[sleuthkit-developers] Thoughts about an interface

[Márcio C. <ma...@di...>]

Hello, all!

I'm new here. I'm from Brazil, and I work with computer forensics (and other forensics areas too).

I'd like to help Autopsy in some way. I'm searching for a almost complete tool (as "complete" is something dificult!), and I think Autopsy+Sleuth is going in that direction. Of course that I'm looking for a open solution.

I have nothing against the web interface, but everybody seems to agree that is not the ideal. So, I'm thinking in a new interface, with some features:

- based on something like GTK, or QT. There are other options, and I'd love sugestions. In fact, I'm not an expert in GUI toolkits.

- same as Autopsy: cases, with hosts, with images, etc. The possibilities for add-ons/plugins/new functions.

- work with multiple users on the cases, like Autopsy. In an environment with investigators having fast machines, we can just centralize the evidence locker (each investigator runs an Autopsy). In an environment with only a fast machine, the investigators could run it on the "server"). There are a lot of possibilities here... One common locker can be implemented using NFS or other network fs, transparently to Autopsy. I don't know how far we have to go in this aspect.

- a lot of useful tools as described in this list. Maybe a lot of those can be implemented outside the interface, as libs or independent apps, so they can be used in scripts or with another interface (I don't imagine a text interface, but who knows?)

- so far I'm thinking about C. But could be another options... I saw a message here about a software called Rex, but I couldn't run it, had problems with Java and the installation. Portability is great, but I'm not so worried about Windows so far...

That seems great in my imagination, but there is a long way to get there... Does anybody has comments, suggestions, and energy to help me? :-) Should I (we) really go in this direction?

Best regards,

Márcio.