Python Autopsy A Quick Introduction to Scripting Autopsy Brian Carrier

Recommendations

Info

Final Method def process(self, file): if ((file.getSize() > 10000000) and ((file.getSize() % 4096) == 0)): art = file.newArtifact(TSK_INTERESTING_FILE_HIT) att = BlackboardAttribute(TSK_SET_NAME, "Big and Round Files") art.addAttribute(att) return OK • This will find files in all file systems, compound files, carved files, etc. • This provides easy feedback <strong>to</strong> the user. #OSDFCon 24
How the User Uses It #OSDFCon 25
Page 1 and 2: Python Autopsy: A Quick Introductio
Page 3 and 4: Why Did We Choose Python? • We we
Page 5 and 6: Background: Very High-level Program
Page 7 and 8: Methods • Method: A set of instru
Page 9 and 10: Writing An Autopsy Module #OSDFCon
Page 11 and 12: Step #1: Pick Your Module Type •
Page 13 and 14: Types of Ingest Modules E01 File Fi
Page 15 and 16: Summary of Python Module Options
Page 17 and 18: Step #3: Search for “TODO” Adap
Page 19 and 20: Step #4: Publish to User • You ne
Page 21 and 22: Example: Find big and round files
Page 23: Let’s Tell The World About It!
Page 27 and 28: Conclusion • It’s easy to get s

Python Autopsy A Quick Introduction to Scripting Autopsy Brian Carrier

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?