Re: [sleuthkit-users] Information about how to develop a autopsy plugin in python/jython
Brought to you by:
carrier
Menu
▾
▴
Re: [sleuthkit-users] Information about how to develop a autopsy plugin in python/jython
|
From: Richard C. <rco...@ba...> - 2015-05-11 20:05:51
|
Justin is on the right track. We have not implemented Python bindings for SleuthKit at this time. What we have done is to make it possible to write Autopsy ingest modules in Python instead of Java. The glue consists of a combination of Jython and Java code in Autopsy that supports discovering, loading, and running instances of Python classes that implement the same ingest module plugin interfaces as do Java ingest module plugins. Richard Cordovano Autopsy Team Lead Basis Technology On Mon, May 11, 2015 at 3:08 PM, Justin Grover <jus...@gm...> wrote: > Geoffrey, > > I'm just getting around to playing around with Autopsy python plugins > myself as well. The only way around the "no module named sleuthkit" error > that I've found is to actually run the module in Autopsy. If you try to > run it outside of Autopsy, you'll get the error. > > Developing a module outside of autopsy will be a challenge since there is > no documentation for it. The Autopsy 3.1 python documentation says "You > don't really need anything to develop a python Autopsy module except for > the standard Autopsy and your favorite text editor." > > -Justin > > On Mon, May 11, 2015 at 9:59 AM, < > sle...@li...> wrote: > >> Send sleuthkit-users mailing list submissions to >> sle...@li... >> >> To subscribe or unsubscribe via the World Wide Web, visit >> https://lists.sourceforge.net/lists/listinfo/sleuthkit-users >> or, via email, send a message with subject or body 'help' to >> sle...@li... >> >> You can reach the person managing the list at >> sle...@li... >> >> When replying, please edit your Subject line so it is more specific >> than "Re: Contents of sleuthkit-users digest..." >> >> >> Today's Topics: >> >> 1. Re: Information about how to develop a autopsy plugin in >> python/jython (Geoffrey Wagnier) >> 2. Re: Information about how to develop a autopsy plugin in >> python/jython (Sam K) >> >> >> ---------------------------------------------------------------------- >> >> Message: 1 >> Date: Mon, 11 May 2015 15:47:52 +0200 >> From: Geoffrey Wagnier <wag...@gm...> >> Subject: Re: [sleuthkit-users] Information about how to develop a >> autopsy plugin in python/jython >> To: "Richer, Mark (CIV)" <mhr...@np...> >> Cc: sleuthkit-users <sle...@li...> >> Message-ID: >> <CAA4uvfMp+F3dsbkbVPE8_yji1Nqs2ULkFNMVot5Hk2e_ObHm= >> Q...@ma...> >> Content-Type: text/plain; charset="utf-8" >> >> Hi again, >> >> First thx for all of your helps, it was really nice for us, but we still >> have some problems with the library of autopsy. The import doesn't work! >> >> on this kind of line from the examples (IngestModule): >> >> File >> "C:\Users\Geo\Documents\NetBeansProjects\IngesModule\src\ingestmodule.py", >> line 5, in <module> >> from org.sleuthkit.autopsy.casemodule import Case >> ImportError: No module named sleuthkit >> >> >> As a result, we would like to develop a plugin which studies the web >> hystory for autopsy in python, but we are blocked since 2 month. >> >> Best regards, >> >> Geoffrey >> >> 2015-05-06 17:10 GMT+02:00 Richer, Mark (CIV) <mhr...@np...>: >> >> > Geoffrey, >> > >> > It seems you will be best off using NetBeans as your IDE, but in >> general >> > if you want to use Eclipse with Python, Jython or IronPython, then you >> > should install PyDev in Eclipse. >> > >> > http://pydev.org >> > >> > Mark >> > >> > *MARK H RICHER, MS CS* >> > Faculty Research Associate >> > Computer Science Department >> > Naval Postgraduate School - National Capital Region (NCR) >> > 703-275-8533 (o) 571.303.9498 (m) mhr...@np... >> > >> > >> > On May 6, 2015, at 11:00 AM, Brian Carrier <ca...@sl...> >> wrote: >> > >> > Hi Geoffrey, >> > >> > The development docs contain this information. >> > >> > All of the docs are here: >> > http://sleuthkit.org/autopsy/docs/api-docs/3.1/index.html >> > The Python-specific page is here: >> > http://sleuthkit.org/autopsy/docs/api-docs/3.1/mod_dev_py_page.html >> > >> > The python page assumes you?ve read the other pages though (except for >> the >> > Java-specific page). It references sample modules, which can be found >> here: >> > >> > https://github.com/sleuthkit/autopsy/tree/develop/pythonExamples >> > >> > Autopsy is built on top of the NetBeans platform, so we always use >> > NetBeans as an IDE. I?ve never tried Eclipse with Autopsy. >> >> > >> > thanks, >> > brian >> > >> > >> > >> > >> > On May 6, 2015, at 10:10 AM, Geoffrey Wagnier < >> wag...@gm...> >> > wrote: >> > >> > Hi everyone, >> > >> > I'm Geoffrey a student in IT security in France, and in order to end a >> > school project about autopsy and pyhton's plugins, I would like to know >> if >> > someone can help on this project. >> > >> > First, I wonder if skeleton in python exists and how use it and install >> > it. >> > >> > Secondly, how works the autopsy library on Eclipse ? >> > >> > and Finally, every informations will be great for my crew ! >> > >> > >> > Thx guys for reading, >> > >> > Best regards, >> > >> > >> > Geoffrey >> > >> > >> ------------------------------------------------------------------------------ >> > One dashboard for servers and applications across Physical-Virtual-Cloud >> > Widest out-of-the-box monitoring support with 50+ applications >> > Performance metrics, stats and reports that give you Actionable Insights >> > Deep dive visibility with transaction tracing using APM Insight. >> > >> > >> http://ad.doubleclick.net/ddm/clk/290420510;117567292;y_______________________________________________ >> > sleuthkit-users mailing list >> > https://lists.sourceforge.net/lists/listinfo/sleuthkit-users >> > http://www.sleuthkit.org >> > >> > >> > >> > >> > >> ------------------------------------------------------------------------------ >> > One dashboard for servers and applications across Physical-Virtual-Cloud >> > Widest out-of-the-box monitoring support with 50+ applications >> > Performance metrics, stats and reports that give you Actionable Insights >> > Deep dive visibility with transaction tracing using APM Insight. >> > http://ad.doubleclick.net/ddm/clk/290420510;117567292;y >> > _______________________________________________ >> > sleuthkit-users mailing list >> > https://lists.sourceforge.net/lists/listinfo/sleuthkit-users >> > http://www.sleuthkit.org >> > >> > >> > >> > >> > >> ------------------------------------------------------------------------------ >> > One dashboard for servers and applications across Physical-Virtual-Cloud >> > Widest out-of-the-box monitoring support with 50+ applications >> > Performance metrics, stats and reports that give you Actionable Insights >> > Deep dive visibility with transaction tracing using APM Insight. >> > http://ad.doubleclick.net/ddm/clk/290420510;117567292;y >> > _______________________________________________ >> > sleuthkit-users mailing list >> > https://lists.sourceforge.net/lists/listinfo/sleuthkit-users >> > http://www.sleuthkit.org >> > >> > >> -------------- next part -------------- >> An HTML attachment was scrubbed... >> >> ------------------------------ >> >> Message: 2 >> Date: Mon, 11 May 2015 09:59:16 -0400 >> From: Sam K <sku...@gm...> >> Subject: Re: [sleuthkit-users] Information about how to develop a >> autopsy plugin in python/jython >> To: Geoffrey Wagnier <wag...@gm...> >> Cc: sleuthkit-users <sle...@li...> >> Message-ID: >> <CA+2b7+N9=OqY4__aB9p= >> Yz0...@ma...> >> Content-Type: text/plain; charset="utf-8" >> >> >> Geoffrey: >> >> Are you running the code from inside Autopsy, or are you trying to run >> from >> inside another IDE? Keep in mind that Python modules are running from a >> Jython interpreter that is called by Autopsy, so imports of Autopsy case >> information won't work unless you're actually running the module inside >> Autopsy. >> >> The line: >> >> from org.sleuthkit.autopsy.casemodule import Case >> >> works fine for me (Autopsy 3.1.2, Windows 7 x64). If you want to post >> more >> of your code somewhere, it would be helpful for troubleshooting it. >> >> One more thing to bear in mind when writing Python/Jython modules is that >> in Autopsy 3.1.2, the Jython interpreter is missing some standard Python >> libraries, see https://github.com/sleuthkit/autopsy/issues/988. Some >> imports will fail unless you make some modifications to the built in >> Jython.jar; although the error you mentioned is not one of them. >> >> -Sam >> >> On Mon, May 11, 2015 at 9:47 AM, Geoffrey Wagnier < >> wag...@gm...> wrote: >> >> > Hi again, >> > >> > First thx for all of your helps, it was really nice for us, but we still >> > have some problems with the library of autopsy. The import doesn't work! >> > >> > on this kind of line from the examples (IngestModule): >> > >> > File >> > >> "C:\Users\Geo\Documents\NetBeansProjects\IngesModule\src\ingestmodule.py", >> > line 5, in <module> >> > from org.sleuthkit.autopsy.casemodule import Case >> > ImportError: No module named sleuthkit >> > >> > >> > As a result, we would like to develop a plugin which studies the web >> > hystory for autopsy in python, but we are blocked since 2 month. >> > >> > Best regards, >> > >> > Geoffrey >> > >> > 2015-05-06 17:10 GMT+02:00 Richer, Mark (CIV) <mhr...@np...>: >> > >> >> Geoffrey, >> >> >> >> It seems you will be best off using NetBeans as your IDE, but in >> >> general if you want to use Eclipse with Python, Jython or IronPython, >> then >> >> you should install PyDev in Eclipse. >> >> >> >> http://pydev.org >> >> >> >> Mark >> >> >> >> *MARK H RICHER, MS CS* >> >> Faculty Research Associate >> >> Computer Science Department >> >> Naval Postgraduate School - National Capital Region (NCR) >> >> 703-275-8533 (o) 571.303.9498 (m) mhr...@np... >> >> >> >> >> >> On May 6, 2015, at 11:00 AM, Brian Carrier <ca...@sl...> >> >> wrote: >> >> >> >> Hi Geoffrey, >> >> >> >> The development docs contain this information. >> >> >> >> All of the docs are here: >> >> http://sleuthkit.org/autopsy/docs/api-docs/3.1/index.html >> >> The Python-specific page is here: >> >> http://sleuthkit.org/autopsy/docs/api-docs/3.1/mod_dev_py_page.html >> >> >> >> The python page assumes you?ve read the other pages though (except for >> >> the Java-specific page). It references sample modules, which can be >> found >> >> here: >> >> >> >> https://github.com/sleuthkit/autopsy/tree/develop/pythonExamples >> >> >> >> Autopsy is built on top of the NetBeans platform, so we always use >> >> NetBeans as an IDE. I?ve never tried Eclipse with Autopsy. >> >> >> >> >> thanks, >> >> brian >> >> >> >> >> >> >> >> >> >> On May 6, 2015, at 10:10 AM, Geoffrey Wagnier < >> wag...@gm...> >> >> wrote: >> >> >> >> Hi everyone, >> >> >> >> I'm Geoffrey a student in IT security in France, and in order to end a >> >> school project about autopsy and pyhton's plugins, I would like to >> know if >> >> someone can help on this project. >> >> >> >> First, I wonder if skeleton in python exists and how use it and install >> >> it. >> >> >> >> Secondly, how works the autopsy library on Eclipse ? >> >> >> >> and Finally, every informations will be great for my crew ! >> >> >> >> >> >> Thx guys for reading, >> >> >> >> Best regards, >> >> >> >> >> >> Geoffrey >> >> >> >> >> ------------------------------------------------------------------------------ >> >> One dashboard for servers and applications across >> Physical-Virtual-Cloud >> >> Widest out-of-the-box monitoring support with 50+ applications >> >> Performance metrics, stats and reports that give you Actionable >> Insights >> >> Deep dive visibility with transaction tracing using APM Insight. >> >> >> >> >> http://ad.doubleclick.net/ddm/clk/290420510;117567292;y_______________________________________________ >> >> sleuthkit-users mailing list >> >> https://lists.sourceforge.net/lists/listinfo/sleuthkit-users >> >> http://www.sleuthkit.org >> >> >> >> >> >> >> >> >> >> >> ------------------------------------------------------------------------------ >> >> One dashboard for servers and applications across >> Physical-Virtual-Cloud >> >> Widest out-of-the-box monitoring support with 50+ applications >> >> Performance metrics, stats and reports that give you Actionable >> Insights >> >> Deep dive visibility with transaction tracing using APM Insight. >> >> http://ad.doubleclick.net/ddm/clk/290420510;117567292;y >> >> _______________________________________________ >> >> sleuthkit-users mailing list >> >> https://lists.sourceforge.net/lists/listinfo/sleuthkit-users >> >> http://www.sleuthkit.org >> >> >> >> >> >> >> >> >> >> >> ------------------------------------------------------------------------------ >> >> One dashboard for servers and applications across >> Physical-Virtual-Cloud >> >> Widest out-of-the-box monitoring support with 50+ applications >> >> Performance metrics, stats and reports that give you Actionable >> Insights >> >> Deep dive visibility with transaction tracing using APM Insight. >> >> http://ad.doubleclick.net/ddm/clk/290420510;117567292;y >> >> _______________________________________________ >> >> sleuthkit-users mailing list >> >> https://lists.sourceforge.net/lists/listinfo/sleuthkit-users >> >> http://www.sleuthkit.org >> >> >> >> >> > >> > >> > >> ------------------------------------------------------------------------------ >> > One dashboard for servers and applications across Physical-Virtual-Cloud >> > Widest out-of-the-box monitoring support with 50+ applications >> > Performance metrics, stats and reports that give you Actionable Insights >> > Deep dive visibility with transaction tracing using APM Insight. >> > http://ad.doubleclick.net/ddm/clk/290420510;117567292;y >> > _______________________________________________ >> > sleuthkit-users mailing list >> > https://lists.sourceforge.net/lists/listinfo/sleuthkit-users >> > http://www.sleuthkit.org >> > >> > >> -------------- next part -------------- >> An HTML attachment was scrubbed... >> >> ------------------------------ >> >> >> ------------------------------------------------------------------------------ >> One dashboard for servers and applications across Physical-Virtual-Cloud >> Widest out-of-the-box monitoring support with 50+ applications >> Performance metrics, stats and reports that give you Actionable Insights >> Deep dive visibility with transaction tracing using APM Insight. >> http://ad.doubleclick.net/ddm/clk/290420510;117567292;y >> >> ------------------------------ >> >> _______________________________________________ >> sleuthkit-users mailing list >> sle...@li... >> https://lists.sourceforge.net/lists/listinfo/sleuthkit-users >> >> >> End of sleuthkit-users Digest, Vol 107, Issue 6 >> *********************************************** >> > > > > ------------------------------------------------------------------------------ > One dashboard for servers and applications across Physical-Virtual-Cloud > Widest out-of-the-box monitoring support with 50+ applications > Performance metrics, stats and reports that give you Actionable Insights > Deep dive visibility with transaction tracing using APM Insight. > http://ad.doubleclick.net/ddm/clk/290420510;117567292;y > _______________________________________________ > sleuthkit-users mailing list > https://lists.sourceforge.net/lists/listinfo/sleuthkit-users > http://www.sleuthkit.org > > |
