Difference between revisions of "Autopsy 3rd Party Modules"
(→Autopsy AHBM (sdhash)) |
|||
Line 7: | Line 7: | ||
Ingest modules in Autopsy run on each data source and file that are added to the case. These modules are responsible for the big data analysis where they extract data from specific files and put the results in the embedded database. | Ingest modules in Autopsy run on each data source and file that are added to the case. These modules are responsible for the big data analysis where they extract data from specific files and put the results in the embedded database. | ||
− | == Autopsy AHBM | + | == sdhash (Autopsy AHBM) == |
* Description: This module allows you to use sdhash to perform fuzzy hash matching. The investigator can match files against other files or sdhash reference sets during ingest, or search for similar files from the directory viewer or search results after ingest. Released as part of OSDFCon 2013 Development contest. <br /> | * Description: This module allows you to use sdhash to perform fuzzy hash matching. The investigator can match files against other files or sdhash reference sets during ingest, or search for similar files from the directory viewer or search results after ingest. Released as part of OSDFCon 2013 Development contest. <br /> | ||
* Author: Petter Bjelland<br /> | * Author: Petter Bjelland<br /> | ||
Line 15: | Line 15: | ||
* License: Apache 2.0<br /> | * License: Apache 2.0<br /> | ||
* The video presentation is also uploaded to youtube: http://youtu.be/GBmZRufH_3o<br> | * The video presentation is also uploaded to youtube: http://youtu.be/GBmZRufH_3o<br> | ||
+ | |||
+ | == SmutDetect Module == | ||
+ | * SmutDetect is a skin-tone image mining software which scans directories for images containing a specified percentage of skin-tones. It ranks (and filters) these images in various reports. | ||
+ | * URL: http://www.4ensics.co.uk/2014/03/smutdetect-as-module-for-autopsy-3/ | ||
== Windows Registry Ingest Module == | == Windows Registry Ingest Module == | ||
Line 23: | Line 27: | ||
* Release Download: https://github.com/williballenthin/Autopsy-WindowsRegistryIngestModule/tree/master/precompiled<br> | * Release Download: https://github.com/williballenthin/Autopsy-WindowsRegistryIngestModule/tree/master/precompiled<br> | ||
* License of source code: Apache 2 | * License of source code: Apache 2 | ||
+ | |||
+ | == Child Exploitation Hashset Modules == | ||
+ | * Description: Hash lookup modules that integrate with [http://www.projectvic.org ProjectVic] and C4All databases. These allow you to use Autopsy in child exploitation investigations and leverage hashsets of pre-categorized images. | ||
+ | * Author: Basis Technology | ||
+ | * Minimum Autopsy version: 3.1.0<br> | ||
+ | * Release Download: http://www.basistech.com/digital-forensics/autopsy/le-bundle/<br> | ||
+ | * License: Closed source | ||
= Data Content Viewer Modules = | = Data Content Viewer Modules = | ||
Line 31: | Line 42: | ||
* Author: Basis Technology<br> | * Author: Basis Technology<br> | ||
* Minimum Autopsy version: 3.0.7<br> | * Minimum Autopsy version: 3.0.7<br> | ||
− | * Release Download: http://www.basistech.com/digital-forensics/autopsy- | + | * Release Download: http://www.basistech.com/digital-forensics/autopsy/video-triage/<br> |
* License: Closed source | * License: Closed source | ||
Revision as of 19:17, 8 May 2014
This page will list the third party modules that have been written for Autopsy. Autopsy comes with a set of modules, but other developers are encouraged go write modules instead of stand-alone tools.
Autopsy has many new frameworks and as more modules are written, this page will obviously get longer.
Contents
Ingest Modules
Ingest modules in Autopsy run on each data source and file that are added to the case. These modules are responsible for the big data analysis where they extract data from specific files and put the results in the embedded database.
sdhash (Autopsy AHBM)
- Description: This module allows you to use sdhash to perform fuzzy hash matching. The investigator can match files against other files or sdhash reference sets during ingest, or search for similar files from the directory viewer or search results after ingest. Released as part of OSDFCon 2013 Development contest.
- Author: Petter Bjelland
- Minimum Autopsy version: 3.0.7
- Source URL: https://github.com/pcbje/autopsy-ahbm
- Release Download: https://github.com/pcbje/autopsy-ahbm/releases
- License: Apache 2.0
- The video presentation is also uploaded to youtube: http://youtu.be/GBmZRufH_3o
SmutDetect Module
- SmutDetect is a skin-tone image mining software which scans directories for images containing a specified percentage of skin-tones. It ranks (and filters) these images in various reports.
- URL: http://www.4ensics.co.uk/2014/03/smutdetect-as-module-for-autopsy-3/
Windows Registry Ingest Module
- Description: An ingest module that extracts Registry keys and values into derived directories and files so that they show up as nodes in the directory tree. First place winner in the OSDFCon 2013 challenge.
- Author: Willi Ballenthin
- Minimum version of Autopsy required: 3.0.7
- Source URL: https://github.com/williballenthin/Autopsy-WindowsRegistryIngestModule/
- Release Download: https://github.com/williballenthin/Autopsy-WindowsRegistryIngestModule/tree/master/precompiled
- License of source code: Apache 2
Child Exploitation Hashset Modules
- Description: Hash lookup modules that integrate with ProjectVic and C4All databases. These allow you to use Autopsy in child exploitation investigations and leverage hashsets of pre-categorized images.
- Author: Basis Technology
- Minimum Autopsy version: 3.1.0
- Release Download: http://www.basistech.com/digital-forensics/autopsy/le-bundle/
- License: Closed source
Data Content Viewer Modules
Content viewer modules in Autopsy display a single file in some way. The standard application comes with viewers for hex, strings, and pictures. These add-on modules allow you to view files in other ways. They are available in the lower right hand corner of Autopsy.
Video Triage
- Description: Analyzes video files and displays a series of images so that you can get a basic idea of what the video contains without viewing the entire thing.
- Author: Basis Technology
- Minimum Autopsy version: 3.0.7
- Release Download: http://www.basistech.com/digital-forensics/autopsy/video-triage/
- License: Closed source
Windows Registry Content Viewer
- Description: Content viewer that analyzes a registry hive and allows you to navigate the tree and its key and value pairs. Functions something like Regedit.exe. Winner of the OSDFCon 2013 challenge.
- Author: Willi Ballenthin
- Minimum version of Autopsy required: 3.0.7
- Source URL: https://github.com/williballenthin/Autopsy-WindowsRegistryContentViewer
- Release Download: https://github.com/williballenthin/Autopsy-WindowsRegistryContentViewer/blob/master/precompiled/com-williballenthin-autopsy-wrcv-3.0.7-20131001.nbm
- License of source code: Apache 2
Report Modules
Report modules in Autopsy allow you to make final reports after your investigation is over. Standard modules in Autopsy include HTML and Excel.
- No 3rd party modules have been publicly released.