Skip to content
Snippets Groups Projects
Commit bd6761e2 authored by esaunders's avatar esaunders
Browse files

Merge branch 'master' of github.com:basis-technology-corp/sleuthkit

parents 98bb5b88 02bb095e
Branches
Tags
No related merge requests found
Hide whitespace changes
Inline Side-by-side
framework/docs/basics.dox
+ 2
2
View file @ bd6761e2
...@@ -2,11 +2,11 @@ ...@@ -2,11 +2,11 @@
<h3>Basic Concepts</h3> <h3>Basic Concepts</h3>
<ul> <ul>
<li><b>Central Database:</b> All data is stored in a central database, which can be as simple as a local SQLite file or as complex as a database managed by a database server. The details are hidden from the modules because the TskImgDB class is used to store and retrieve data.</li> <li><b>Central Database:</b> All data is stored in a central database, which can be as simple as a local SQLite file or as complex as a database managed by a database server. The details are hidden from the modules because the TskImgDB class is used to store and retrieve data from the central database.</li>
<li><b>Services:</b> There are core services that the framework provides to the programs that incorporate the framework and to the modules that fit into the framework. See \ref mod_stuff_services for more details.</li> <li><b>Services:</b> There are core services that the framework provides to the programs that incorporate the framework and to the modules that fit into the framework. See \ref mod_stuff_services for more details.</li>
<li><b>Pipelines and Plug-in Modules:</b> The framework provides a pipeline infrastructure that modules can be dropped into. The framework comes with basic modules, but it is expected that other developers will provide modules that can be used. See \ref pipeline_config_page and \ref mod_devpage to learn how to build pipelines and modules.</li> <li><b>Pipelines and Plug-In Modules:</b> The framework provides a pipeline infrastructure that modules can be dropped into. The framework comes with basic modules, but it is expected that other developers will provide modules that can be used. See \ref pipeline_config_page and \ref mod_devpage to learn how to build pipelines and modules.</li>
<li><b>Blackboard:</b> The framework uses a blackboard to allow modules to communicate. Modules can post results to the blackboard and other modules can query the blackboard for previous findings. See \ref mod_bbpage for more details. </li> <li><b>Blackboard:</b> The framework uses a blackboard to allow modules to communicate. Modules can post results to the blackboard and other modules can query the blackboard for previous findings. See \ref mod_bbpage for more details. </li>
......
framework/docs/img_db_schema_v1_5.dox
+ 1
1
View file @ bd6761e2
...@@ -5,7 +5,7 @@ ...@@ -5,7 +5,7 @@
\subsection db_info_table db_info \subsection db_info_table db_info
Contains metadata about the software that produced the image database. Contains metadata about the software that produced the image database.
- <i>name</i> - Name of the software, e.g., DBSchema, Sleuth Kit, etc. (TEXT) - <i>name</i> - Name of the software, e.g., DBSchema, Sleuth Kit, etc. (TEXT)
- <i>version</i> - Version of the software, e.g., 1.5, 4.0.0b1, etc. (TEXT) - <i>version</i> - Version of the software, e.g., 1.5, 4.0.0, etc. (TEXT)
\subsection modules_table modules \subsection modules_table modules
Contains one row for each module used to produce the image database. Contains one row for each module used to produce the image database.
......
framework/docs/main.dox
+ 5
2
View file @ bd6761e2
/*! \mainpage The Sleuth Kit (TSK) Framework User's Guide and API Reference /*! \mainpage The Sleuth Kit (TSK) Framework User's Guide and API Reference
<h3>Overview</h3> <h3>Overview</h3>
The framework in TSK makes it easier to build automated, end-to-end digital forensics applications. It's plug-in pipelines allow you to incorporate a variety of analysis techniques. The framework was designed to be used in a distributed environment so that jobs could be scheduled among a cluster of computers, but it can also be used in a simple desktop environment. The tsk_analyzeimg program is an example of a desktop program that uses the framework. The framework in TSK makes it easier to build automated, end-to-end digital forensics applications.
It's plug-in pipelines allow you to incorporate a variety of analysis techniques.
The framework was designed to be used in a distributed environment so that jobs could be scheduled among a cluster of computers, but it can also be used in a simple desktop environment.
The tsk_analyzeimg program provided with the Sleuth Kit is an example of a desktop program that uses the framework.
If you need only volume and file system-level support, then the original Sleuth Kit library may be all you need. If you want an end-to-end solution though, then the framework will help solve your problems. If you need only volume and file system-level support, then the original Sleuth Kit library may be all you need. If you want an end-to-end solution though, then the framework will help solve your problems.
...@@ -25,7 +28,7 @@ The following pages are relevant when developing modules to be used in the frame ...@@ -25,7 +28,7 @@ The following pages are relevant when developing modules to be used in the frame
<h3>Developers Guide to Using the Framework</h3> <h3>Developers Guide to Using the Framework</h3>
The following pages are relevant when integrating the framework into an existing application. The following pages are relevant when integrating the framework into a new or existing application.
- \subpage fw_setup_page - \subpage fw_setup_page
- \subpage fw_extract_page - \subpage fw_extract_page
- \subpage fw_pipeline_page - \subpage fw_pipeline_page
......
framework/docs/module_blackboard.dox
+ 1
1
View file @ bd6761e2
...@@ -112,7 +112,7 @@ The artifacts are added to the underlying database as soon as it is created and ...@@ -112,7 +112,7 @@ The artifacts are added to the underlying database as soon as it is created and
\section bb_query Querying the Blackboard \section bb_query Querying the Blackboard
There are a variety of get methods in TskFile that allow you to get artifacts and attributes for a given file (TskFile.getArtifacts() for example). There are also methods in TskBlackboard that allow you to get artifacts and attributes across all files (TskBlackboard.getArtifacts for example). There are a variety of get methods in TskFile that allow you to get artifacts and attributes for a given file (TskFile.getArtifacts() for example). There are also methods in TskBlackboard that allow you to get artifacts and attributes across all files (TskBlackboard.getArtifacts for example).
TODO: ADD MORE HERE. <!--TODO: ADD MORE HERE.-->
*/ */
framework/docs/pipeline.dox
+ 2
2
View file @ bd6761e2
...@@ -8,7 +8,7 @@ Modules can communicate with each other, so the MD5 hash could be passed from th ...@@ -8,7 +8,7 @@ Modules can communicate with each other, so the MD5 hash could be passed from th
Pipelines are configured using an XML file, which is described later. Pipelines are configured using an XML file, which is described later.
\section pipe_types File Analysis vs. Post-processing Pipelines \section pipe_types File Analysis vs. Post-Processing Pipelines
The framework currently supports two types of pipelines: file analysis pipelines and post-processing pipelines. The framework currently supports two types of pipelines: file analysis pipelines and post-processing pipelines.
Each type of pipeline is used in a different context. Each type of pipeline is used in a different context.
...@@ -25,7 +25,7 @@ Second, a post-processing module is a more efficient mechanism for analyzing a s ...@@ -25,7 +25,7 @@ Second, a post-processing module is a more efficient mechanism for analyzing a s
For example, if you need a Windows registry analysis module, it would be better to develop it as a post-processing module that simply locates the handful of registry hive files in an image and analyzes them. For example, if you need a Windows registry analysis module, it would be better to develop it as a post-processing module that simply locates the handful of registry hive files in an image and analyzes them.
If the registry analysis module was instead developed as a file analysis module, it would be run for every file in the image and most of the time it would decide to ignore the file because it wasn't a registry hive. If the registry analysis module was instead developed as a file analysis module, it would be run for every file in the image and most of the time it would decide to ignore the file because it wasn't a registry hive.
\section pipe_modtypes Plug-in vs. Executable Modules \section pipe_modtypes Plug-In vs. Executable Modules
There are two major types of modules that can exist in either type of pipeline. One is a dynamic linked library (DLL) or plug-in module and the other is an executable (EXE) module. There are two major types of modules that can exist in either type of pipeline. One is a dynamic linked library (DLL) or plug-in module and the other is an executable (EXE) module.
Plug-in modules are programmed specifically for inclusion into the framework. These modules can access all of the framework resources. What's required to create one of these modules is described in \ref mod_devpage. Plug-in modules are programmed specifically for inclusion into the framework. These modules can access all of the framework resources. What's required to create one of these modules is described in \ref mod_devpage.
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment