Autopsy
Digital forensics software
System security software
- Features
- Ease of use
- Ease of management
- Quality of support
- Affordability
- Market presence
Take the quiz to check if Autopsy and its alternatives fit your requirements.
$495 per person
Free Trial unavailable
Free version
Small
Medium
Large
- Public sector and nonprofit organizations
- Education and training
- Information technology and software
What is Autopsy
Autopsy is an open-source digital forensics application used to analyze disk images, file systems, and artifacts from Windows, macOS, and Linux systems. It is commonly used by incident responders, law enforcement, and internal investigation teams to triage endpoints and build timelines of user and system activity. Autopsy provides a GUI on top of The Sleuth Kit and supports ingest modules for tasks such as keyword search, hash set filtering, and artifact extraction.
Broad artifact and file analysis
Autopsy supports analysis of common file systems and can extract and parse many endpoint artifacts (for example, web activity, recent files, and registry-related data on Windows). It includes timeline generation and keyword search to help investigators correlate events. These capabilities make it suitable for workstation and server triage when the primary evidence source is a disk image or local storage.
Extensible ingest module framework
Autopsy uses an ingest pipeline that can run multiple modules during analysis, including hash lookup, file type identification, and artifact extraction. The platform supports customization and community-developed modules, which helps teams adapt workflows to specific evidence types. This extensibility is useful when compared with more closed, appliance-style security platforms that focus on telemetry rather than disk forensics.
Accessible open-source tooling
As open source, Autopsy can be evaluated and deployed without per-seat licensing, which can lower barriers for smaller teams and training environments. The GUI reduces the need to rely solely on command-line forensic utilities. It is also widely referenced in training and academic contexts, which can help with onboarding and repeatable lab exercises.
Not a full security platform
Autopsy focuses on post-collection forensic analysis rather than continuous monitoring, detection, and response. It does not replace SIEM/XDR-style capabilities such as real-time alerting, automated response playbooks, or centralized telemetry ingestion. Organizations typically need additional tools for endpoint collection, network visibility, and operational security workflows.
Performance and scaling constraints
Large evidence sets and multi-terabyte images can lead to long ingest times and heavy local resource usage. Scaling investigations across many endpoints generally requires process and infrastructure planning outside the product (for example, distributed storage and parallelized analyst workflows). This can be limiting for teams that need high-throughput, enterprise-scale investigations.
Requires forensic expertise
Effective use depends on correct evidence handling, sound interpretation of artifacts, and careful validation of findings. Misconfiguration of ingest modules or misunderstanding artifact provenance can lead to incomplete or misleading conclusions. Teams often need documented procedures and training to ensure consistent, defensible results.
Plan & Pricing
| Plan | Price | Key features & notes |
|---|---|---|
| Core Autopsy (software) | Free — download and use | Autopsy is an open-source digital forensics platform; the product page and Sleuth Kit project state the software is free to download and use. |
| Autopsy Basics and Hands On (training) | $495 per person (8-hour course) — (autopsy.com lists a standard in-person rate of $499/person on a separate page) | 8-hour online or in-person course, certificate of completion / CPE credits. (Official training pages list purchasing options and stated rates.) |
| Rapid Endpoint Triage Service (Sleuth Kit Labs) | $2,000 per endpoint (fixed price) | Rapid triage service (upload collector, analysis, report). Estimated 1-business-day delivery; additional hourly support billed separately. |
| Subscription-Based Support | Custom / Contact sales | Autopsy homepage advertises "Subscription-Based Support" (enterprise-level backing) but does not publish pricing; contact Sleuth Kit Labs for details. |
Seller details
Basis Technology Corporation
Cambridge, Massachusetts, United States
1993
Private
https://www.basistech.com/
https://x.com/basistech
https://www.linkedin.com/company/basis-technology/
