Meet The Newest Member of the xLeapp FamilyThe newest member of the xLeapp family is lLeapp, which stands for Linux Logs Events Application Program Parser. This program, like all the…May 19, 2022May 19, 2022
Process a ChromeOs Acquisition Using The cLeapp Autopsy PluginWith the introduction of cLeapp (Chrome Logs, Events and Protobuf Parser), I have created an Autopsy plugin that will run cLeapp against a…May 10, 2021May 10, 2021
New Autopsy Modules Now AvailableIt is starting to get to that time of the year where I get ready to submit modules to the OSDFCon Autopsy Module Competition. So far I…Jul 7, 2020Jul 7, 2020
New Release of Autopsy PluginsI have updated my plugins and created a new release of them in my GitHub repository. You can download the new release here.Mar 28, 20191Mar 28, 20191
A Plugin For Developer — Remove ArtifactsWhen I started down my path of creating Autopsy plugins one of the biggest issues I had was in testing them. I would create a case, backup…Dec 6, 2018Dec 6, 2018
ActivitiesCache Autopsy PluginThe ActivitiesCache.db was introduced in Windows 10 version 1803. You can read more details about the database here and here. Eric…Dec 6, 2018Dec 6, 2018
Timesketch with Autopsy DataRenzik now has a new friend in Timesketch. If you have ever wanted to add Timesketch to your Autopsy workflow you now can. The new…Oct 29, 2018Oct 29, 2018
Hashing Non EWF Images In AutopsyAs I was going thru the list of Autopsy requests I found one that talked about hashing Disk Images. Now there is an ingest module to…Aug 28, 2018Aug 28, 2018
New Autopsy Modules Have Been Released……I have released some new modules to my github repository. I will be planning on creating writeups for each one of them within the next…Aug 28, 2018Aug 28, 2018
Parse The Appx Programs In AutopsyHave you recently look at the Settings → Apps → Apps and Features and then compared it to the Program and Features found in the control…May 31, 20182May 31, 20182
Creating A Data Preview Container in Autopsy.Based on feedback from the survey that I posted asking about people’s module needs (that survey can be found here). I wanted to share one…Nov 12, 2017Nov 12, 2017
Custom Reports For YouThis last June Danilo Marques commented on my post “Road to OSDFCon” and said it would be nice to get a custom report as the stock reports…Oct 27, 2017Oct 27, 2017
The Conclusion To The Road To OSDFConWith OSDFCon 2017 over I thought I would write some final words on the plugins I developed for it. In total I wrote 12 plugins for this…Oct 19, 20171Oct 19, 20171
Renzik Can Now See His Shadow!For my 30th plugin I wanted to do something special. Also since this will be the 12th plugin I have submitted to the OSDFCon Autopsy Plugin…Aug 4, 2017Aug 4, 2017
Thumb.db and Thumbcache ParsersIf you ever wanted to parse those thumbs.db files or the thumbcache files using Autopsy then your wait is over. You can now parse both of…Jul 26, 2017Jul 26, 2017
MacOSX Recents PluginThis is the 8th plugin that has been submitted for the OSDFCon plugin competition. This plugin has been in the works for a while. I have…Jun 23, 2017Jun 23, 2017
FSEvents Autopsy Plugin Redux…Nicole Ibrahim posted a blog entry about Apple FSEvents Forensics with some great information. She has updated the program that my Autopsy…Jun 10, 2017Jun 10, 2017
Mac FS Events ParserWhat I have created is a plugin that will export the /.fseventsd directory to the temp folder and will then call an executable program that…May 31, 2017May 31, 2017
Windows File History PluginThis program is the 24th Autopsy plugin that I have created. This plugin is an extension of the research that Ken Johnson did on Windows…Apr 26, 2017Apr 26, 2017
Volatility Autopsy Plugin ModuleIf you ever wanted to do memory analysis in Autopsy you now can. May I present to you the Volatility Autopsy Python plugin module. You can…Apr 23, 20171Apr 23, 20171
