The Sleuth Kit Framework  4.1
Running File Analysis and Post Processing Pipelines

Overview

This page outlines how to setup up file analysis and post processing pipelines so that data from a disk image can be analyzed. It requires that you have already populated the database as outlined in Extraction Phase and Populating the Database. This page also assumes that you have read Pipeline and Module Basics so that you are familiar with file analysis and post processing pipelines.

Creating a Pipeline

Before the first pipeline can be created, an instance of TskPipelineManager must be created to serve as a pipeline factory. Calling TskPipelineManager.createPipeline() will return a TskPipeline pointer addressing either a TskFileAnalysisPipeline or TskReportPipeline (i.e, post processing pipeline) object, depending on the pipeline type argument passed to TskPipelineManager.createPipeline().

Running a Pipeline

Once you have a TskPipeline object, you can call one of the following member functions to run the pipeline:


Copyright © 2011-2013 Brian Carrier. (carrier -at- sleuthkit -dot- org)
This work is licensed under a Creative Commons Attribution-Share Alike 3.0 United States License.