ForensicsS&T enhancing the Autopsy digital forensics tool

Published 14 December 2017

Autopsy—an open-source, digital forensics platform used by law enforcement agencies worldwide to determine how a digital device was used in a crime and recover evidence—is being enhanced with the addition of several new capabilities requested by law enforcement.

Nearly every crime committed today involves digital media – such as computers and cell phones. In most cases, these devices contain vital evidence, including call logs, location information, text and email messages, images, and audio and video recordings that could help law enforcement investigators close a case. At the same time, the types and sizes of these devices are proliferating at an incredible rate, but the budgets of most state and local law enforcement agencies are not keeping pace.

Since it was first released 15 years ago, a community has grown around Autopsy development that continues to grow and deliver law enforcement investigators the new capabilities and functionality they have identified as pressing needs. S&T says that the DHS Science and Technology Directorate (S&T) previously funded the development and open-source release of Autopsy modules and its stewardship continues today as part of the Cyber Security Division’s (CSD) Cyber Security Forensics project. CSD is part of the Homeland Security Advanced Research Projects Agency.

As part of the current Cyber Forensics project work plan, the following capabilities will be developed or enhanced within Autopsy:

· A New Communication Analysis Framework—This will develop a storage framework for communications-based data and a graphical interface, making it easier for investigators to view messages from a variety of sources, visualize the messages, and see the relationships between accounts.

·  Advanced Image Analysis Functionality—This enhancement will expand Autopsy’s existing photo and video analysis capabilities to more efficiently analyze large numbers of images stored on a device’s hard drive.