[sleuthkit-users] Autopsy Python Tutorial #2: Data Source Ingest Modules
Brought to you by:
carrier
Menu
▾
▴
[sleuthkit-users] Autopsy Python Tutorial #2: Data Source Ingest Modules
|
From: Justin G. <jus...@gm...> - 2015-08-19 16:26:52
|
Note...I found what I think is a bug while following Tutorial #2. If you run a python Data Source Ingest Module against a *LogicalFileSet*, the following will not work from the Tutorial: files = fileManager.findFiles(dataSource, "contacts.db") I've been trying to point Autopsy against a logical directory of JPGs and using "%jpg" as my search string and it won't find any of them. However, when I switch my Data Source to be an image (instead of a LogicalFileSet), it works just fine. -Justin On Mon, Aug 17, 2015 at 6:38 PM, < sle...@li...> wrote: > Send sleuthkit-users mailing list submissions to > sle...@li... > > To subscribe or unsubscribe via the World Wide Web, visit > https://lists.sourceforge.net/lists/listinfo/sleuthkit-users > or, via email, send a message with subject or body 'help' to > sle...@li... > > You can reach the person managing the list at > sle...@li... > > When replying, please edit your Subject line so it is more specific > than "Re: Contents of sleuthkit-users digest..." > > > Today's Topics: > > 1. Autopsy Python Tutorial #2: Data Source Ingest Modules > (Brian Carrier) > 2. Timeline Survey Question (Brian Carrier) > > > ---------------------------------------------------------------------- > > Message: 1 > Date: Mon, 17 Aug 2015 18:01:05 -0400 > From: Brian Carrier <ca...@sl...> > Subject: [sleuthkit-users] Autopsy Python Tutorial #2: Data Source > Ingest Modules > To: sleuthkit-users <sle...@li...> > Message-ID: <889...@sl...> > Content-Type: text/plain; charset=utf-8 > > To help you put $1000 in your pocket as part of the OSDFCon Autopsy Module > challenge ( > http://www.osdfcon.org/2015-event/2015-module-development-contest/), > Basis Technology released another Python tutorial. > > > http://www.basistech.com/python-autopsy-module-tutorial-2-the-data-source-ingest-module/ > > This one is on writing Python-based data source ingest modules and it > covers two topics: > 1) Finding a SQLite database, parsing it, and making blackboard artifacts > 2) Writing a wrapper around a command line tool that takes a disk image as > input > > Final source code is included (which can be used as part of a challenge > submission with a little copy and pasting?.). > > We also uploaded final source code for the first tutorial (on finding big > and round files) for those who followed that one: > > > https://github.com/sleuthkit/autopsy/tree/develop/pythonExamples/July2015FileTutorial_BigRound > > Enjoy! > > brian > > > > > > ------------------------------ > > Message: 2 > Date: Mon, 17 Aug 2015 18:38:13 -0400 > From: Brian Carrier <ca...@sl...> > Subject: [sleuthkit-users] Timeline Survey Question > To: sleuthkit-users <sle...@li...> > Message-ID: <902...@sl...> > Content-Type: text/plain; charset="utf-8" > > We?re reviewing some changes to the timeline module and wanted some > feedback. > > Background: In the ?details? view, we currently cluster together events if > they happen close to each other. But, once there is a gap in events in a > certain folder (or URL), then we break the cluster in the UI. This means > that you could have clusters for the same folder (Program Files in the > below example) that span multiple clusters. Notice in this image below, > there are three ?Program Files? clusters (two in the top row and one in the > fifth row). The motivation for this was that it would be useful to know > that there was a gap in between the clusters of events. > > > > > > > We are looking at an alternative, which is to have a single cluster for > the entire view (regardless of it there is a gap). This means that even if > there are only events at left of the screen and right then it would be a > solid band. It would look something like this: > > > > > The benefit of this would be that it would be obvious of all of the events > in the given description (folder name, for example) and we would waste less > space rewriting the name so often. It comes at the potential downside > though that it may take more vertical space because we could have lots of > sparse bands. > > Opinions? > > > -------------- next part -------------- > An HTML attachment was scrubbed... > -------------- next part -------------- > A non-text attachment was scrubbed... > Name: events_current.png > Type: image/png > Size: 76116 bytes > Desc: not available > -------------- next part -------------- > A non-text attachment was scrubbed... > Name: events_spans.png > Type: image/png > Size: 44972 bytes > Desc: not available > > ------------------------------ > > > ------------------------------------------------------------------------------ > > > ------------------------------ > > _______________________________________________ > sleuthkit-users mailing list > sle...@li... > https://lists.sourceforge.net/lists/listinfo/sleuthkit-users > > > End of sleuthkit-users Digest, Vol 110, Issue 2 > *********************************************** > |
