autopsy man page on DragonFly

Man page or keyword search:  
man Server   44335 pages
apropos Keyword Search (all sections)
Output format
DragonFly logo
[printable version]

AUTOPSY(1)							    AUTOPSY(1)

NAME
       autopsy - Autopsy Forensic Browser

SYNOPSIS
       autopsy	[-c]  [-C]  [-d	 evid_locker ] [-i device filesystem mnt ] [-p
       port ] [addr]

DESCRIPTION
       By default, autopsy starts the Autopsy Forensic Browser server on  port
       9999  and  and  accepts	connections from the localhost.	 If -p port is
       given, then the server opens on that port and if addr  is  given,  then
       connections  are only accepted from that host.  When the -i argument is
       given, then autopsy goes into live analysis mode.

       The arguments are as follows:

       -c     Force the program to use cookies even for localhost.

       -C     Force the program to not use cookies even for remote hosts.

       -d evid_locker
	      Directory where cases and hosts are stored.  This overrides  the
	      LOCKDIR  value  in  conf.pl.  The path must be a full path (i.e.
	      start with /).

       -i device filesystem mnt
	      Specify the information for the live analysis mode.  This can be
	      specified	 as many times as needed.  The device field is for the
	      raw file system device, the filesystem field  is	for  the  file
	      system  type, and the mnt field is for the mounting point of the
	      file system.

       -p port
	      TCP port for server to listen on.

       addr   IP address or host name of where investigator  is	 located.   If
	      localhost is used, then 'localhost' must be used in the URL.  If
	      you use the actual hostname or IP, it will be rejected.

       When started, the program will display a URL  to	 paste	into  an  HTML
       browser.	  The  browser	must  support  frames and forms.   The Autopsy
       Forensic Browser will allow an investigator to analyze images generated
       by dd(1) for evidence.  The program allows the images to be analyzed by
       browsing files, blocks, inodes, or by searching the blocks.   The  pro‐
       gram  also  generates  Autopsy  reports	that  include collection time,
       investigators name, and MD5 hash values.

VARIABLES
       The following variables can be set in conf.pl.

       USE_STIMEOUT
	      When set to 1 (default is 0), the server will exit after	STIME‐
	      OUT  seconds  of	inactivity (default is 3600).  This setting is
	      recommended if cookies are not used.
       BASEDIR
	      Directory where cases and	 forensic  images  are	located.   The
	      images  must  have simple names with only letters, numbers, '_',
	      '-', and '.'.  (See FILES).
       TSKDIR
	      Directory where The Sleuth Kit binaries are located.
       NSRLDB
	      Location of the NIST National Software Reference Library (NSRL).
       INSTALLDIR
	      Directory where Autopsy was installed.
       GREP_EXE
	      Location of grep(1) binary.
       STRINGS_EXE
	      Location of strings(1) binary.

FILES
       Evidence Locker
	      The Evidence Locker is where all cases and hosts will  be	 saved
	      to.  It is a directory that will have a directory for each case.
	      Each case directory will have a directory for each host.

       <CASE_DIR>/case.aut
	      This file is the case configuration file for the case.  It  con‐
	      tains the description of the case and default subdirectories for
	      the hosts.

       <CASE_DIR>/investigators.txt
	      This file contains the list of investigators that will use  this
	      case.  These are used for logging only, not authentication.

       <HOST_DIR>/host.aut
	      This file is where the host configuration details are saved.  It
	      is similar to the 'fsmorgue'  file  from	previous  versions  of
	      Autopsy.	It has an entry for each file in the host and contains
	      the host description.

       md5.txt
	      Some directories will have this file in  it.   It	 contains  MD5
	      values for important files in the directory.  This makes it easy
	      to validate the integrity of images.

EXAMPLE
       # ./autopsy -p 8888 10.1.34.19

SEE ALSO
       dd(1), fls(1), ffind(1), ifind(1), grep(1), icat(1) md5(1), strings(1),

REQUIREMENTS
       The   Autopsy   Forensic	   Browser    requires	  The	 Sleuth	   Kit
       <www.sleuthkit.org/sleuthkit>

HISTORY
       autopsy first appeared in Autopsy v1.0.

LICENSE
       This software is distributed under the GNU Public License.

AUTHOR
       Brian Carrier <carrier at sleuthkit dot org>

       Send documentation updates to <doc-updates at sleuthkit dot org>

User Manuals			   MAR 2005			    AUTOPSY(1)
[top]

List of man pages available for DragonFly

Copyright (c) for man pages and the logo by the respective OS vendor.

For those who want to learn more, the polarhome community provides shell access and support.

[legal] [privacy] [GNU] [policy] [cookies] [netiquette] [sponsors] [FAQ]
Tweet
Polarhome, production since 1999.
Member of Polarhome portal.
Based on Fawad Halim's script.
....................................................................
Vote for polarhome
Free Shell Accounts :: the biggest list on the net