Autopsy

Forensics tool that can recover deleted files.

Installation

An older version is already in Kali Linux.

Download the ZIP file (GitHub). If it is too large in a VM, store it in the shared folder.

unzip autopsy-4.22.1_v2.zip

cd autopsy-4.22.1
export JAVA_HOME=/usr/lib/jvm/java-23-openjdk-amd64
./unix_setup.sh

Usage

mkdir /home/kali/autopsy
sudo autopsy -d /home/kali/autopsy

• Open a web browser and access http://localhost:9999/autopsy
• Click on Open Case
• Click on New Case
• Enter a case name
• Click on New Case
• Click on Add Host
• Enter any hostname (dummy one if you don’t have one)
• Click on Add Host
• Click Add Image
• Click on Add Image File
• Enter the image path
• Click on Add

Reference

• Official Documentation