mstoeck3/autopsy-flatpak
1
0
Fork 0
mirror of https://github.com/overcuriousity/autopsy-flatpak.git synced 2025-07-06 21:00:22 +00:00
Code Issues Packages Projects Releases Wiki Activity

Added section on mobile modules

Browse Source
This commit is contained in:
Brian Carrier 2014-10-05 04:00:54 -04:00
parent b6188f3c79
commit 031c96fb7b
3 changed files with 24 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
docs/doxygen/Doxyfile
View File

@ -670,6 +670,7 @@ INPUT = main.dox \
modReport.dox \ modReport.dox \
modResult.dox \ modResult.dox \
modAdvanced.dox \ modAdvanced.dox \
modMobile.dox \
platformConcepts.dox \ platformConcepts.dox \
regressionTesting.dox \ regressionTesting.dox \
native_libs.dox \ native_libs.dox \

1
docs/doxygen/main.dox
View File

@ -18,6 +18,7 @@ If you want to write modules, then these pages are for you:
- \subpage mod_content_page - \subpage mod_content_page
- \subpage mod_result_page - \subpage mod_result_page
- \subpage adv_dev_page - \subpage adv_dev_page
- \subpage mod_mobile_page
These pages are more detailed if you want to modify Autopsy code instead of writing add-on modules. These pages are more detailed if you want to modify Autopsy code instead of writing add-on modules.
- \subpage workflow_page - \subpage workflow_page

22
docs/doxygen/modMobile.dox Normal file
View File

@ -0,0 +1,22 @@
/*! \page mod_mobile_page Mobile Forensics
\section mod_mobile_overview Overview
Smart phones are basically small computers and Autopsy can parse and analyze the contents of Android and iOS devices. This includes both the official databases and third-party app databaes. This page provides some basic pointers for doing so. It assumes that you have already read \ref mod_ingest_page and know the basics of writing ingest modules.
The basic idea is that you need an ingest module. We've typically written mobile forensics modules as data source-level ingest modules, which means they are passed in a reference to the entire data source and not passed in individual files. We do this because we typically know the path where we expect to find the files and databases of interest.
The ingest module has a basic flow of
- Query for files using the org.sleuthkit.autopsy.casemodule.services.FileManager service
- Parse them or open them with SQLite (you'll need to bring along a SQLite JAR file)
- Create Blackboard Artifacts (see \ref platform_blackboard)
The BlackBoard has standard artifacts for the standard cell phone forensics data types, such as BlackboardArtifact.TSK_CALLLOG.
\section mod_mobile_std Android Module
Autopsy comes with an Android module, as defined in various classes in the org.sleuthkit.autopsy.modules.android package. You can use those classes as a reference example.
Submit pull requests with any additions that you have to these modules.
*/