The Conclusion To The Road To OSDFCon

With OSDFCon 2017 over I thought I would write some final words on the plugins I developed for it. In total I wrote 12 plugins for this years competition which were:

CCM RecentlyUsedApps, Cuckoo, File History, MacFSEvents, MacOSX Recent, MacOSX Safari, Plaso, Process EVTX By EventID, Process Extract VSS, Thumbcache Parser, Thumbs.db Parser, Volatility

The first place winner for this years plugin contest was Process Extract VSS. Now I have to tell you I am a little surprised by this as looking at the number of views for the plugins I wrote (based on Medium), I would have thought the Volatility plugin would have won.

One of the take-away’s from the conference this year is that it would be nice if there were some central repository for all the plugins. Well at least for my plugins I am listening. What I have done is created a NSIS installer program for all of my plugins so you only have to download the executable file and run it, it will put all my plugins into the proper plugin directory to be used by Autopsy. You can find that installer program here.

So what’s next on the horizon for plugin development? Should I keep creating Ingest modules, or work on content modules or reporting modules. I am always looking for ideas so here is your chance to influence what module’s and type of modules I work on next. Here is a link to a short survey (3 questions) on what you would like to see. From my last survey about plugins that people wanted to see I completed most of the requests (need to tweak a few things yet on some of them). So help the community out and tell me what you want to see.