The Sleuth Kit Framework
4.1
|
TskFileManager::AutoFilePtrList | This nested class should be used to hold a FilePtrList object returned by methods such as findFilesByName() so that the file objects will be automatically freed |
CarveExtract | Interface for class that will carve an unallocated sectors image file |
TskCarveExtractScalpel | Implements the CarveExtract interface to carve unallocated sectors image files using Scalpel |
CarvePrep | Interface for class that prepares for later carving |
TskCarvePrepSectorConcat | Implements the CarvePrep abstract interface |
exception | |
TskException | Framework exception class |
ewf::IMG_EWF_INFO | |
Log | Logging class to enable the framework, apps that use it, and modules to log error and warning messages |
Scheduler | Interface for class that will handle scheduling of tasks |
TskSchedulerQueue | Implementation of the Scheduler interface that keeps a local queue of tasks to run |
SectorRuns | Stores a list of runs (which have a starting sector and length) |
Scheduler::task_struct | Describes a single task to be scheduled or perform |
TskAllocUnallocMapRecord | Contains data about the mapping of data in the unallocated chunks back to their original location in the disk image |
TskArtifactNames | Class used to store the pair of type and display names of artifacts |
TskAttributeNames | Class used to store the pair of type and display names of attributes |
TskAuto [external] | |
TSKAutoImpl | Implements TskAuto and is used to analyze the data in a disk image and populate TskImgDB with the results |
TskBlackboard | An interface for setting and retrieving name/value pairs to the blackboard |
TskDBBlackboard | An implementation of TskBlackboard that stores the name / value pairs in the TskImgDB |
TskBlackboardArtifact | Class that represents a blackboard artifact object |
TskBlackboardAttribute | Class that represents a blackboard attribute object |
TskBlackboardRecord | Contains data for a blackboard entry for a given file and artifact ID |
TskCarvedFileInfo | Contains data derived from joining carved file records from multiple tables in the image database |
TskArchiveExtraction::TskExtract | Abstract base interface class for container extractor classes |
TskL01Extract | |
TskFile | An interface that is used to represent a file |
TskFileTsk | TskFileTsk is a Sleuthkit and Poco based implementation of the TskFile interface |
TskFileManager | Responsible for managing TskFile objects in the system |
TskFileManagerImpl | An implementation of the TskFileManager interface that stores files in a directory named 'files' based on their file ids |
TskFileRecord | Contains data from a file record in the database |
TskFileTypeRecord | |
TskFsInfoRecord | Contains data from a file system record in the database |
TskImageFile | An interface to a class that allows file system and low-level access to a disk image |
TskImageFileTsk | A Sleuth Kit implementation of the TskImageFile interface |
TskImgDB | Interface for class that implments database storage for an image |
TskImgDBPostgreSQL | Framework data access layer the uses PostgreSQL as the back end |
TskImgDBSqlite | Implementation of TskImgDB that uses SQLite to store the data |
TskModule | Interface for classes that represent different types of modules in the pipeline |
TskExecutableModule | Supports launching a process via an executable file to perform some analysis on a TskFile object in a TskPipeline |
TskPluginModule | Supports the loading of a custom dynamic library to perform analysis in either a TskPipeline or TskReportPipeline |
TskFileAnalysisPluginModule | Supports the loading of custom dynamic libraries to perform analysis on a single TskFile |
TskReportPluginModule | Supports the use of custom dynamic libraries to perform reporting and post-processing in a TskReportPipeline |
TskModuleInfo | Contains data about a module |
TskModuleStatus | Contains data about the module return status for a given file (as recorded in the database) |
TskPipeline | The Pipeline class controls the processing of data through an ordered list of dynamic library or executable modules |
TskFileAnalysisPipeline | Controls the processing of a file analysis pipeline |
TskReportPipeline | Controls a series of reporting modules that are run after all of the file-specific analysis modules are run |
TskPipelineManager | Responsible for creation and destruction of of TskPipeline objects |
TskServices | Provides singleton access to many framework services |
TskSystemProperties | A base class for setting and retrieving system-wide name/value pairs |
TskSystemPropertiesImpl | An implementation of TskSystemProperties that uses Poco AbstractConfiguration class to set and retrieve name/value pairs from an XML file |
TskUnallocImgStatusRecord | Contains data about the current status for an unallocated chunk of data |
TskUnusedSectorsRecord | Data about the 'unused sectors', which did not have carvable data |
TskUtilities | Contains commonly needed utility methods |
TskVolumeInfoRecord | Contains data from a volume/partition record in the database |
UnallocRun | Stores information that can map a region in the original disk image to a region in one of the chunks of unallocated space (as created by the CarvePrep implementation |
Copyright © 2011-2013 Brian Carrier. (carrier -at- sleuthkit -dot- org)
This work is licensed under a
Creative Commons Attribution-Share Alike 3.0 United States License.