| ▼ tsk | |
| ► auto | |
| auto.cpp | Contains C++ code that creates the base file extraction automation class |
| auto_db.cpp | Contains code to populate SQLite database with volume and file system information from a specific image |
| case_db.cpp | Contains class definition for TskCaseDb class to handle creating/opening a case database and adding images to it |
| db_sqlite.cpp | Contains code to perform operations against SQLite database |
| tsk_auto.h | Contains the class definitions for the automated file extraction classes |
| tsk_case_db.h | Contains the class that creates a case-level database of file system data |
| tsk_db.cpp | Contains code related to abstract TSK database handling class |
| tsk_db.h | Contains TSK interface to abstract database handling class |
| tsk_db_sqlite.h | Contains the SQLite code for maintaining the case-level database |
| ► base | |
| md5c.c | Local copy of RSA Data Security, Inc |
| mymalloc.c | These functions allocate and reallocate memory and set the error handling functions when an error occurs |
| sha1c.c | Local copy of the public domain SHA-1 library code by David Ireland |
| tsk_base.h | Contains the type and function definitions that are needed by external programs to use the TSK library |
| tsk_base_i.h | Contains the general internal TSK type and function definitions |
| tsk_endian.c | Contains the routines to read data in different endian orderings |
| tsk_error.c | Contains the error handling code and variables |
| tsk_list.c | Tsk_lists are a linked list of buckets that store a key in REVERSE sorted order |
| tsk_os.h | Contains some OS-specific type settings |
| tsk_parse.c | Contains code to parse specific types of data from the command line |
| tsk_printf.c | These are printf wrappers that are needed so that we can easily print in both Unix and Windows |
| tsk_stack.c | Contains the functions to create and maintain a stack, which supports basic popping, pushing, and searching |
| tsk_unicode.c | A local copy of the Unicode conversion routines from unicode.org |
| tsk_unicode.h | Contains the definitions for Unicode-based conversion methods |
| tsk_version.c | Contains functions to print and obtain the library version |
| XGetopt.c | Parses arguments for win32 programs – written by Hans Dietrich |
| ► fs | |
| dcalc_lib.c | Contains the library API functions used by the TSK blkcalc command line tool |
| dcat_lib.c | Contains the library API functions used by the TSK blkcat command line tool |
| dls_lib.c | Contains the library API functions used by the TSK blkls command line tool |
| dstat_lib.c | Contains the library API functions used by the TSK blkstat command line tool |
| exfatfs.c | Contains the internal TSK exFAT file system code to "open" an exFAT file system found in a device image and do the equivalent of a UNIX "stat" call on the file system |
| exfatfs_dent.c | Contains the internal TSK exFAT file system code to handle name category processing |
| exfatfs_meta.c | Contains the internal TSK exFAT file system code to access the data in the metadata data category as defined in the book "File System Forensic Analysis" by Brian Carrier (pp |
| ext2fs.c | Contains the internal TSK ext2/ext3/ext4 file system functions |
| ext2fs_dent.c | Contains the internal TSK file name processing code for Ext2 / ext3 |
| ext2fs_journal.c | Contains the internal TSK Ext3 journal walking code |
| fatfs.c | Contains the internal TSK FAT file system code to handle basic file system processing for opening file system, processing sectors, and directory entries |
| fatfs_dent.cpp | Contains the internal TSK FAT file name processing code |
| fatfs_meta.c | Meta data layer support for FAT file systems |
| fatfs_utils.c | Contains utility functions for processing FAT file systems |
| fatxxfs.c | Contains the internal TSK FATXX (FAT12, FAT16, FAT32) file system code to handle basic file system processing for opening file system, processing sectors, and directory entries |
| ffind_lib.c | Contains the library API functions used by the TSK ffind command line tool |
| ffs.c | Contains the internal TSK UFS / FFS file system functions |
| ffs_dent.c | Contains the internal TSK UFS/FFS file name (directory entry) processing functions |
| fls_lib.c | Contains the library code associated with the TSK fls tool to list files in a directory |
| fs_attr.c | Functions to allocate and add structures to maintain generic file system attributes and run lists |
| fs_attrlist.c | File that contains functions to process TSK_FS_ATTRLIST structures, which hold a linked list of TSK_FS_ATTR attribute structures |
| fs_block.c | Contains functions to allocate, free, and read data into a TSK_FS_BLOCK structure |
| fs_dir.c | Create, manage, etc |
| fs_file.c | Create, manage, etc |
| fs_inode.c | Contains functions to allocate, free, and process the generic inode structures |
| fs_io.c | Contains functions to read data from a disk image and wrapper functions to read file content |
| fs_load.c | Contains a general file walk callback that can be used to load file content into a buffer |
| fs_name.c | Code to allocate and free the TSK_FS_NAME structures |
| fs_open.c | Contains the general code to open a file system – this calls the file system -specific opening routines |
| fs_parse.c | Contains code to parse specific types of data from the command line |
| fs_types.c | Contains TSK functions that deal with parsing and printing file system type strings |
| hfs.c | Contains the general internal TSK HFS metadata and data unit code |
| hfs_dent.c | Contains the file name layer code for HFS+ file systems – not included in code by default |
| hfs_journal.c | Contains the internal TSK HFS+ journal code – not included in code by default |
| icat_lib.c | Contains the library API functions used by the TSK icat command line tool |
| ifind_lib.c | Contains the library API functions used by the TSK ifind command line tool |
| ils_lib.c | Library functionality of the TSK ils tool |
| iso9660.c | Contains the internal TSK ISO9660 file system code to handle basic file system processing for opening file system, processing sectors, and directory entries |
| iso9660_dent.c | Contains the internal TSK ISO9660 file system code to handle the parsing of file names and directory structures |
| nofs_misc.c | Contains internal functions that are common to the "non-file system" file systems, such as raw and swap |
| ntfs.c | Contains the TSK internal general NTFS processing code |
| ntfs_dent.cpp | NTFS file name processing internal functions |
| rawfs.c | Contains internal "raw" specific file system functions |
| swapfs.c | Contains the internal "swapfs" specific functions |
| tsk_exfatfs.h | Contains declarations of structures and functions specific to TSK exFAT file system support |
| tsk_fatfs.h | Contains the structures and function APIs for TSK FAT (FAT12, FAT16, FAT32, exFAT) file system support |
| tsk_fatxxfs.h | Contains the structures and function APIs for TSK FATXX (FAT12, FAT16, FAT32) file system support |
| tsk_fs.h | External header file for file system support |
| tsk_fs_i.h | Contains the internal library definitions for the file system functions |
| unix_misc.c | Contains code that is common to both UFS1/2 and Ext2/3 file systems |
| usn_journal.c | Contains the TSK Update Sequence Number journal walking code |
| usnjls_lib.c | Contains the library code associated with the TSK usnjs tool to list changes within a NTFS File System |
| yaffs.cpp | Contains the internal TSK YAFFS2 file system functions |
| ► hashdb | |
| binsrch_index.cpp | Functions common to all text hash databases (i.e |
| encase.c | Contains the Encase hash database specific extraction and printing routines |
| hashkeeper.c | Contains functions to read and process hash keeper database files |
| hdb_base.c | "Base" functions for hash databases |
| idxonly.c | Contains the dummy functions that are used when only an index is used for lookups and the original database is gone |
| md5sum.c | Contains the MD5sum hash database specific extraction and printing routines |
| nsrl.c | NSRL specific functions to read the database |
| sqlite_hdb.cpp | Contains hash database functions for SQLite hash databases |
| tsk_hash_info.h | |
| tsk_hashdb.c | Contains the code to open and close all supported hash database types |
| tsk_hashdb.h | External header file for hash database support |
| tsk_hashdb_i.h | Contains the internal library definitions for the hash database functions |
| ► img | |
| aff.c | Internal code to interface with afflib to read and open AFF image files |
| img_io.c | Contains the basic img reading API redirection functions |
| img_types.c | Contains basic functions to parse and print the names of the supported disk image types |
| mult_files.c | Internal code to find remainder of files in a split raw set |
| raw.c | Internal code to open and read single or split raw disk images |
| tsk_img.h | Contains the external library definitions for the disk image functions |
| vhd.c | Internal code for TSK to interface with libvhdi |
| vmdk.c | Internal code for TSK to interface with libvmdk |
| ► vs | |
| bsd.c | Contains the internal functions required to process BSD disk labels |
| dos.c | Contains the internal functions to process DOS Partition tables |
| gpt.c | The internal functions required to process the GPT GUID Partiition Table |
| mac.c | Contains the internal functions to process and load a Mac partition table |
| mm_io.c | Contains the wrapper code that allows one to read sectors from a TSK_VS_INFO or TSK_VS_PART_INFO structure |
| mm_open.c | Contains general code to open volume systems |
| mm_part.c | Contains the functions need to create, maintain, and access the linked list of partitions in a volume |
| mm_types.c | Contains the code to parse and print the strings for the supported volume system types |
| sun.c | Contains the internal SUN VTOC volume system processing code |
| tsk_vs.h | External header file for media management (volume system) support |
| tsk_vs_i.h | Contains the internal library definitions for the volume system functions |
Copyright © 2007-2020 Brian Carrier. (carrier -at- sleuthkit -dot- org)
This work is licensed under a
Creative Commons Attribution-Share Alike 3.0 United States License.