Activity on the system or from an application. Example Usage is a mobile device being locked and unlocked.
.
### REQUIRED ATTRIBUTES
- TSK_DATETIME_START (When activity Started)
or
TSK_DATETIME
### OPTIONAL ATTRIBUTES
- TSK_ACTIVITY_TYPE (Activity Type ie: On or Off)
- TSK_DATETIME_END (When activity ended)
- TSK_PROG_NAME (Name of the program doing the activity)
- TSK_VALUE (Connection Type)
---
## TSK_ASSOCIATED_OBJECT
## TSK_ASSOCIATED_OBJECT
Provides a backwards link to an artifact that references the parent file of this artifact. Example usage is that a downloaded file will have this artifact and it will point back to the TSK_WEB_DOWNLOAD artifact that is associated with a browser's SQLite database. See \ref jni_bb_associated_object.
Provides a backwards link to an artifact that references the parent file of this artifact. Example usage is that a downloaded file will have this artifact and it will point back to the TSK_WEB_DOWNLOAD artifact that is associated with a browser's SQLite database. See \ref jni_bb_associated_object.
...
@@ -43,6 +60,20 @@ Provides a backwards link to an artifact that references the parent file of this
...
@@ -43,6 +60,20 @@ Provides a backwards link to an artifact that references the parent file of this
- TSK_ASSOCIATED_ARTIFACT (Artifact ID of associated artifact)
- TSK_ASSOCIATED_ARTIFACT (Artifact ID of associated artifact)
---
## TSK_BACKUP
Details about System/Aplication/File backups.
### REQUIRED ATTRIBUTES
- TSK_DATETIME_STARTED (Date/Time the backup happened)
or
TSK_DATETIME
### OPTIONAL ATTRIBUTES
- TSK_DATETIME_ENDED (Date/Time the backup ended)
---
---
## TSK_BLUETOOTH_ADAPTER
## TSK_BLUETOOTH_ADAPTER
Details about a Bluetooth adapter.
Details about a Bluetooth adapter.
...
@@ -136,6 +167,20 @@ Describes how a data source was used, e.g., as a SIM card or an OS drive (such a
...
@@ -136,6 +167,20 @@ Describes how a data source was used, e.g., as a SIM card or an OS drive (such a
- TSK_DESCRIPTION (Description of the usage, e.g., "OS Drive (Windows Vista)").
- TSK_DESCRIPTION (Description of the usage, e.g., "OS Drive (Windows Vista)").
---
## TSK_DELETED_PROG
Programs that have been deleted from the system.
### REQUIRED ATTRIBUTES
- TSK_DATETIME_DELETED (Date/Time the program was deleted)
or
TSK_DATETIME
- TSK_PROG_NAME (Program that was deleted)
### OPTIONAL Attributes
- TSK_PATH (Location where the program resided before being deleted)
---
---
## TSK_DEVICE_ATTACHED
## TSK_DEVICE_ATTACHED
...
@@ -163,6 +208,16 @@ Details about a device data source.
...
@@ -163,6 +208,16 @@ Details about a device data source.
- TSK_IMSI (IMSI number of the device)
- TSK_IMSI (IMSI number of the device)
---
## TSK_DHCP_INFO
DHCP information that is stored.
### REQUIRED ATTRIBUTES
- TSK_NAME (Description of Information)
- TSK_VALUE (Value of Information)
---
---
## TSK_EMAIL_MSG
## TSK_EMAIL_MSG
...
@@ -447,6 +502,20 @@ EXIF metadata found in an image or audio file.
...
@@ -447,6 +502,20 @@ EXIF metadata found in an image or audio file.
- TSK_GEO_LONGITUDE (The camera's longitude when the image/audio was taken)
- TSK_GEO_LONGITUDE (The camera's longitude when the image/audio was taken)
---
## TSK_NOTIFICATION
Notifications to the user.
### REQUIRED ATTRIBUTES
- TSK_DATETIME (When the notification was sent/received)
- TSK_PROG_NAME (Program to send/receive notification)
### OPTIONAL ATTRIBUTES
- TSK_TITLE (Title of the notification)
- TSK_VALUE (Message being sent or received)
---
---
## TSK_OBJECT_DETECTED
## TSK_OBJECT_DETECTED
Indicates that an object was detected in a media file. Typically used by computer vision software to classify images.
Indicates that an object was detected in a media file. Typically used by computer vision software to classify images.
...
@@ -556,6 +625,18 @@ Details about a remote drive found in the data source.
...
@@ -556,6 +625,18 @@ Details about a remote drive found in the data source.
---
## TSK_SCREEN_SHOTS
Screen shots from a device or Application.
### REQUIRED ATTRIBUTES
- TSK_DATETIME (When the screenshot was taken)
- TSK_PROG_NAME (Program that took the screenshot)
