autopsy - Online in the Cloud

This is the command autopsy that can be run in the OnWorks free hosting provider using one of our multiple free online workstations such as Ubuntu Online, Fedora Online, Windows online emulator or MAC OS online emulator

PROGRAM:

NAME


autopsy - Autopsy Forensic Browser

SYNOPSIS


autopsy [-c] [-C] [-d evid_locker ] [-i device filesystem mnt ] [-p port ] [addr]

DESCRIPTION


By default, autopsy starts the Autopsy Forensic Browser server on port 9999 and and
accepts connections from the localhost. If -p port is given, then the server opens on
that port and if addr is given, then connections are only accepted from that host. When
the -i argument is given, then autopsy goes into live analysis mode.

The arguments are as follows:

-c Force the program to use cookies even for localhost.

-C Force the program to not use cookies even for remote hosts.

-d evid_locker
Directory where cases and hosts are stored. This overrides the LOCKDIR value in
conf.pl. The path must be a full path (i.e. start with /).

-i device filesystem mnt
Specify the information for the live analysis mode. This can be specified as many
times as needed. The device field is for the raw file system device, the
filesystem field is for the file system type, and the mnt field is for the mounting
point of the file system.

-p port
TCP port for server to listen on.

addr IP address or host name of where investigator is located. If localhost is used,
then 'localhost' must be used in the URL. If you use the actual hostname or IP, it
will be rejected.

When started, the program will display a URL to paste into an HTML browser. The browser
must support frames and forms. The Autopsy Forensic Browser will allow an investigator
to analyze images generated by dd(1) for evidence. The program allows the images to be
analyzed by browsing files, blocks, inodes, or by searching the blocks. The program also
generates Autopsy reports that include collection time, investigators name, and MD5 hash
values.

VARIABLES


The following variables can be set in conf.pl.

USE_STIMEOUT
When set to 1 (default is 0), the server will exit after STIMEOUT seconds of
inactivity (default is 3600). This setting is recommended if cookies are not used.
BASEDIR
Directory where cases and forensic images are located. The images must have simple
names with only letters, numbers, '_', '-', and '.'. (See FILES).
TSKDIR
Directory where The Sleuth Kit binaries are located.
NSRLDB
Location of the NIST National Software Reference Library (NSRL).
INSTALLDIR
Directory where Autopsy was installed.
GREP_EXE
Location of grep(1) binary.
STRINGS_EXE
Location of strings(1) binary.

Use autopsy online using onworks.net services



Latest Linux & Windows online programs