Brian Carrier (Honorary Board Member) , Ph.D. (Basis Technology)

Abstract

Autopsy 3 is an open-source digital forensics platform that now has support for Python modules. If you want to quickly write some fancy digital forensics analytics, then an Autopsy Python module is the perfect place for it. Autopsy allows you to support file system, carved, or logical files without you needing to worry about where they came from. 

Autopsy makes it easy for results to be shown in the UI without you needing to write any UI code (you just post name and value pairs to the database). If you just want to focus on data analysis and not where your data is coming from, UIs, or reports, then Autopsy is what you want. 

The first part of the workshop will be an overview of writing Autopsy modules. We'll start with the sample modules and edit as needed. 

The second part will be hack-a-thon style and you get to write whatever module you want and we'll answer questions that you have along the way. 

There will be a prize for the best module. 

Participants should bring a laptop computer that has Autopsy 3 installed.