Does this skill require external software?

Yes, it requires Autopsy 4.x and The Sleuth Kit (TSK) installed on your system to perform the actual data processing.

Can it recover files that have been deleted?

Yes, it uses both file system metadata (MFT) analysis and signature-based file carving to recover files from unallocated disk space.

What disk image formats can this skill analyze?

This skill supports common forensic image formats including Raw (dd), E01 (EnCase), and AFF (Advanced Forensic Format).

How does it help with reporting?

The skill guides users through tagging evidence and generating structured HTML or CSV reports for legal and stakeholder review.

Does it support automated hash lookups?

Yes, it provides workflows for importing NSRL (National Software Reference Library) and custom hash sets to automatically filter known-good files and flag known-bad files.

Autopsy Disk Image Forensics

Name: Autopsy Disk Image Forensics
Author: mukul975

bymukul975

•

4,120

•

Seguridad y Pruebas

Performs comprehensive digital forensic investigations to recover files, analyze artifacts, and reconstruct timelines from disk images.

This skill equips Claude with the specialized knowledge to conduct professional-grade digital forensic analysis using Autopsy and The Sleuth Kit. It provides step-by-step guidance for ingest module configuration, file carving from unallocated space, and artifact extraction from browsers, emails, and system registries. Whether you are investigating internal data theft or performing incident response for a malware breach, this skill automates the complex workflow of turning raw disk images into structured evidence reports and chronological investigation timelines.

Características Principales

01Automated recovery of deleted files and forensic carving

024,120 GitHub stars

03Comprehensive artifact extraction including browser history and email parsing

04Hash-based filtering using NSRL and known-bad databases

05Support for multiple forensic formats including Raw (dd), E01, and AFF

06Chronological timeline reconstruction for event sequence analysis

Casos de Uso

01Investigating employee data exfiltration and intellectual property theft

02Criminal or civil legal discovery requiring structured evidence reporting

03Post-incident malware forensics to identify persistence and infection vectors

Características Principales

01Automated recovery of deleted files and forensic carving

024,120 GitHub stars

03Comprehensive artifact extraction including browser history and email parsing

04Hash-based filtering using NSRL and known-bad databases

05Support for multiple forensic formats including Raw (dd), E01, and AFF

06Chronological timeline reconstruction for event sequence analysis

Casos de Uso

01Investigating employee data exfiltration and intellectual property theft

02Criminal or civil legal discovery requiring structured evidence reporting

03Post-incident malware forensics to identify persistence and infection vectors