forked from sleuthkit/sleuthkit
-
Notifications
You must be signed in to change notification settings - Fork 1
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
4 changed files
with
105 additions
and
7 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,63 @@ | ||
Sleuth Kit Framework | ||
|
||
Binary Distribution | ||
|
||
|
||
May 2012 | ||
|
||
|
||
OVERVIEW | ||
|
||
|
||
This document describes the binary distribution of The Sleuth Kit (TSK) | ||
Framework. The framework makes it easier to develop end-to-end digital | ||
forensics systems that analyze disk images. It provides a plug-in | ||
infrastructure that allows you to have modules to do various types of | ||
file analysis. The binary distribution of the framework comes with | ||
pre-compiled tools that use the framework, including the a basic set of | ||
"official" modules. You can find other third-party modules that you | ||
can also use with the framework. | ||
|
||
NOTE: This is not an SDK package that would be used to develop systems | ||
that leverage the framework. The binary distribution package provides | ||
access to the tsk_anlayzeimg tool that allows you to analyze a disk | ||
image using the framework and other pre-compiled programs. | ||
|
||
|
||
|
||
FRAMEWORK BASICS | ||
|
||
Refer to the documentation on the sleuthkit.org website for the | ||
framework basics. | ||
|
||
http://www.sleuthkit.org/sleuthkit/docs/framework-docs | ||
|
||
|
||
|
||
FRAMEWORK SETUP | ||
|
||
The framework and pipeline configuration files are both in the bin | ||
directory. The analysis modules are all located in the modules | ||
folder. If you want to add more modules to the system, then you can | ||
copy them into that folder and update the pipeline configuration file. | ||
|
||
|
||
The README documents for each of the modules can be found in the docs | ||
folder. | ||
|
||
|
||
|
||
USING THE FRAMEWORK | ||
|
||
|
||
The framework will be most useful when it starts to get incorporated into | ||
more tools and starts to have more modules written for it. For now, the | ||
easiest way to use the framework is using tsk_analyzeimg. It will take | ||
a disk image as input, populate a SQLite datbase, and run the pipelines | ||
on its contents. You can run the standard set of modules on an image or | ||
you can add other third-party modules. | ||
|
||
|
||
----------------------------------------------------------------------- | ||
Brian Carrier | ||
carrier <at> sleuthkit <dot> org |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,6 @@ | ||
<?xml version="1.0" encoding="utf-8"?> | ||
<TSK_FRAMEWORK_CONFIG> | ||
<MODULE_DIR>..\modules\</MODULE_DIR> | ||
<CONFIG_DIR>.\</CONFIG_DIR> | ||
<PIPELINE_CONFIG_FILE>pipeline_config.xml</PIPELINE_CONFIG_FILE> | ||
</TSK_FRAMEWORK_CONFIG> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters