Linux command
autopsy 命令
文本
复制后可按需替换文件名、目录或参数。
常用示例
Start
autopsy
Example
autopsy -p [9999]
Example
autopsy [localhost]
Example
autopsy -d [path/to/locker]
说明
autopsy is a graphical interface for The Sleuth Kit forensic analysis tools. It starts a local web server and provides a browser-based interface for disk analysis, file recovery, and forensic investigation. The tool allows examiners to analyze file systems, recover deleted files, create timelines, and search for evidence without command-line knowledge.
参数
- -p _port_
- HTTP server port (default: 9999)
- -c
- Force cookie inclusion in URL (even for localhost)
- -C
- Force no cookie in URL
- -d _dir_
- Specify evidence locker directory (overrides default)
- -i _device filesystem mnt_
- Enable live analysis mode (specify device, filesystem type, and mount point)
FAQ
What is the autopsy command used for?
autopsy is a graphical interface for The Sleuth Kit forensic analysis tools. It starts a local web server and provides a browser-based interface for disk analysis, file recovery, and forensic investigation. The tool allows examiners to analyze file systems, recover deleted files, create timelines, and search for evidence without command-line knowledge.
How do I run a basic autopsy example?
Run `autopsy` in a terminal, then adjust file names, paths, flags, or remote targets for your system.
What does -p _port_ do in autopsy?
HTTP server port (default: 9999)