The Sleuth Kit Framework 4.1
This page outlines how to get the basic infrastructure in place for any type of run.
The Extraction Phase and Populating the Database and Running File Analysis and Post Processing Pipelines pages focus on set up for the three phases of the image analysis process (see Basic Framework Concepts for an overview of this process).
You will need to build the framework library using the instructions that come with the source code. You will also need to configure your build environment to depend on the
libtskframework.dll file (or other dynamic library if on a non-Windows platform).
You will need to include the
framework.h file in your source code files. This header contains includes of other headers that define the core of the framework. You may need to include additional .h files depending on what framework classes and functions you need to use.
One of the design goals of the framework is to minimize the framework set up code that you need to write. This section outlines the minimal set of set up steps to take, relying on defualt implementations for the rest. If the default implementations do not meet your needs, you'll also need to refer to the Advanced Setup section.
The framework's management of the disk image analysis process depends on the instantiation of a set of framework services. Review the Framework Services for an overview of these services.
Some of the framework services will default to a basic implementation if you do not supply your own implementation, but others require explicit set up and registration:
Currently only one of the predefined system properties managed by TskSystemProperties must be set:
In practice, other predefined ssytem properties will also need values. See TskSystemProperties::PredefinedProperty for details.
Note that the TskSystemProperties service is one of the framework services for which a default implementation will be created (see Advanced Setup) if one has not be explicitly created and registered. If you do not want the default implementation, ensure that before any settings are made, you construct and register an instance of your custom TskSystemProperties service.
Some of the most basic framework services have default implementations that will be created as needed if a specific instance is not otherwise created and registered:
Copyright © 2011-2013 Brian Carrier. (carrier -at- sleuthkit -dot- org)
This work is licensed under a Creative Commons Attribution-Share Alike 3.0 United States License.