Re: [sleuthkit-users] Python Module Ideas Needed!

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Hi Alex.

Indeed, xmount is a viable alternative but it only runs on Linux and OSX
unfortunately.  On the Windows side you can use imdisk, FTK Imager, Mount
Image Pro, etc. to expose forensic images to the system but it would be
cool to be able to do it natively within Autopsy.  Python may not be the
best choice for this, but I threw it out there for fun.  :)

Derrick

On Thu, Feb 27, 2014 at 4:20 PM, Alex Nelson <ajn...@cs...> wrote:

> Hi Derrick,
>
> A note on one of your suggestions:  The read-only-but-writeable device bit
> might already be handled with xmount:
> https://www.pinguin.lu/index.php (you should probably just ignore the
> website's self-signed cert) (also packaged in several Linux distros, and
> worked fo rme)
>
> I don't think there's need to duplicate that effort.
>
> --Alex
>
>
> On Feb 27, 2014, at 15:16 , Derrick Karpo <dk...@gm...> wrote:
>
> Awwww....I was hoping for Lisp integration but will take what I can get.
>  ;)  Yay Python!
>
> Here's some thoughts that may or may not be useful:
>
>   o mmap larger files so that plugins can query directly against the mmap
> file for searches?
>   o Automatically create a de-duped set of files from an exhibit (maybe
> using set() or frozenset()?)
>   o Cross-image file testing for membership or non-membership (maybe using
> set() or frozenset()?)
>   o Expose an image back to the OS as a read-only physical device (with a
> temporary scratchfile).  It would be cool if it could expose an image that
> tools (ie. virtualization) could then hook into.
>   o Create a Python input stream (named pipe?) so that any application can
> feed data directly into your Autopsy case for ingest.  ie. Take your
> bulk_extractor output and feed it directly into Autopsy so that Autopsy can
> ingest it.  Rather than grep'ing across all my data sources I could do it
> all in Autopsy where it is indexed.
>
> Derrick
>
>
>
> On Thu, Feb 27, 2014 at 3:35 PM, Brian Carrier <ca...@sl...>wrote:
>
>> We're having our company's internal annual hack-a-thon and a team of us
>> decided to add python bindings to Autopsy.  We did it!
>>
>> Now, we need to win the competition with a cool demo.  Anybody have any
>> ideas of cool things that can be done in Python that would demo well?
>>
>>
>>
>>
>> ------------------------------------------------------------------------------
>> Flow-based real-time traffic analytics software. Cisco certified tool.
>> Monitor traffic, SLAs, QoS, Medianet, WAAS etc. with NetFlow Analyzer
>> Customize your own dashboards, set traffic alerts and generate reports.
>> Network behavioral analysis & security monitoring. All-in-one tool.
>>
>> http://pubads.g.doubleclick.net/gampad/clk?id=126839071&iu=/4140/ostg.clktrk
>> _______________________________________________
>> sleuthkit-users mailing list
>> https://lists.sourceforge.net/lists/listinfo/sleuthkit-users
>> http://www.sleuthkit.org
>>
>
>
> ------------------------------------------------------------------------------
> Flow-based real-time traffic analytics software. Cisco certified tool.
> Monitor traffic, SLAs, QoS, Medianet, WAAS etc. with NetFlow Analyzer
> Customize your own dashboards, set traffic alerts and generate reports.
> Network behavioral analysis & security monitoring. All-in-one tool.
>
> http://pubads.g.doubleclick.net/gampad/clk?id=126839071&iu=/4140/ostg.clktrk_______________________________________________
> sleuthkit-users mailing list
> https://lists.sourceforge.net/lists/listinfo/sleuthkit-users
> http://www.sleuthkit.org
>
>
>