Plug Me In Renzik, Autopsy Plugins Now And In The Future
Mark McKinnon
Davenport University
Autopsy
Autopsy is a GUI based platform to perform forensic analysis on digital media/files. The platform was designed to allow plugins so that an examiner can extend Autopsy’s ability to perform more detailed analysis. This presentation will look at the modules that I and others have created to extend Autopsy’s functionality. We will discuss/show current plugins and how to use them and what changes/additions can or need to be made as well as look into the future and see what Autopsy plugins examiners want/need.
About Mark McKinnonMark McKinnon has over 28 years experience in IT. He started his career writing programs on a mainframe computer, then went on to do systems analysis, database administration, security audits and finally computer forensics. He received his computer forensic training from Key Computer Service through their training partnership with Kennesaw State University in Georgia.
Mark is a Certified Computer Examiner (CCE) and an GIAC Certified Incident Handler through SANS. He is active on many Computer Forensics forums helping other forensic examiners with technical problems and has contributed to the SANS Digital Forensics and Incident Response blog.
In 2005, Mark started RedWolf Computer Forensics and developed a program called “Drive Prophet” which is a triage program for Windows Systems. He has created many free programs used by forensic examiners around the world including Skype Log Parser, Google Chrome Parser, Windows Prefetch Parser, MFT Parser and the Vista Thumbcache Parser on which Mark holds a US copyright.
Mark is currently an Assistant Professor at Davenport University where he teaches Digital Forensics, Cyber Defense and Computer Science.
Mark has written over 45 python plugins for Autopsy. He also took 1st place and 3rd place and 1st place in the OSDFCon 2015, 2016 and 2017 Autopsy Python plugin module competition.
Mark has presented at the OSDFCon Conference, DoD Cybercrime conference and several regional conferences. He has also been interviewed on several podcasts.