New Release of Autopsy Plugins
I have updated my plugins and created a new release of them in my GitHub repository. You can download the new release here.
Whats New in this release? I have added the following new plugins:
Create Datasource Hashset
Process Activities Cache
Process Teracopy
Remove Artifacts
Timesketch
Whats fixed in this release? I have fixed the following error so it will no longer appear.
Along with this error your options will now be remembered for the next time that you run one of my plugins. This should also make it so you can use them if you create ingest profiles (I have not tested this yet but will plan on doing so soon).
Linux support has now been added as well for everyone that wants to run Autopsy on Linux. I have included a tar file with all the plugins and the executable files that can run in Linux. The following plugins have been tested using Caine 10.0.
- Amazon Echosystem Parser
- CCM Recently Used Apps
- Create Datasource Hashset
- File History
- Gui Test Plugins
- Hash Images
- Jump List AD
- MacFSEvents
- Parse PList
- SAM Parse
- Parse Shellbags
- Parse SQLite DBs
- Parse Usnj
- Plaso
- Process Activities Cache
- Parse Amache
- Process Appx Programs
- Process Appxreg Programs
- Parse EVTX
- Parse EVTX by Event ID
- Process Prefetch V41
- Process SRUDB
- Process Teracopy
- Process Windows Mail
- Remove Artifacts
- Shimache Parser
- Spotlight Parser
- Timesketch
- Volatility
- Webcache
- Windows Internals
Now there are a few more plugins that have to be converted yet but the majority of them have been completed.
So what is next? I don’t know you faithful readers tell me. Is there interest in also making the plugins work on Autopsy in a Mac OS environment? Any new plugins someone needs. Fixes to something that is broke? Let me know what you want to see next.
As always comments/suggestions welcome. Enjoy these plugins!
