Some time ago I was thinking of continuing the development of SmutDetect: maybe adding a GUI and implementing other ideas and insights I gathered since first publishing it. Luckily I noticed that autopsy got a refresh from the web-browser base to a Java environment (my language of choice – brilliant). Sadly the way this was done means I would need to change from Eclipse to NetBeans to facilitate the NetBeans module development. *Not amazing at all*
Not wanting to re-invent the wheel and interested in the challenge I decided to go down the route of making an autopsy module.
After a few weeks of reading up on the matter, getting used to NetBeans and some recoding the first working version of SmutDetect4Autopsy is up and running:
First successful port of SmutDetect as an autopsy ingest module (some thumbnails pix-elated for web-use)
As you can see above, I am using the TSK_TAG_FILE Blackboard artifact type to sort the images into the different skin tone percentage bands (intervals of 10). For whatever reason the File Tags do not get sorted alphabetically but rather what I assume is creation time. This allows the Thumbnail overview of table view to each group while the detailed results are stored in the tag’s comments. This is fine for the report modules existing already but seems a bit limiting for more advanced views and reports. To port some of the more advanced features I need to do some more reading and find an alternative.
Old SmutDetect HTML Report as comparison
Due to the really early alpha status this module is not available for download yet but if you are interest please just email me 🙂
Some resources I have found useful so far:
- Source Code of the EXIF Parser and Scalpel Module
- http://www.sleuthkit.org/autopsy/docs/api-docs/
- http://sleuthkit.org/sleuthkit/docs/framework-docs/TskBlackboard_8h.html
- http://wiki.sleuthkit.org/index.php?title=Artifact_Examples