Autopsy  4.1
Graphical digital forensics platform for The Sleuth Kit and other tools.
Module Development Overview

This page covers the motivation for and basics of Autopsy modules. It applies to both Java and Python modules. Later pages will focus on getting the development environment setup and how to write specific modules.

Why Write Modules?

When writing digital forensics programs, the developer often has to focus on three areas:

The main reason for considering writing an Autopsy module instead of a stand-alone tool is that Autopsy will deal with the various data inputs and showing the user the results. All you need to do is focus on the analytics.

Types of Modules

Autopsy was designed to be an extensible platform for other developers to leverage. There are several places in the platform where plug-in modules can be applied.

Languages

Autopsy is written in Java and all of previously listed modules can also be written in Java. The Java Development Setup page covers setup of a Java environment.

You can also write some of the modules in Python, namely ingest an report modules. The setup for Python is far easier than Java, so it is the easiest way to get started. See Python Development Setup for setup details. Python modules have access to all of the same services as Java modules do, except they cannot currently make UI elements. Therefore, you really should read all of this document (even though it is Java-focused) because it can all be used in Python.

Basic Concepts

Before we focus on the development environment or module details, let's cover some basic Autopsy concepts.

The Blackboard

The blackboard allows modules to communicate with each other and the UI. It has three main uses in Autopsy:

The blackboard is not unique to Autopsy. It is part of The Sleuth Kit datamodel and The Sleuth Kit Framework. In the name of reducing the amount of documentation that we need to maintain, we provide links here to those documentation sources.

Framework Services and Utilities

Autopsy provides services and utilities to make it easier to write modules. Unfortunately, the utilities and services are scattered in various packages. Below is a list of things commonly used in modules. If you don't find something in here that you think should be a framework service, let us know and we'll talk about adding it for other writers to benefit.


Copyright © 2012-2016 Basis Technology. Generated on: Tue Oct 25 2016
This work is licensed under a Creative Commons Attribution-Share Alike 3.0 United States License.