Autopsy User Documentation
4.9.1
Graphical digital forensics platform for The Sleuth Kit and other tools.
|
The File Search tool can be accessed either from the Tools menu or by right-clicking on a data source node in the Data Explorer / Directory Tree. By using File Search, you can specify, filter, and show the directories and files that you want to see from the images in the currently opened case. The File Search results will be populated in a brand new Table Result viewer on the right-hand side.
Note: Currently File Search doesn't support regular expressions. The Keyword Search feature of Autopsy does support regular expressions and can be used for to search for files and/or directories by name.
To open the File Search, you can do one of the following thing: Right-click a data source and choose "Open File Search by Attributes".
or select the "Tools", "File Search by Attributes".
There are several categories that you can use to filter and show the directories and files within the images in the current opened case. The categories are:
Here's a contrived example where we try to get all the directories and files whose name contains "hello", has a size greater than 1000 Bytes, is in JPEG format, was created between 06/01/2018 and 06/08/2017 (in GMT-5 timezone), is an unknown file, has a hash of 1127F348BD4303A4C3D1D587C807B49F, and appears in data source "image3.vhd":
Copyright © 2012-2018 Basis Technology. Generated on Tue Dec 18 2018
This work is licensed under a
Creative Commons Attribution-Share Alike 3.0 United States License.