【电子取证篇】Autopsy数字取证开源软件2025年更新

Autopsy 4.22.0 is available.

Big features:

• BitLocker support.
• Ability to run with Cyber Triage.
• Lower-level libraries updates.

Important links: 

• Download the release here. 
• Get the full release notes here. 
• Download an evaluation copy of Cyber Triage here.
• Register for an intrusions webinar with Brian Carrier here.

BitLocker

If you have a BitLocker encrypted drive, you can enter the recovery key when you add the drive and Autopsy (via The Sleuth Kit) will be able to decrypt it.

Run Alongside Cyber Triage

You can now run Autopsy and Cyber Triage at the same time. This scenario would come about when investigators would first use Cyber Triage to get a basic understanding of what happened on a host, then pivot to Autopsy to perform a deeper dive.

About Cyber Triage

Cyber Triage is built by the same engineers as Autopsy. It is focused on computer intrusions and remote access. Its main benefit is the automated analysis that allows you to focus on a subset of artifacts instead of forcing you to review thousands.

Use cases include:

• Corporate security team investigating a host after an EDR alert.
• Incident response teams investigating an entire network.
• Law enforcement looking for remote access on CSAM cases in response to Trojan Defense.

You can get a free 7-day evaluation from here.

Intrusions Webinar with Brian Carrier

If you work in corporate security, Brian Carrier and Markus Schober are hosting a webinar on March 27th you might want to attend. It’s all about the attacker activity EDRs miss before the alert and how to find it.

They will cover:

• The attack life cycle.
• EDR evasion tactics.
• How attacks are detected.
• How to find pre-alert activity.

You can register here.

Download Autopsy

You can download the latest Autopsy from here.