Skip to content

Lorrie/RubyTSK

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

219 Commits

ext/tsk4r

ext/tsk4r

 
 

lib

lib

 
 

samples @ fb325f2

samples @ fb325f2

 
 

spec

spec

 
 

tasks

tasks

 
 

.gitignore

.gitignore

 
 

.gitmodules

.gitmodules

 
 

Gemfile

Gemfile

 
 

Gemfile.lock

Gemfile.lock

 
 

LICENSE.TXT

LICENSE.TXT

 
 

README.rdoc

README.rdoc

 
 

Rakefile

Rakefile

 
 

sleuthkit.gemspec

sleuthkit.gemspec

 
 

Repository files navigation

RubyTSK

Description

This is a simple ruby module to provide access to the The SleuthKit digital forensics libraries. The library offers methods to safely examine disk images, volume systems, partitions, file systems and their contents.

Examples

require ‘sleuthkit’

# open a disk

tskimage = Sleuthkit::Image.new('path/to/disk.image')
tskimage.inspect_object

# open a split disk image

tskimage = Sleuthkit::Image.new( [ 'chunk.0', 'chunk.1', 'chunk.2' ] )

# open a volume within a disk

tskvolume = Sleuthkit::Volume.new(tskimage)
=> #<Sleuthkit::VolumeSystem:0x104f051b8>

# display specific volume system information

tskvolume.partition_count
=> 6

#grab a partition

tskvolume.volume.partition[0]
=> #<Sleuthkit::VolumePart:0x1094d3618>

Installation

Install (RVM rvm.io is recommended for managing gems):

to load ruby dependencies: run the ‘bundle’ command (recommended)

bundle
rake build     (prepares the gem for installation from sleuthkit.gemspec)
rake compile   (compiles the gem in the 'pkg' directory; handy for running tests)
rake install   (puts the gem in your local gem repository)

if you upgrade/make changes to the library:

rake clean

then re-try the instructions above.

Dependencies

Requirements: The SleuthKit C library (install with your favorite package manager) Version >= 3.2

see www.sleuthkit.org for details.

RubyTSK was primarily developed on Ruby 1.8. Work on accomodating 1.9.x is progressing. ;-)

License

Created by Matthew H. Stephens.

Copyright 2011, 2012 Matthew H. Stephens. All rights reserved.

Licensed under the Apache License, Version 2.0 (the “License”); you may not use this file except in compliance with the License. You may obtain a copy of the License at

www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an “AS IS” BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

TESTING

NOTE: You should open up the compressed samples before running any tests, to do so:

rake spec:samples:uncompress[file]  # Uncompress sample disk images (default = all images in 'samples')
rake spec:samples:split             # splits a sample for use in tests

Compressed test images are found in the ‘samples’ directory.

RubyTSK is built using the RSpec testing DSL, available via the Rake build tool.

rake spec

OR

rake -T spec:suite  # displays suites of test that can be run independently

About

Ruby bindings for The Sleuthkit (TSK) libraries

Resources

Readme

License

View license
Activity

Stars

0 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases

4 tags

Packages

No packages published