The Sleuth Kit Framework  4.1
The Sleuth Kit (TSK) Framework User's Guide and API Reference

Overview

The framework in TSK makes it easier to build automated, end-to-end digital forensics applications. If you need only volume and file system-level support, then the original Sleuth Kit library may be all you need. If you want a more comprehensive disk image analysis solution, the framework will help. It's plug-in pipelines allow you to incorporate a variety of analysis techniques into your application.

The framework was designed to be used in a distributed environment so that jobs could be scheduled among a cluster of computers, but it can also be used to create desktop applications. The tsk_analyzeimg program provided with the Sleuth Kit is an example of a simple desktop program that uses the framework.

This document is for:

Framework Overview

The following pages contain an overview of the framework. Both users and developers should be familiar with this content.

Developers Guide to Building Modules

The following pages are relevant when developing modules to be used in the framework.

Developers Guide to Using the Framework

The following pages are relevant when integrating the framework into a new or existing application.

Application developers may also wish to examine the source code for tsk_analyzeimg, which is included with the framework. It is a single-threaded command line program that analyzes a disk image using the framework's pipeline infrastructure to run a file analysis pipeline and a post-processing pipeline.


Copyright © 2011-2013 Brian Carrier. (carrier -at- sleuthkit -dot- org)
This work is licensed under a Creative Commons Attribution-Share Alike 3.0 United States License.