[sleuthkit-users] Reporting, Autopsy Customization
Brought to you by:
carrier
Menu
▾
▴
[sleuthkit-users] Reporting, Autopsy Customization
|
From: John T. H. <joh...@gm...> - 2005-03-18 17:50:53
|
So my foray into Autopsy/Sleuthkit has thus far been fairly successful. This engagement I've been involved in ultimately boils down to working with images found on a few systems. The image extraction was a huge help in this, but part of my work is to turn around and create a report for a client showing browsing activity. I'm modifying the output from image extraction, combined with the timeline output and the image data file to create files that will look something like: image1 thumb - timestamp1 - image1 data image2 thumb - timestamp1 - image2 data image3 thumb - timestamp1 - image3 data image2 thumb - timestamp2 - image2 data image4 thumb - timestamp1 - image4 data etc. Thus far, I've been manually copying names of images that I'll want to have included in this report for input into another script. Has anyone done something similar? How complex would it be to modify autopsy to include a check-box of some sort to generate trimmed thumbnail/data pages for interesting images to manipulate later, rather than my "copy url, paste into file, clean up file, script/filter data" sort of process? In extracting the images, would it be possible to include a reference to each timeline entry that prompted the inclusion of an image? Or in many cases, the repeating of an image? -John |
