Autopsy Python Multi-User Modules

Autopsy allows examiners to collaborate on investigations using the multi-user case feature that shares database, message broker, search and storage resources. 
I wanted to write an Autopsy Module with Python to take advantage of the Multi-User Case collaboration benefits.
Also apply lessons learned from the 2015 Autopsy Module Development Contest to simplify external python library imports and create a flexible user interface.
HashDump was built as a proof of concept that requires the Hash Lookup Ingest Module be run prior to calculate the MD5 hashes.

HashDump.py builds the ingest module for the Autopsy user interface that passes the case file location as an argument to the HashDump.exe python program. 
HashDump.exe uses the case file (.AUT) that contains the information necessary for SQLite single-user database connections.  Multi-user PostgreSQL database connections also require information from the core.properties file in the examiners roaming profile.   
The examiner is presented a python generated user interface to select the hashes for export.
The python user interface closes once the database export is completed.  HashDump.py resumes control adding the HashDump.txt file in the base of the case folder to the report view.
The code is up on GitHub for use or better yet write your own Autopsy Python Multi-User Module for the 2016 Autopsy Module Development Contest at OSDFCon.
Happy Coding!!
John Lukach
@jblukach

2 thoughts on “Autopsy Python Multi-User Modules”

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s