forked from py4n6/pytsk
-
Notifications
You must be signed in to change notification settings - Fork 0
Python bindings for The Sleuth Kit (libtsk)
License
EccoTheFlintstone/pytsk
Folders and files
Name | Name | Last commit message | Last commit date | |
---|---|---|---|---|
Repository files navigation
pytsk is a Python binding for the SleuthKit. The SleuthKit is a complete filesystem analysis tool. In the past PyFlag shipped a Python binding for a statically compiled version which was incorporated in the PyFlag source tree (Version 2.78). That version is now very old and does not support HFS+ which SleuthKit 3.1 does. At the time there were some important functions that we needed to link to but the old libtsk (the shared object produced by older SleuthKit binaries) did not export these - which is the reason for incorporating a slightly modified version in the source tree. These days things are much better - libtsk is designed to be a general purpose library with many useful functions linked in. The overall architecture has been tremendously improved and it is now very easy to use it from an external program. This is a Python binding against the libtsk shared object. Our aim is to make the binding reflect the TSK API as much as possible in capabilities, while at the same time having a nice Pythonic OO interface: 4.2: http://www.sleuthkit.org/sleuthkit/docs/api-docs/4.2/ 4.3: http://www.sleuthkit.org/sleuthkit/docs/api-docs/4.3/ The new binding just links to libtsk which should make it easier to maintain against newer versions. We should be able to rewrite all the SleuthKit tools in Python (using the library and bindings) as a demonstration of what is possible with the new bindings. This page documents how to use the binding from a practical point of view - we want to show examples of how to do some common tasks. There are lots of sample programs in the samples directory to demonstrate how these bindings can be used. If downloaded pytsk using git you'll have to first run: python setup.py update If you want to use a bleeding edge version of sleuthkit, use the --bleedingedge parameter: python setup.py update --bleedingedge To build the bindings just use the standard Python distutils method: python setup.py build python setup.py install At the top level of the source tree. The Python binding is autogenerated from the libtsk header files using a small OO C shim. This means that most of the fields in many of the structs are already available. We aim to provide most of the functionality using this shim (e.g. traversing and iterating over lists etc). The authoritative source of documentation is the library API linked above.
About
Python bindings for The Sleuth Kit (libtsk)
Resources
License
Stars
Watchers
Forks
Packages 0
No packages published
Languages
- Python 51.4%
- C 42.0%
- C++ 5.8%
- Other 0.8%