Autopsy User Documentation  3.1
Graphical digital forensics platform for The Sleuth Kit and other tools.
Archive Extractor Module

What Does It Do

The Archive Extractor module opens ZIP, RAR, and other archive formats and sends the files from those archive files back through the ingest pipeline for analysis.

This module expands archive files to enable Autopsy to analyze all files on the system. It enables keyword search and hash lookup to analyze files inside of archives

Configuration

There is no configuration required.

Using the Module

Select the checkbox in the Ingest Modules settings screen to enable the Archive Extractor.

Ingest Settings

There are no runtime ingest settings required.

Seeing Results

Each file extracted shows up in the data source tree view as a child of the archive containing it,

zipped_children_1.PNG



and as an archive under "Views", "File Types", "Archives".

zipped_children_2.PNG

Copyright © 2012-2015 Basis Technology. Generated on Tue Jun 9 2015
This work is licensed under a Creative Commons Attribution-Share Alike 3.0 United States License.