Autopsy User Documentation  4.0
Graphical digital forensics platform for The Sleuth Kit and other tools.
File Search

About File Search

The File Search tool can be accessed either from the Tools menu or by right-clicking on a data source node in the Data Explorer / Directory Tree. By using File Search, you can specify, filter, and show the directories and files that you want to see from the images in the currently opened case. The File Search results will be populated in a brand new Table Result viewer on the right-hand side. Currently, Autopsy only supports 4 categories in File Search: Name, Size, Date, and Known Status based search.

Note: Currently File Search doesn't support regular expressions. The Keyword Search feature of Autopsy does support regular expressions and can be used for to search for files and/or directories by name.

How To Open File Search

To open the File Search, you can do one of the following thing: Right-click a data source and choose "Open File Search by Attributes".

open-file-search-component-1.PNG

or select the "Tools", "File Search by Attributes".

open-file-search-component-2.PNG

How To Use File Search

Currently, there are 4 categories that you can use to filter and show the directories and files within the images in the current opened case. The categories are:

Here's an example where we try to get all the directories and files whose name contains "hello", has a size greater than 1000 Bytes,was created between 06/15/2010 and 06/16/2010 (in GMT-5 timezone), and is an unknown file:

example-of-file-sarch.PNG

Copyright © 2012-2015 Basis Technology. Generated on Wed Apr 6 2016
This work is licensed under a Creative Commons Attribution-Share Alike 3.0 United States License.