Autopsy - Digital Forensics
Digital forensics software
System security software
- Features
- Ease of use
- Ease of management
- Quality of support
- Affordability
- Market presence
Take the quiz to check if Autopsy - Digital Forensics and its alternatives fit your requirements.
$495.00 one-time
Free Trial unavailable
Free version
Small
Medium
Large
- Education and training
- Professional services (engineering, legal, consulting, etc.)
- Public sector and nonprofit organizations
What is Autopsy - Digital Forensics
Autopsy is an open-source digital forensics application used to examine disk images, file systems, and artifacts from computers and removable media. It is commonly used by incident responders, law enforcement, and internal investigation teams for triage and post-incident analysis. The tool provides a GUI for The Sleuth Kit and supports modular ingest modules for tasks such as keyword search, hash set filtering, and timeline analysis.
Open-source and extensible
Autopsy is released as open-source software and can be evaluated and deployed without commercial licensing. Its ingest-module architecture supports adding or customizing analysis functions for specific workflows. This can be useful for teams that need transparent tooling or want to integrate custom parsers and checks into a repeatable process.
Broad artifact examination features
The product supports common forensic tasks such as file system browsing, keyword search, hash-based identification, and timeline-oriented review. It can help investigators triage large data sets by filtering known files and highlighting items of interest. These capabilities align with typical workstation and media forensics use cases rather than enterprise-wide monitoring.
GUI for Sleuth Kit workflows
Autopsy provides a desktop GUI that simplifies use of The Sleuth Kit for analysts who prefer not to rely on command-line tooling. It centralizes case management, ingest configuration, and review in a single interface. This can reduce setup effort for smaller teams and training scenarios compared with building a workflow from separate utilities.
Not an enterprise security platform
Autopsy focuses on offline forensic examination of acquired data rather than continuous detection and response. It does not function as a SIEM/XDR-style platform for real-time telemetry collection, alerting, or automated response. Organizations typically need additional security tooling for monitoring and incident management workflows.
Scalability and collaboration limits
Autopsy is primarily a desktop application and is often used by individual analysts or small teams. Multi-user collaboration, centralized evidence management, and large-scale distributed processing are not its core design goals. For high-volume investigations, teams may need complementary infrastructure and process controls to manage throughput and chain-of-custody at scale.
Feature depth varies by module
Some artifact parsers and analysis functions depend on available modules and their maintenance status. Coverage for newer applications, cloud artifacts, or rapidly changing data formats may lag without active module updates. This can require validation testing and occasional custom development to ensure consistent results for specific evidence types.
Plan & Pricing
| Plan | Price | Key features & notes |
|---|---|---|
| Autopsy (core) | Free (permanently) | Open-source digital forensics platform; free to download and use (core product). |
| Training — Online (Autopsy Basics, 8-hrs) | $495.00 one-time | Official online course sold by Sleuth Kit Labs; includes hands-on labs and certificate/CPE. |
| Training — In-person | $499 per person | Standard in-person training rate; ad-hoc schedule; cancellation policy applies. |
| Rapid Endpoint Triage Service (Sleuth Kit Labs) | $2,000 per endpoint (fixed) | Rapid analysis service with a 1-business-day target; bulk discounts available for MSSPs/MDRs. |
| Subscription-based support | Custom pricing | Enterprise-level subscription support (contact Sleuth Kit Labs for quotes). |
| Custom development / Modules | Contact sales | Custom module development and integration; pricing varies by project. |
| Cyber Triage Malware Scanner (Autopsy ingest module) | Price undisclosed (requires Cyber Triage subscription) | Add-on that depends on a Cyber Triage Cloud subscription (Cyber Triage offers a 7-day trial). |
Seller details
Basis Technology Corporation
Cambridge, Massachusetts, United States
1993
Private
https://www.basistech.com/
https://x.com/basistech
https://www.linkedin.com/company/basis-technology/
