Wondering if its possible to ingest GK extractions of iPhone and Android into autopsy to take advantage of the aleapp and ileapp modules?
I do not know anything about GK and what output format it provides but if you can run iLeapp/aLeapp against the GK output then yes, you could do the same in Autopsy. You can look at the docs here in how to run it. Autopsy User Documentation: iOS Analyzer (iLEAPP) or Autopsy User Documentation: Android Analyzer (aLEAPP). If you have more questions about it let me know.
Mark
I can run them in iLeapp and Aleapp. They are zipped files so I was having trouble deciding what type of source file they would be for Autopsy.
Hi, did you ever have any success ingesting them? I would like to do the same thing.
As long as the GK extraction could be run against aLeapp/iLeapp then it should be supported with aLeapp/iLeapp ingest module. If anyone wants to offer up a GK extraction I will validate it.
Sorry for the delay…
It did work but I got more data running it through ALEAPP
Yes you will as the aLeapp version is older and not all artifacts are mapped into Autopsy. If more artifacts get mapped then it will be comparable. I am working on upgrading the aLeapp and iLeapp versions in Autopsy so that will solve their version problem. Mapping will be the next hurdle.
Thank you friends! I really appreciate your help. Would it be unusual for an ingestion to literally take days to complete? My laptop is a bit old, and I just let it run the modules it wanted, but it is going on forever.
Hi, so it finally ingested the GK (it is 64 G, but I can share it if you want a live extraction to test everything on. I am running into difficultly actually seeing the videos in it. They come up as mp4, but we can’t get them to open on any applications. Within Autopsy it says “Error while parsing/ displaying plist file”.