Autopsy
4.14.0
Graphical digital forensics platform for The Sleuth Kit and other tools.
|
These aren't really advanced, but you don't need to know them in detail when you start your first module. You'll want to refer back to them after you get started and wonder, "how do I do X".
Some modules may have configuration settings that uses can change. We recommend that you use the infrastructure provided by Autopsy and NetBeans to do this so that all module condiguration is done in a single place.
Note: This option panel applies to all module types. Ingest modules have a second type of option panel that can be accessed when a data source is added to a case. Refer to User Options and Configuration for details on how to use those option panels.
To add a panel to the options menu, right click the module and choose New > Other. Under the Module Development category, select Options Panel and press Next.
Select Create Primary Panel, name the panel (preferably with the module's name), select an icon, and add keywords, then click Next and Finish. Note that NetBeans will automatically copy the selected icon to the module's directory if not already there.
NetBeans will generate two Java files for you, the panel and the controller. For now, we only need to focus on the panel.
First, use NetBeans' GUI builder to design the panel. Be sure to include all options, settings, preferences, etc for the module, as this is what the user will see. The recommended size of an options panel is about 675 x 500.
Second, in the source code of the panel, there are two important methods: load()
and store()
. When the options panel is opened via Tools > Options in Autopsy, the load()
method will be called. Conversely, when the user presses OK after editing the options, the store()
method will be called.
If one wishes to make any additional panels within the original options panel, or panels which the original opens, Autopsy provides the org.sleuthkit.autopsy.corecomponents.OptionsPanel interface to help. This interface requires the store()
and load()
functions also be provided in the separate panels, allowing for easier child storing and loading.
Any storing or loading of settings or properties should be done in the store()
and load()
methods.
Autopsy will generate events as the application runs and modules may want to listen for those events so that they can change their state. There is not an exhaustive list of events, but here are some common ones to listen for:
Preventing a user from modifying settings during ingest can be accomplished by listening for Ingest Job Events, and when there is an event setting the enabled status of those settings based off the opposite of IngestManager.getInstance().isIngestRunning(), which returns a boolean.
You can make a right-click menu that is displayed in the table. To do this, make a class that implements org.sleuthkit.autopsy.corecomponentinterfaces.ContextMenuActionsProvider and has the class as a ServiceProvider. Such as:
@ServiceProvider(service = ContextMenuActionsProvider.class) public class SubmitContextMenuActionsProvider implements ContextMenuActionsProvider {
You can then implement a getActions() method that can decide if it should provide an action and returns the Actions that are relevant.
For an example, refer to org.sleuthkit.autopsy.modules.fileextmismatch.FileExtMismatchContextMenuActionsProvider (github).
Copyright © 2012-2020 Basis Technology. Generated on: Wed Apr 8 2020
This work is licensed under a
Creative Commons Attribution-Share Alike 3.0 United States License.