Autopsy

by The Sleuth Kitv4.22.1

Last updated Jun 8, 2026

Autopsy is the premier end-to-end open source digital forensics platform.

Install with winget

$ winget install --id SleuthKit.Autopsy --exact --version 4.22.1

Run in Command Prompt, PowerShell, or Windows Terminal. Prompts for any agreements.

Silent install command for Autopsy

Autopsy uses MSI. The silent install switches are /quiet /norestart.

One-line silent install (x64, machine scope)

msiexec.exe /i autopsy-4.22.1-64bit.msi /quiet /norestart

See the full silent install reference for Autopsy →

Built by Pckgr

For Intune admins

Stop chasing app updates. Pckgr patches them for you.

Automated application patching for Microsoft Intune. Pckgr keeps a curated library of 1,000+ apps continuously up-to-date in your tenant via Microsoft Graph - no manual repackaging, no chasing vendor sites.

Start free 30-day trial

No credit card required.

Installers · v4.22.1

Architecture	Type	Scope	Install	Download
x64	MSI	machine		Direct

Copy a command tailored to that specific architecture, type, and scope - useful when winget would otherwise pick a different default.

Security

6 known CVEs via NVD

medium4.4Patched in wingetCVE-2026-40026affects before 4.14.0Apr 8, 2026
The Sleuth Kit through 4.14.0 contains an out-of-bounds read vulnerability in the ISO9660 filesystem parser where the parse_susp() function trusts len_id, len_des, and len_src fields from the disk image to memcpy data into a stack buffer without verifying that the source data fa...
Patch
medium4.4Patched in wingetCVE-2026-40025affects before 4.15.0Apr 8, 2026
The Sleuth Kit through 4.14.0 contains an out-of-bounds read vulnerability in the APFS filesystem keybag parser where the wrapped_key_parser class follows attacker-controlled length fields without bounds checking, causing heap reads past the allocated buffer. An attacker can cra...
Patch
high7.1Patched in wingetCVE-2026-40024affects before 4.15.0Apr 8, 2026
The Sleuth Kit through 4.14.0 contains a path traversal vulnerability in tsk_recover that allows an attacker to write files to arbitrary locations outside the intended recovery directory via crafted filenames or directory paths with path traversal sequences in a filesystem image...
Patch
high7.8Patched in wingetCVE-2022-45639affects v4.11.1Jan 23, 2023
OS Command injection vulnerability in sleuthkit fls tool 4.11.1 allows attackers to execute arbitrary commands via a crafted value to the m parameter. NOTE: third parties have disputed this because there is no analysis showing that the backtick command executes outside the conte...
Vendor advisory
critical9.1Patched in wingetCVE-2020-10233affects <=4.8.0Mar 8, 2020
In version 4.8.0 and earlier of The Sleuth Kit (TSK), there is a heap-based buffer over-read in ntfs_dinode_lookup in fs/ntfs.c.
Patch
critical9.8Patched in wingetCVE-2020-10232affects <=4.8.0Mar 8, 2020
In version 4.8.0 and earlier of The Sleuth Kit (TSK), there is a stack buffer overflow vulnerability in the YAFFS file timestamp parsing logic in yaffsfs_istat() in fs/yaffs.c.
Patch

Source: NVD, updated 4h ago. Patch status is best-effort: NVD's fix version is compared against the latest version in winget, but the two version formats don't always align. Confirm with the vendor advisory before treating any specific build as safe.

See a CVE that affects your fleet? Push the patched version to Intune in one click with Pckgr - automated patching is the only way to keep up.

Related apps

MiTeC Windows File AnalayzerMiTeC
MiTeC.WindowsFileAnalyzerv2.10.0
This application decodes and analyzes some special files used by Windows OS. In these files is interesting information for forensic analysis.
C
Cloudflare DLP Forensic Copy DecoderSALT Cyber Security
Devolvio-B-V.cf-dlp-decodev2.3.0
A powerful command-line tool and interactive TUI for decoding and extracting Cloudflare DLP (Data Loss Prevention) forensic copies from compressed log files.

More from The Sleuth Kit or browse autopsy, forensic, sleuthkit.

Frequently asked questions

How do I install Autopsy on Windows?

Open Windows Terminal, PowerShell, or Command Prompt and run: winget install --id SleuthKit.Autopsy --exact --version 4.22.1. winget downloads the installer from The Sleuth Kit and runs it. Requires Windows 10 (1809+) or Windows 11.

How do I install Autopsy silently for unattended deployment?

Add --silent and accept the agreements upfront: winget install --id SleuthKit.Autopsy --exact 4.22.1 --silent --accept-package-agreements --accept-source-agreements. This is the variant Intune, Configuration Manager, and other deployment tools should use.

What are the silent install switches for Autopsy?

Autopsy uses MSI. Run the downloaded installer with: msiexec.exe /i autopsy-4.22.1-64bit.msi /quiet /norestart. The silent switches are /quiet /norestart.

How do I uninstall Autopsy via winget?

Run: winget uninstall --id SleuthKit.Autopsy --exact. Add --silent for unattended uninstalls. winget will use the registered uninstaller from Autopsy's Apps & Features entry.

Is Autopsy free?

Autopsy is distributed under Apache License 2.0. Refer to the publisher (https://www.autopsy.com) for the full license terms - Wingetly itself does not charge for installation.

Does Autopsy work on Windows 10?

Yes, as long as your Windows 10 build supports winget (1809 or newer). winget ships with App Installer on Windows 10/11 and pulls Autopsy directly from the publisher.

How do I keep Autopsy up to date?

Run winget upgrade --id SleuthKit.Autopsy --exact, or winget upgrade --all to update everything winget tracks. We index 10 versions of Autopsy from microsoft/winget-pkgs.

Recent versions

4.22.1latest
4.22.0
4.21.0
4.20.0
4.19.2
4.19.1
4.19.0
4.18.0
4.17.0
4.16.0