Autopsy Server
This repository helps to setup a multi-user Autopsy environment with docker-compose
. It automates the setps of the official Autopsy documentation to create
- a server that can be used for automated ingest and
- the corresponding client for examination.
For Autopsy to work probably it's necessary that the server as well as the client have access to two directories with write permissions:
- shared cases folder and
- shared images folder
The easiest way to accomplish this is to use Docker volumes that have a bind mount to those directories. To use already created Docker volumes for the server, please edit the docker-compose.yml
file:
In the volumes
section at the bottom in that file change autopsy_cases: {}
to
autopsy_cases:
external: true
name: <name of the existing cases volume>
and autopsy_images: {}
to
autopsy_images:
external: true
name: <name of the existing images volume>
If those directories are owned by a special user (UID != 1000
), edit the .env
file: Change BUILD_UID
and BUILD_GID
to the ones of the corresponding user.
To build the necessary images for the server operation:
make compose
To build the client image:
make image
To start everything:
docker-compose up -d
Afterwards the server application can be accessed via VNC on port 5911
. (The port can be changed in the docker-compose.yml
file.)
This VNC connection is unsecured! To add a VNC password, add the following section to the autopsy-server
section in the docker-compose.yml
file:
environment:
- VNC_PASSWORD=<your password>
To start the client:
docker run -d \
--name=autopsy \
-p "5901:5901" \
-v <cases volume>:/cases \
-v <images volume>:/images \
-e VNC_PASSWORD=<your password>
autopsy
Note that the two volumes must contain the same data as the ones for the server (see configuration section above).
Also like the server the Autopsy GUI of the client can be accessed via VNC. It's recommended to set a VNC password!