Difference between revisions of "Autopsy 3rd Party Modules"

From SleuthKitWiki
Jump to: navigation, search
(Ingest Modules)
(Data Content Viewer Modules)
Line 25: Line 25:
  
 
= Data Content Viewer Modules =
 
= Data Content Viewer Modules =
 +
Content viewer modules in Autopsy display a single file in some way. The standard application comes with viewers for hex, strings, and pictures.  These add-on modules allow you to view files in other ways.  They are available in the lower right hand corner of Autopsy.
 +
 
== Video Triage ==
 
== Video Triage ==
Author: Basis Technology<br>
+
* Description:  Analyzes video files and displays a series of images so that you can get a basic idea of what the video contains without viewing the entire thing. <br>
Minimum Autopsy version: 3.0.7<br>
+
* Author: Basis Technology<br>
Description:
+
* Minimum Autopsy version: 3.0.7<br>
Takes snapshots of videos so that you do not have to view the entire video to determine what it contains.<br>
+
* Release Download: http://www.basistech.com/digital-forensics/autopsy-modules/<br>
Release Download: http://www.basistech.com/digital-forensics/autopsy-modules/
+
* License: Closed source
  
 
== Windows Registry Content Viewer ==
 
== Windows Registry Content Viewer ==
 
+
* Description: Content viewer that analyzes a registry hive and allows you to navigate the tree and its key and value pairs.  Functions something like Regedit.exe.  Winner of the OSDFCon 2013 challenge.<br>
Author: Willi Ballenthin<br>
+
* Author: Willi Ballenthin<br>
Minimum version of Autopsy required: 3.0.7<br>
+
* Minimum version of Autopsy required: 3.0.7<br>
Description: Content viewer that functions something like Regedit.exe.<br>
+
* Source URL:  https://github.com/williballenthin/Autopsy-WindowsRegistryContentViewer<br>
Source URL:  https://github.com/williballenthin/Autopsy-WindowsRegistryContentViewer<br>
+
* Release Download: https://github.com/williballenthin/Autopsy-WindowsRegistryContentViewer/blob/master/precompiled/com-williballenthin-autopsy-wrcv-3.0.7-20131001.nbm<br>
Release Download: https://github.com/williballenthin/Autopsy-WindowsRegistryContentViewer/blob/master/precompiled/com-williballenthin-autopsy-wrcv-3.0.7-20131001.nbm<br>
+
* License of source code: Apache 2
License of source code: Apache 2
+
  
 
= Report Modules =
 
= Report Modules =
 
* No 3rd party modules have been publicly released.
 
* No 3rd party modules have been publicly released.

Revision as of 14:08, 22 January 2014

This page will list the third party modules that have been written for Autopsy. Autopsy comes with a set of modules, but other developers are encouraged go write modules instead of stand-alone tools.

Autopsy has many new frameworks and as more modules are written, this page will obviously get longer.

Ingest Modules

Ingest modules in Autopsy run on each data source and file that are added to the case. These modules are responsible for the big data analysis where they extract data from specific files and put the results in the embedded database.

Autopsy AHBM (sdhash)

  • Description: Released as part of OSDFCon 2013 Development contest. Approximate Hash Based Matching module allows the investigator to efficiently employ sdhash in Autopsy 3. The investigator can match files against other files or sdhash reference sets during ingest, or search for similar files from the directory viewer or search results after ingest.
  • Author: Petter Bjelland
  • Minimum Autopsy version: 3.0.7
  • Source URL: https://github.com/pcbje/autopsy-ahbm
  • Release Download: https://github.com/pcbje/autopsy-ahbm/releases
  • License: Apache 2.0
  • The video presentation is also uploaded to youtube: http://youtu.be/GBmZRufH_3o

Windows Registry Ingest Module

Data Content Viewer Modules

Content viewer modules in Autopsy display a single file in some way. The standard application comes with viewers for hex, strings, and pictures. These add-on modules allow you to view files in other ways. They are available in the lower right hand corner of Autopsy.

Video Triage

  • Description: Analyzes video files and displays a series of images so that you can get a basic idea of what the video contains without viewing the entire thing.
  • Author: Basis Technology
  • Minimum Autopsy version: 3.0.7
  • Release Download: http://www.basistech.com/digital-forensics/autopsy-modules/
  • License: Closed source

Windows Registry Content Viewer

Report Modules

  • No 3rd party modules have been publicly released.