Autopsy User Documentation  4.17.0
Graphical digital forensics platform for The Sleuth Kit and other tools.
File Search

Table of Contents

About File Search

The File Search tool can be accessed either from the Tools menu or by right-clicking on a data source node in the Data Explorer / Directory Tree. By using File Search, you can specify, filter, and show the directories and files that you want to see from the images in the currently opened case. The File Search results will be populated in a brand new Table Result viewer on the right-hand side.

Note: Currently File Search doesn't support regular expressions. The Keyword Search feature of Autopsy does support regular expressions and can be used for to search for files and/or directories by name.

How To Open File Search

To open the File Search, you can do one of the following thing: Right-click a data source and choose "Open File Search by Attributes".

open-file-search-component-1.PNG

or select the "Tools", "File Search by Attributes".

open-file-search-component-2.PNG

How To Use File Search

There are several categories that you can use to filter and show the directories and files within the images in the current opened case. The categories are:

Here's a contrived example where we try to get all the directories and files whose name contains "hello", has a size greater than 1000 Bytes, is in JPEG format, was created between 06/01/2018 and 06/08/2017 (in GMT-5 timezone), is an unknown file, has a hash of 1127F348BD4303A4C3D1D587C807B49F, and appears in data source "image3.vhd":

example-of-file-search.PNG

Copyright © 2012-2021 Basis Technology. Generated on Tue Jan 19 2021
This work is licensed under a Creative Commons Attribution-Share Alike 3.0 United States License.