Re: [sleuthkit-users] Python Module Ideas Needed!

[Derrick K. <dk...@gm...>]

Awwww....I was hoping for Lisp integration but will take what I can get.
 ;)  Yay Python!

Here's some thoughts that may or may not be useful:

  o mmap larger files so that plugins can query directly against the mmap
file for searches?
  o Automatically create a de-duped set of files from an exhibit (maybe
using set() or frozenset()?)
  o Cross-image file testing for membership or non-membership (maybe using
set() or frozenset()?)
  o Expose an image back to the OS as a read-only physical device (with a
temporary scratchfile).  It would be cool if it could expose an image that
tools (ie. virtualization) could then hook into.
  o Create a Python input stream (named pipe?) so that any application can
feed data directly into your Autopsy case for ingest.  ie. Take your
bulk_extractor output and feed it directly into Autopsy so that Autopsy can
ingest it.  Rather than grep'ing across all my data sources I could do it
all in Autopsy where it is indexed.

Derrick



On Thu, Feb 27, 2014 at 3:35 PM, Brian Carrier <ca...@sl...>wrote:

> We're having our company's internal annual hack-a-thon and a team of us
> decided to add python bindings to Autopsy.  We did it!
>
> Now, we need to win the competition with a cool demo.  Anybody have any
> ideas of cool things that can be done in Python that would demo well?
>
>
>
>
> ------------------------------------------------------------------------------
> Flow-based real-time traffic analytics software. Cisco certified tool.
> Monitor traffic, SLAs, QoS, Medianet, WAAS etc. with NetFlow Analyzer
> Customize your own dashboards, set traffic alerts and generate reports.
> Network behavioral analysis & security monitoring. All-in-one tool.
>
> http://pubads.g.doubleclick.net/gampad/clk?id=126839071&iu=/4140/ostg.clktrk
> _______________________________________________
> sleuthkit-users mailing list
> https://lists.sourceforge.net/lists/listinfo/sleuthkit-users
> http://www.sleuthkit.org
>