±Forensic Focus Partners

Become an advertising partner

±Your Account


Forgotten password/username?

Site Members:

New Today: 0 Overall: 36464
New Yesterday: 0 Visitors: 142

±Follow Forensic Focus

Forensic Focus Facebook PageForensic Focus on TwitterForensic Focus LinkedIn GroupForensic Focus YouTube Channel

RSS feeds: News Forums Articles

±Latest Articles

±Latest Videos

±Latest Jobs

Slueth 1.72 and Autopsy

Forensic software discussion (commercial and open source/freeware). Strictly no advertising.
Reply to topicReply to topic Printer Friendly Page
Forum FAQSearchView unanswered posts


Slueth 1.72 and Autopsy

Post Posted: Nov 06, 04 03:26

I am in the midst of finding a bachelors program for computer forensic. There is one at southern oregon university that I am considering attending in the following year. I found this site while looking for various schools offering such a program. I just wanted to give a little preface to my situation. I dont know a lot about the field just yet but I find it very excitng and interesting. I have read some books on c programming and HTML, however I am finding that I know very little. My real question is how do I install the Slueth 1.72 and Autopsy forensics programs on my computer? I looked at the install file, the author refered to typing in $make? But he/she did not say where to type this in? Like for example a compiler program, dos prompt, run? I just need a little help getting started so I can explore these two programs. The answer is something very simple i'm sure, ha, ha!


Re: Slueth 1.72 and Autopsy

Post Posted: Nov 06, 04 05:13

I believe these tools are written to be run on Linux systems not Windows.
Steve - CCE 

Senior Member

Re: Slueth 1.72 and Autopsy

Post Posted: Nov 06, 04 10:50

Autopsy is a web-based graphical interface that uses the Sleuthkit command-line tools. Sleuthkit needs to be installed/compilled first, then autopsy. They are both Linux programs, and to my knowledge not yet been ported into Windows.

It can be run using cygwin. Cygwin is a Linux-like environment for Windows. It can be downloaded here: www.cygwin.com/

Cygwin in Windows and Linux can be complicated if you are not too familiar with them (and by the sound of things you arn't) you might want to try taking a look at a CD-ROM based distro such as Penguin Sleuth Kit at:


Alternatively (and my personal preference) Helix at:


You can download both onto your Windows box as iso files, burn them to CD, and then you can boot to them in a Linux environment. No messing with installing Linux onto your machine, it doesn't harm your Windows install, and no need for a dual boot setup, etc. Once your finished you simply remove the CD and reboot, back into Windows.

Both distros have Sleuth and Autopsy built in. Autopsy is the front end HTML based browser for Sleuth. I thought it was a bit tricky to get to grips with when I first used it, and much prefer something more COTS.


Site Admin

Re: Slueth 1.72 and Autopsy

Post Posted: Nov 07, 04 16:14

Autopsy/TSK under Cygwin...I never thought of that Shocked


Jamie Morris
Forensic Focus
Web: www.forensicfocus.com
Twitter: twitter.com/ForensicFocus
Facebook: www.facebook.com/forensicfocus 

Page 1 of 1