Sponsored by
2015 Autopsy Module Development Contest
Congratulations to the winners of this years competition.
This years winners (with links to their projects) are:
1) Prefetch Parser by Mark McKinnon.
- Parses prefetch on a windows computer and displays the details in the UI.
- Module: http://
redwolfcomputerforensics.com/ downloads/Autopsy_Python_ Module_Process_Prefetch_Files. zip
2) Context Adding Modules by John Lukach. Set of modules to provide further context for files being analyzed:
- GoldBuild – Export MD5 hashes to create a hash library for analysis
- LowHangingFruit – Export unknown hashes after analysis for Virus Total comparisons
- BuildMetaInfo – Export full path to SQLite database for meta data gold build
- MatchMetaInfo – Compare meta data to identify unknown full paths hidden in plain sight
- FileMarker – Quick collection of important disk artifacts for triage
- Module: https://github.com/jblukach/
AutopsyModules
3) OpenPGP Detector by Rob Hansen
- Flags files commonly associated with OpenPGP keyring data as interesting, setting them aside for the user to later examine.
- Module: Not yet posted.
Contest Overview
Basis Technology is again sponsoring an Autopsy Module Development Contest. The goal is to encourage developers to write Autopsy modules instead of stand-alone tools. Now that Autopsy supports Python modules, this is easier than ever.
Writing new functionality as Autopsy modules makes users happy because they don’t have to jump between tools and it makes developers happy because they get to ignore details about file system, image formats, and interfaces.
You can write ingest modules that focus on processing all of the drive data, content viewer modules that focus on displaying a single file, report modules that focus on exporting data from the case, or an external module that provides its own UI (similar to the timeline viewer in Autopsy). Attendees of OSDFCon will vote on the winners, who will receive cash prizes.
Prizes
- First Prize: $1500
- Second Prize: 500
- Third Prize: $250
Getting Started
If you need an idea, then you an refer to the github issue tracker:
https://github.com/sleuthkit/autopsy/issues?labels=Feature+Request&page=1&state=open
Once you have your idea, you can refer to the Autopsy Developer’s Guide for instructions on writing Java or Python modules:
http://sleuthkit.org/autopsy/docs/api-docs/3.1/
We’ve also posted a blog series on writing Python modules. They can be found here:
http://www.basistech.com/python-autopsy-module-tutorial-1-the-file-ingest-module/
http://www.basistech.com/python-autopsy-module-tutorial-2-the-data-source-ingest-module/
http://www.basistech.com/python-autopsy-module-tutorial-3-the-report-module
Guidelines
- The Autopsy modules must provide value in a forensics or incident response use case.
- The module must be released as open source software by the submission deadline under one of the licenses approved by the Open Source Initiative.
- By submitting an entry, you declare that you have the right to license and submit the module.
- The contest organizers will test the module before the conference to verify that it basically operates as stated.
- You must either give a 5 minute presentation and demo at OSDFCon or submit a 5 minute video. If you cannot attend the conference, the video must be submitted by October 23, 2015.
- In order to collect the cash prizes, winners need to provide a legal picture identification and bank account information within 30 days of notification. Bank payment transfer will be made within two weeks after winners are authenticated.
- Group entries are allowed; prizes will be paid to the person designated by the group.
- Employees of Basis Technology are not eligible.
How To Submit
Submissions should be sent to autopsy-contest-2015@osdfcon.org no later than October 16, 2015. The submission should include the module (.NBM file for Java modules, .ZIP file for Python modules), test data to demo the module, and answers to the following questions:
- Name of module
- Names of authors
- Minimum version of Autopsy required
- Description of what module does
- Will the authors attend OSDFCon?
- URL of where source code can be found
- License of source code
Contact:
Any contest specific questions should be sent to autopsy-contest-2015@osdfcon.org. Any Autopsy or development related questions should be sent to: sleuthkit-developers@lists.sourceforge.net or http://forum.sleuthkit.org.
Disclaimer:
Prizes are considered taxable income. Basis Technology must report prizes over $600 to the IRS. If you win the first place prize, you will need to provide Basis Technology with your Tax ID. If you do not feel comfortable doing this, we can donate it to a charity of your choice.