Handle new formats by developing plugins with the Hansken SDK
Our partners are constantly being confronted with new requirements in terms of data formats, information requests and algorithms to apply. It is essential to be able to implement new functionality within short lead times, as investigations are continuously evolving. The Hansken software development kit (SDK) is a powerful tool for developing extraction plugins that can handle new digital formats as well as detect and analyze new types of traces.
The Hansken SDK is delivered as a virtual machine appliance (.ova file) which includes an academic version of the Hansken all-in-one runtime plus documentation on the Hansken trace model, query language and all of the APIs. Partners can make plugins to help with their own investigations. And by sharing and reusing them, we can all help Hansken grow. We've been working on improving the Hansken SDK, and a more mature version is now available for Hansken Community partners.
Work on a constant development
As the Hansken digital forensics environment is an open system, it creates opportunities for all partners. Thanks to open applications programming interfaces (APIs), users can develop and link functionalities (extraction plugins and python scripts) themselves, answering their own needs. This guarantees a stable development path for the core Hansken framework, while facilitating the introduction of new functions and features whenever necessary. Hansken extraction plugins help to strengthen the Hansken community's knowledge and experience, while we share developments with one another.
What does the SDK do?
So, the SDK offers extensive opportunities for adding new digital forensics knowledge to Hansken. This includes new extraction plugins that understand new file formats, such as new cryptocurrency wallets. We can also introduce more advanced analysis of traces by combining existing functions and (AI) technologies. For example, a plugin has been developed for recognizing whether video material has been only stored on a device or actually played using the media player, for example. Plugins can also be used to automatically recognize the use of specific languages in documents, translate content, create speech-to-text extractions from audio files and search for specific objects in images.
New visualisations
With the introduction of new data formats and analysis by extraction plugins and scripts, the need for new types of visualisation arises. For instance, the extraction of user activity from health app data may be much better visualised with a heatmap rather than by a list of results formatted in a grid. The Hansken SDK enables developers to develop new visualisations with the Hansken Python API or even extend the Hansken web interface using the REST API and the Hansken Javascript API.
An introduction to Hansken
Another relevant asset of the SDK is that it provides a proper introduction to Hansken. Being a virtual machine, the SDK provides a complete version of the platform, which allows potential partners to test what Hansken is capable of. If you are interested in this process, please contact us for more information.