What disk image formats are supported by this skill?

This skill supports standard forensic formats including raw (dd), E01 (EnCase), and AFF (Advanced Forensic Format).

Can I recover files that have been deleted?

Yes, the skill utilizes file carving techniques and MFT analysis to identify and extract deleted files from unallocated disk space.

Does this require specific operating system environments?

The skill provides workflows for both the Autopsy GUI (available for Windows and Linux) and The Sleuth Kit command-line utilities commonly used on Linux.

How does the timeline analysis feature work?

It aggregates metadata from file systems, browser history, and OS artifacts to create a chronological view of events, helping you visualize when specific actions occurred.

Analyzing Disk Image with Autopsy

Name: Analyzing Disk Image with Autopsy
Author: micsapp

bymicsapp

0•

安全与测试

Performs comprehensive digital forensic analysis and file recovery using the Autopsy platform and The Sleuth Kit.

This skill provides a structured framework for forensic investigators to analyze disk images (raw, E01, AFF) using Autopsy and command-line Sleuth Kit tools. It guides users through the entire forensic lifecycle, including case creation, ingest module configuration, deleted file recovery, keyword searching, and timeline reconstruction. Whether you are conducting an internal corporate investigation, incident response, or preparing legal evidence, this skill helps you uncover hidden artifacts and document findings professionally.

主要功能

01Chronological timeline reconstruction of system and user events

02Full-text keyword indexing and regex-based sensitive data searching

030 GitHub stars

04Comprehensive ingest module configuration for automated artifact extraction

05Automated deleted file recovery and file system metadata analysis

06Standardized forensic reporting and evidence tagging workflows

使用场景

01Building court-admissible evidence timelines from forensic disk images

02Post-compromise malware forensics to identify infection vectors and lateral movement

03Investigating unauthorized data access or employee intellectual property theft

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add micsapp/micstec-skills analyzing-disk-image-with-autopsy

For use in Claude.ai and ChatGPT

主要功能

01Chronological timeline reconstruction of system and user events

02Full-text keyword indexing and regex-based sensitive data searching

030 GitHub stars

04Comprehensive ingest module configuration for automated artifact extraction

05Automated deleted file recovery and file system metadata analysis

06Standardized forensic reporting and evidence tagging workflows

使用场景

01Building court-admissible evidence timelines from forensic disk images

02Post-compromise malware forensics to identify infection vectors and lateral movement

03Investigating unauthorized data access or employee intellectual property theft

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add micsapp/micstec-skills analyzing-disk-image-with-autopsy

For use in Claude.ai and ChatGPT