response-platforms.md) — Provides a comprehensive platform for analyzing disk images and identifying digital evidence for forensic investigations.
- [Digital Forensics and Analysis](https://awesome-repositories.com/f/security-cryptography/security/utilities/security-tools/digital-forensics-analysis.md) — Provides a graphical interface for the deep-dive investigation, extraction, and analysis of digital evidence. ([source](http://www.sleuthkit.org/autopsy/docs/api-docs/))
- [Forensic Workspace Management](https://awesome-repositories.com/f/security-cryptography/vulnerability-assessment-testing/digital-forensics/forensic-workspace-management.md) — Provides a centralized workspace for organizing and analyzing recovered data from multiple disk images.
- [Forensic Report Modules](https://awesome-repositories.com/f/security-cryptography/security-report-generation/forensic-report-modules.md) — Provides modular report generation that separates data analysis from output formatting.
- [Forensic Tools](https://awesome-repositories.com/f/security-cryptography/security/utilities/security-tools/digital-forensics-analysis/forensic-tools.md) — Allows the development of custom plugins and modules to automate data ingestion and reporting for forensic tools.

### Part of an Awesome List

- [Analysis Tools](https://awesome-repositories.com/f/awesome-lists/data/disk-imaging-tools/analysis-tools.md) — Ships a system for deep forensic examination of hard drives and raw disk images to recover digital artifacts.
- [Forensics And Artifacts](https://awesome-repositories.com/f/awesome-lists/data/forensics-and-artifacts.md) — Facilitates computer forensic investigations by searching file systems and disk images for legal or security artifacts.
- [Forensic Capability Extensions](https://awesome-repositories.com/f/awesome-lists/devtools/core-and-community-extensions/system-capability-extensions/forensic-capability-extensions.md) — Supports the creation of custom plugins to add specialized forensic data gathering capabilities. ([source](http://www.sleuthkit.org/autopsy/docs/api-docs/4.0/))
- [JNI Bridges](https://awesome-repositories.com/f/awesome-lists/devtools/native-interop/jni-bridges.md) — Uses JNI bridges to integrate low-level C and C++ forensic libraries for direct disk image analysis.

### Data & Databases

- [Case Management Databases](https://awesome-repositories.com/f/data-databases/case-management-databases.md) — Provides a centralized database to store forensic metadata and analysis results across multiple case files.
- [Metadata Databases](https://awesome-repositories.com/f/data-databases/data-governance-modeling/data-management-governance/metadata-management-systems/metadata-databases.md) — Uses a structured metadata database to maintain forensic analysis results across different user sessions.
- [Event Ingestion Pipelines](https://awesome-repositories.com/f/data-databases/event-ingestion-pipelines.md) — Utilizes an event-driven architecture to run modular ingest modules asynchronously for artifact identification.
- [Forensic Ingestion Pipelines](https://awesome-repositories.com/f/data-databases/high-throughput-ingestion-pipelines/asynchronous-ingestion-pipelines/forensic-ingestion-pipelines.md) — Implements a modular, background pipeline for ingesting and processing digital evidence from disk images.

### Software Engineering & Architecture

- [Plugin-Based Architectures](https://awesome-repositories.com/f/software-engineering-architecture/software-architecture/architectural-patterns/plugin-module-systems/modular-plugin-architectures/plugin-based-architectures.md) — Features a modular architecture allowing the extension of ingestion and reporting via predefined Java interfaces.
- [Forensic Frameworks](https://awesome-repositories.com/f/software-engineering-architecture/forensic-frameworks.md) — Implements a modular Java-based architecture that allows extending forensic data ingestion and report generation through plugins.

### System Administration & Monitoring

- [Forensic Evidence Management Suites](https://awesome-repositories.com/f/system-administration-monitoring/compliance-evidence-collection/forensic-evidence-management-suites.md) — Provides a centralized suite for organizing forensic metadata and analysis results across multiple evidence sources.

### DevOps & Infrastructure

- [Automated Data Workflows](https://awesome-repositories.com/f/devops-infrastructure/automated-data-workflows.md) — Allows development of custom plugins to automate data ingestion and result presentation workflows. ([source](http://www.sleuthkit.org/autopsy/docs/api-docs/4.19.2/))
- [Background Process Offloading](https://awesome-repositories.com/f/devops-infrastructure/workflow-run-management/asynchronous-run-launches/background-process-offloading.md) — Offloads heavy forensic data processing to background workers to keep the graphical user interface responsive.

### Programming Languages & Runtimes

- [Native Library Integrations](https://awesome-repositories.com/f/programming-languages-runtimes/language-interoperability/foreign-function-interfaces/native-library-integrations.md) — Integrates native C and C++ forensic libraries using low-level bindings for disk image analysis.