Inheritance diagram for TskIsImageSupported:
Public Member Functions | |
| virtual TSK_FILTER_ENUM | filterFs (TSK_FS_INFO *fs_info) |
| TskAuto calls this method before it processes each file system that is found in a volume. More... | |
| virtual TSK_FILTER_ENUM | filterPool (const TSK_POOL_INFO *pool_info) |
| TskAuto calls this method before it processes each pool that is found. More... | |
| virtual TSK_FILTER_ENUM | filterPoolVol (const TSK_POOL_VOLUME_INFO *pool_vol) |
| TskAuto calls this method before it processes each pool volume that is found in a pool. More... | |
| virtual TSK_FILTER_ENUM | filterVol (const TSK_VS_PART_INFO *vs_part) |
| TskAuto calls this method before it processes each volume that is found in a volume system. More... | |
| virtual uint8_t | handleError () |
| Override this method to get called for each error that is registered. More... | |
| bool | isImageEncrypted () |
| bool | isImageSupported () |
| void | printResults () |
| virtual TSK_RETVAL_ENUM | processFile (TSK_FS_FILE *fs_file, const char *path) |
| TskAuto calls this method for each file and directory that it finds in an image. More... | |
 Public Member Functions inherited from TskAuto | |
| virtual void | closeImage () |
| Closes the handles to the open disk image. More... | |
| virtual void | disableImageWriter () |
| Disables image writer. | |
| virtual TSK_RETVAL_ENUM | enableImageWriter (const char *imagePath) |
| Enables image writer, which creates a copy of the image as it is being processed. More... | |
| virtual TSK_FILTER_ENUM | filterVs (const TSK_VS_INFO *vs_info) |
| TskAuto calls this method before it processes the volume system that is found in an image. More... | |
| uint8_t | findFilesInFs (TSK_OFF_T start) |
| Starts in a specified byte offset of the opened disk images and looks for a file system. More... | |
| uint8_t | findFilesInFs (TSK_OFF_T start, TSK_FS_TYPE_ENUM ftype) |
| Starts in a specified byte offset of the opened disk images and looks for a file system. More... | |
| uint8_t | findFilesInFs (TSK_OFF_T start, TSK_INUM_T inum) |
| Starts in a specified byte offset of the opened disk images and looks for a file system. More... | |
| uint8_t | findFilesInFs (TSK_OFF_T start, TSK_FS_TYPE_ENUM ftype, TSK_INUM_T inum) |
| Starts in a specified byte offset of the opened disk images and looks for a file system. More... | |
| uint8_t | findFilesInFs (TSK_FS_INFO *a_fs_info) |
| Processes the file system represented by the given TSK_FS_INFO pointer. More... | |
| uint8_t | findFilesInFs (TSK_FS_INFO *a_fs_info, TSK_INUM_T inum) |
| Processes the file system represented by the given TSK_FS_INFO pointer. More... | |
| TSK_RETVAL_ENUM | findFilesInFsRet (TSK_OFF_T start, TSK_FS_TYPE_ENUM a_ftype) |
| Starts in a specified byte offset of the opened disk images and looks for a file system. More... | |
| uint8_t | findFilesInImg () |
| Starts in sector 0 of the opened disk images and looks for a volume or file system. More... | |
| uint8_t | findFilesInPool (TSK_OFF_T start) |
| Starts in a specified byte offset of the opened disk images and opens a pool to search though any file systems in the pool. More... | |
| uint8_t | findFilesInPool (TSK_OFF_T start, TSK_POOL_TYPE_ENUM ptype) |
| Starts in a specified byte offset of the opened disk images and opens a pool to search though any file systems in the pool. More... | |
| uint8_t | findFilesInVs (TSK_OFF_T start) |
| Starts in a specified byte offset of the opened disk images and looks for a volume system or file system. More... | |
| uint8_t | findFilesInVs (TSK_OFF_T start, TSK_VS_TYPE_ENUM vtype) |
| Starts in a specified byte offset of the opened disk images and looks for a volume system or file system. More... | |
| std::string | getCurVsPartDescr () const |
| get volume description of the lastly processed volume More... | |
| TSK_VS_PART_FLAG_ENUM | getCurVsPartFlag () const |
| get volume flags of the lastly processed volume. More... | |
| const std::vector< error_record > | getErrorList () |
| Get the list of errors that were added to the internal list. More... | |
| TSK_OFF_T | getImageSize () const |
| bool | getStopProcessing () const |
| Returns true if all processing and recursion should stop. | |
| bool | hasPool (TSK_OFF_T a_start) |
| Checks whether a volume contains a pool. More... | |
| bool | isCurVsValid () const |
| Determine if we are inside of a volume system and therefore we can trust the results of getCurVsPartFlag/Desc. | |
| virtual uint8_t | openImage (int, const TSK_TCHAR *const images[], TSK_IMG_TYPE_ENUM, unsigned int a_ssize) |
| Opens the disk image to be analyzed. More... | |
| virtual uint8_t | openImageHandle (TSK_IMG_INFO *) |
| Uses the already opened image for future analysis. More... | |
| virtual uint8_t | openImageUtf8 (int, const char *const images[], TSK_IMG_TYPE_ENUM, unsigned int a_ssize) |
| Opens the disk image to be analyzed. More... | |
| uint8_t | registerError () |
| Internal method that TskAuto calls when it encounters issues while processing an image. More... | |
| void | resetErrorList () |
| Remove the errors on the internal list. | |
| void | setExternalFileSystemList (const std::list< TSK_FS_INFO * > &exteralFsInfoList) |
| Store a list of pointers to open file systems to use when calling findFilesInImg instead of opening a new copy. | |
| void | setFileFilterFlags (TSK_FS_DIR_WALK_FLAG_ENUM) |
| Set the attributes for the files that should be processed. More... | |
| void | setVolFilterFlags (TSK_VS_PART_FLAG_ENUM) |
| Set the attributes for the volumes that should be processed. More... | |
Additional Inherited Members | |
| Static Public Member Functions inherited from TskAuto | |
| static std::string | errorRecordToString (error_record &rec) |
| Public Attributes inherited from TskAuto | |
| unsigned int | m_tag |
| Protected Member Functions inherited from TskAuto | |
| uint8_t | isDefaultType (TSK_FS_FILE *fs_file, const TSK_FS_ATTR *fs_attr) |
| Utility method to help determine if an attribute is the default type for the file/dir. More... | |
| uint8_t | isDir (TSK_FS_FILE *fs_file) |
| Utility method to help determine if a file is a directory. More... | |
| uint8_t | isDotDir (TSK_FS_FILE *fs_file) |
| Utility method to help determine if a file is a . More... | |
| uint8_t | isFATSystemFiles (TSK_FS_FILE *fs_file) |
| Utility method to help determine if a file is a FAT file system file (such as $MBR). More... | |
| uint8_t | isFile (TSK_FS_FILE *fs_file) |
| Utility method to help determine if a file is a file (and not a directory). More... | |
| uint8_t | isNonResident (const TSK_FS_ATTR *fs_attr) |
| Utility method to help determine if an attribute is non-resident (meaning it uses blocks to store data) More... | |
| uint8_t | isNtfsSystemFiles (TSK_FS_FILE *fs_file, const char *path) |
| Utility method to help determine if a file is an NTFS file system file (such as $MFT). More... | |
| virtual TSK_RETVAL_ENUM | processAttribute (TSK_FS_FILE *fs_file, const TSK_FS_ATTR *fs_attr, const char *path) |
| Method that is called from processAttributes() for each attribute that a file has. More... | |
| TSK_RETVAL_ENUM | processAttributes (TSK_FS_FILE *fs_file, const char *path) |
| Method that can be used from within processFile() to look at each attribute that a file may have. More... | |
| void | setStopProcessing () |
| When called, will cause TskAuto to not continue to recurse into directories and volumes. | |
| Protected Attributes inherited from TskAuto | |
| std::list< TSK_FS_INFO * > | m_exteralFsInfoList |
| bool | m_imageWriterEnabled |
| TSK_TCHAR * | m_imageWriterPath |
| TSK_IMG_INFO * | m_img_info |
| bool | m_internalOpen |
| True if m_img_info was opened in TskAuto and false if passed in. | |
| std::vector< const TSK_POOL_INFO * > | m_poolInfos |
| bool | m_stopAllProcessing |
| True if no further processing should occur. | |
Member Function Documentation
|
virtual |
TskAuto calls this method before it processes each file system that is found in a volume.
You can use this to learn about each file system before it is processed and you can force TskAuto to skip this file system.
- Parameters
-
fs_info file system details
- Returns
- Value to show if FS should be processed, skipped, or process should stop.
Reimplemented from TskAuto.
References TSK_FILTER_SKIP.
|
virtual |
TskAuto calls this method before it processes each pool that is found.
You can use this to learn about each pool before it is processed and you can force TskAuto to skip this volume.
- Parameters
-
pool_vol Pool details
- Returns
- Value to show if pool should be processed, skipped, or process should stop.
Reimplemented from TskAuto.
References TSK_FILTER_CONT.
|
virtual |
TskAuto calls this method before it processes each pool volume that is found in a pool.
You can use this to learn about each volume before it is processed and you can force TskAuto to skip this volume.
- Parameters
-
pool_vol Pool volume details
- Returns
- Value to show if pool volume should be processed, skipped, or process should stop.
Reimplemented from TskAuto.
References TSK_FILTER_CONT.
|
virtual |
TskAuto calls this method before it processes each volume that is found in a volume system.
You can use this to learn about each volume before it is processed and you can force TskAuto to skip this volume. The setvolFilterFlags() method can be used to configure if TskAuto should process unallocated space.
- Parameters
-
vs_part Parition details
- Returns
- Value to show if volume should be processed, skipped, or process should stop.
Reimplemented from TskAuto.
References TSK_FILTER_CONT.
|
virtual |
Override this method to get called for each error that is registered.
This method allows you to log the message or stop processing. Use setStopProcessing() to do that.
- Returns
- 1 to stop the processing flow and 0 to continue.
Reimplemented from TskAuto.
|
virtual |
TskAuto calls this method for each file and directory that it finds in an image.
The setFileFilterFlags() method can be used to set the criteria for what types of files this should be called for. There are several methods, such as isDir() that can be used by this method to help focus in on the files that you care about. When errors are encountered, send them to registerError().
- Parameters
-
fs_file file details path full path of parent directory
- Returns
- STOP or OK. All error must have been registered.
Implements TskAuto.
References TSK_OK.
The documentation for this class was generated from the following files:
- tsk/auto/tsk_is_image_supported.h
- tsk/auto/is_image_supported.cpp