Sleuthkit/Autopsy Searchtools patch

What is Searchtools?

Description As the main Forensic tool I like to use Autopsy/Sleuthkit. As it is missing some features in comparison to (commercial) Windows products, I’ve decided to contribute and add some new features to Autopsy and Sleuthkit. This is done in cooperation with Brian Carrier. One of the major missing features is indexed searching. Indexed searching greatly speeds up searches for words during investigations. So Searchtools was introduced. This article describes the features. [Read More]

Sleuthkit/Autopsy Foremost patch

Adding Foremost to Autopsy

Description Author: P. Vissers Foremost is a tool which can recover data from unallocated space by user definable headers and optionally footers. It runs on most Linux distributions. I thought it would be handy to be able to integrate this into Autopsy, along with the option to edit the configuration file. Well, here is the patch. Effort has been made to respect the original format of the ‘base/autopsyfunc.pm’. Foremost 0. [Read More]