Re: [sleuthkit-users] Information about IngestModule
Brought to you by:
carrier
Menu
▾
▴
Re: [sleuthkit-users] Information about IngestModule
|
From: Brian C. <ca...@sl...> - 2015-05-19 02:57:05
|
Hi Geoffrey, Answers inline. > On May 18, 2015, at 3:51 AM, Geoffrey Wagnier <wag...@gm...> wrote: > > Hi guys, > > Some news about my project with autopsy, > > Now I have my 2 modules installed and it works, > > However I have 2 questions : > > First, is it possible to lunch 2 IngestModule at the same time with differents name ? Sure. You should see both ingest modules listed individually after you add a data source and can enable or disable each. Do you see both modules in there? > Secondly, Results from thoses modules have to be in "Interesting Items" or could we create another folder ? You can use Interesting Items or any of the blackboard artifacts that are already defined: http://sleuthkit.org/sleuthkit/docs/jni-docs/enumorg_1_1sleuthkit_1_1datamodel_1_1_blackboard_artifact_1_1_a_r_t_i_f_a_c_t___t_y_p_e.html In theory, you can also make your own Artifact types and add them to the database, how ever there is currently a limitation that they are not shown in the UI. They need to be part of the official ENUM for them to make their way into the UI. Does that answer your questions? brian |
