I followed this https://www.autopsy.com/python-autopsy-module-tutorial-1-the-file-ingest-module/ tutorial.
So this tutorial just gives us the files based on size, however I want to modify and return files based on artifacts.
My idea is , I am developing a plugin and the plugin comes with local database file that has loads of artifacts. I read those artifacts from that database in the plugin , and I want to start comparison if the file matches that artifact ( lets say file name, or file path or file type ) I want to return those files that are valuable for me.
What is best way of accomplishing this? Knowing also the file path that I have in my artifact might be different in the disk image.
The artifact object has properties artifact_name, device, sha_hash, md5_hash, artifact_type, stored_file_location …