Autopsy

From Notes_Wiki

Home > CentOS > CentOS 6.x > Recovery tools > Autopsy

autopsy comes preinstalled with kali linux. With autopsy we can create a symlink of partition and see its deleted files. The deleted files can then be recovered using its web interface. After autopsy is started it generally provides a web interface at http://localhost:9999/autopsy. Using the web interface we can create a new case and a new disk image (symlink without calculating hash). Then the image can be analyzed for deleted files.


Home > CentOS > CentOS 6.x > Recovery tools > Autopsy

Retrieved from "http://www.sbarjatiya.com/notes_wiki/index.php?title=Autopsy&oldid=6944"