Autopsy 4.21 Version

By Paulo Pereira, PhD

I. Introduction

This article shows you how to start a case with the new version 4.21.0 of Autopsy, one of the pioneering tools responsible for the digital change in forensic investigation in recent years. The article itself does not claim to be a complete guide for a person to use Autopsy. For this, there are several sources on the web. However, an introduction is made on how to start a case in Autopsy, using an image called SUSPECT_LAPTOP, which was used in Belkasoft training and for which I received permission to use.

II. Version 4.21.0

Version 4.21.0 of Autopsy brings important changes over version 4.20.0. According to the repository of the tool, there are the following changes:

Table 1: Autopsy New Features

New Features	List of Updates
Library Updates:	Update Java to version 17Update aLeapp/iLeapp executables.Update JNA VersionUpdate SQLite library versionUpdated 3rd party libraries that have known CVEs
Ingest Module Updates:	Recent Activity checks for malicious Chrome extensions from list provided by https://github.com/randomaccess3/detectionsKeyword Search module now can search without needing to index text into Solr. New Cyber Triage Malware Scanner module that uses Reversing Labs (requires license). https://www.cybertriage.com/autopsy-malware-module/
Add Data Source Updates:	Timestamps for logical files can be added. Issue https://github.com/sleuthkit/autopsy/issues/5852, https://github.com/sleuthkit/autopsy/issues/1788List of logical files/folders can be edited before they are added. Issue https://github.com/sleuthkit/autopsy/issues/7347
GUI Updates:	Add "has attachments" flag for emails. Issue https://github.com/sleuthkit/autopsy/issues/7358Add Score to tree view
Bugs:	Fix path for....