/*
* Class: edu_uw_apl_commons_tsk4j_base_Version
* Method: getVersion
* Signature: ()Ljava/lang/String;
*/
JNIEXPORT jstring JNICALL
Java_edu_uw_apl_commons_tsk4j_base_Version_getVersion
(JNIEnv *env, jclass clazz ) {
const char* v = tsk_version_get_str();
jstring result = (*env)->NewStringUTF( env, v );
return result;
}
/*
* Get the current Sleuthkit version number
* @return the version string
* @param env pointer to java environment this was called from
* @param obj the java object this was called from
*/
JNIEXPORT jstring JNICALL
Java_org_sleuthkit_datamodel_SleuthkitJNI_getVersionNat(JNIEnv * env,
jclass obj)
{
const char *cversion = tsk_version_get_str();
jstring jversion = (*env).NewStringUTF(cversion);
return jversion;
}
TSKAutoImpl::TSKAutoImpl() : m_db(TskServices::Instance().getImgDB()), m_numFilesSeen(0)
{
m_curFsId = 0;
m_curVsId = 0;
m_vsSeen = false;
m_startTime = time(NULL);
setVolFilterFlags((TSK_VS_PART_FLAG_ENUM)(TSK_VS_PART_FLAG_ALLOC | TSK_VS_PART_FLAG_UNALLOC));
setFileFilterFlags((TSK_FS_DIR_WALK_FLAG_ENUM)(TSK_FS_DIR_WALK_FLAG_ALLOC|TSK_FS_DIR_WALK_FLAG_UNALLOC));
// add the version to the DB
m_db.addToolInfo("Sleuth Kit", tsk_version_get_str());
}
void print_version()
{
printf("SleuthKit Version: %s\n",tsk_version_get_str());
#ifdef HAVE_LIBAFFLIB
printf("AFFLIB Version: %s\n",af_version());
#else
printf("*** NO AFFLIB SUPPORT ***\n");
#endif
#ifdef HAVE_LIBEWF
printf("LIBEWF Version: %s\n",libewf_get_version());
#else
printf("*** NO LIBEWF SUPPORT ***\n");
#endif
}
int main(int argc, char * const *argv1)
{
int ch;
const char *arff_fn = 0;
const char *text_fn = 0;
string *xml_fn = 0;
const char *audit_file = 0;
bool opt_x = false;
string command_line = xml::make_command_line(argc,argv1);
bool opt_zap = false;
u_int sector_size=512; // defaults to 512; may be changed by AFF
struct timeval tv0;
struct timeval tv1;
gettimeofday(&tv0,0);
TSK_TCHAR * const *argv;
#ifdef TSK_WIN32
char *opt_arg = NULL;
char *argv_0 = NULL;
argv = CommandLineToArgvW(GetCommandLineW(), &argc);
if (argv == NULL) {
fprintf(stderr,"Error getting wide arguments\n");
exit(1);
}
#else
argv = (TSK_TCHAR * const*) argv1;
#endif
while ((ch = GETOPT(argc, argv, _TSK_T("A:a:C:dfG:gmv1IMX:S:T:VZn:c:b:xOzh?"))) > 0 ) { // s: removed
switch (ch) {
case _TSK_T('1'): opt_sha1 = true;break;
case _TSK_T('m'):
opt_body_file = 1;
opt_sha1 = 0;
opt_md5 = 1;
t = stdout;
break;
case _TSK_T('A'):
#ifdef TSK_WIN32
convert(OPTARG, &opt_arg);
arff_fn = opt_arg;
#else
arff_fn = OPTARG;
#endif
break;
case _TSK_T('C'): file_count_max = TATOI(OPTARG);break;
case _TSK_T('d'): opt_debug++; break;
case _TSK_T('f'): opt_magic = true;break;
case _TSK_T('g'): opt_no_data = true; break;
case _TSK_T('b'): opt_get_fragments = false; break;
case _TSK_T('G'): opt_maxgig = TATOI(OPTARG);break;
case _TSK_T('h'): usage(); break;
case _TSK_T('I'): opt_ignore_ntfs_system_files=true;break;
case _TSK_T('M'): opt_md5 = true;
case _TSK_T('O'): opt_allocated_only=true; break;
case _TSK_T('S'):
opt_sector_hash = true;
sectorhash_size = TATOI(OPTARG); break;
case _TSK_T('T'):
#ifdef TSK_WIN32
convert(OPTARG, &opt_arg);
text_fn = opt_arg;
#else
text_fn = OPTARG;
#endif
break;
case _TSK_T('V'): print_version();exit(0);
case _TSK_T('X'):
#ifdef TSK_WIN32
convert(OPTARG, &opt_arg);
xml_fn = new string(opt_arg);
#else
xml_fn = new string(OPTARG);
#endif
break;
case _TSK_T('x'): opt_x = true;break;
case _TSK_T('Z'): opt_zap = true;break;
case _TSK_T('a'):
#ifdef TSK_WIN32
convert(OPTARG, &opt_arg);
audit_file = opt_arg;
#else
audit_file = OPTARG;
#endif
break;
case _TSK_T('c'):
#ifdef TSK_WIN32
convert(OPTARG, &opt_arg);
config_file = opt_arg;
#else
config_file = OPTARG;
#endif
break;
case _TSK_T('n'):
#ifdef TSK_WIN32
convert(OPTARG, &opt_arg);
namelist.push_back(opt_arg);
#else
namelist.push_back(OPTARG);
#endif
break;
//case 's': save_outdir = optarg; opt_save = true; break;
case _TSK_T('v'): tsk_verbose++; break; // sleuthkit option
case _TSK_T('z'): opt_sha1=false;opt_md5=false;break;
case _TSK_T('?'): usage();break;
default:
fprintf(stderr, "Invalid argument: %s\n", argv[OPTIND]);
usage();
}
}
if (OPTIND >= argc) usage();
argc -= OPTIND;
argv += OPTIND;
argv1 += OPTIND;
#ifdef TSK_WIN32
convert(argv[0],&argv_0);
const char *filename = argv_0;
#else
const char *filename = argv[0];
#endif
opt_parent_tracking = true;
if(!filename){
errx(1,"must provide filename");
}
if(opt_no_data && (opt_md5 || opt_sha1 || opt_save || opt_magic)) {
errx(1, "-g conflicts with options requiring data access (-z may be needed)");
}
if(opt_save){
if(access(save_outdir.c_str(),F_OK)){
#ifdef WIN32
if(mkdir(save_outdir.c_str())) {
#else
if(mkdir(save_outdir.c_str(),0777)){
#endif
err(1,"Cannot make directory: %s",save_outdir.c_str());
}
}
if(access(save_outdir.c_str(),R_OK)){
err(1,"Cannot access directory: %s",save_outdir.c_str());
}
}
if(text_fn){
if(access(text_fn,F_OK)==0) errx(1,"%s: file exists",text_fn);
t = fopen(text_fn,"w");
if(!t) err(1,"%s",text_fn);
}
if(arff_fn){
if(access(arff_fn,F_OK)==0) errx(1,"%s: file exists",arff_fn);
a = new arff("fiwalk"); // the ARFF output object
a->set_outfile(arff_fn);
}
/* XML initialization */
if(opt_x){
x = new xml(); // default to stdout
}
if(xml_fn){
if(*xml_fn == "0"){
string newfn = filename;
*xml_fn = newfn.substr(0,newfn.rfind(".")) + ".xml";
}
if(x) errx(1,"Cannot write XML to stdout and file at same time\n");
if(access(xml_fn->c_str(),F_OK)==0){
if(opt_zap){
if(unlink(xml_fn->c_str())){
err(1,"%s: file exists and cannot unlink",xml_fn->c_str());
}
}
else{
errx(1,"%s: file exists",xml_fn->c_str());
}
}
x = new xml(*xml_fn,true); // we will make DTD going to a file
}
/* If no output file has been specified, output text to stdout */
if(a==0 && x==0 && t==0){
t = stdout;
}
if(strstr(filename,".aff") || strstr(filename,".afd") || strstr(filename,".afm")){
#ifndef HAVE_LIBAFFLIB
fprintf(stderr,"ERROR: fiwalk was compiled without AFF support.\n");
exit(0);
#else
#endif
}
/* If we are outputing ARFF, create the ARFF object and set the file types for the file system metadata */
if(a){
a->add_attribute("id",arff::NUMERIC);
a->add_attribute("partition",arff::NUMERIC);
a->add_attribute("filesize",arff::NUMERIC);
a->add_attribute("mtime",arff::DATE);
a->add_attribute("ctime",arff::DATE);
a->add_attribute("atime",arff::DATE);
a->add_attribute("fragments",arff::NUMERIC);
a->add_attribute("frag1startsector",arff::NUMERIC);
a->add_attribute("frag2startsector",arff::NUMERIC);
a->add_attribute("filename",arff::STRING);
if(opt_md5) a->add_attribute("md5",arff::STRING);
if(opt_sha1) a->add_attribute("sha1",arff::STRING);
}
/* output per-run metadata for XML output */
if(x){
/* Output Dublin Core information */
x->push("dfxml",
"\n xmlns='http://www.forensicswiki.org/wiki/Category:Digital_Forensics_XML'"
"\n xmlns:xsi='http://www.w3.org/2001/XMLSchema-instance'"
"\n xmlns:dc='http://purl.org/dc/elements/1.1/'"
"\n version='1.0'" );
x->push("metadata", "");
x->xmlout("dc:type","Disk Image",fw_empty,false);
x->pop();
/* Output carver information per photorec standard */
x->add_DFXML_creator("fiwalk",tsk_version_get_str(),command_line);
}
/* Can't use comment until after here... */
if(config_file){
comment("Reading configuration file %s",config_file);
config_read(config_file); /* Read the configuration file */
}
/* Check that we have a valid file format */
if(x) x->push("source");
partition_info("image_filename",filename);
if(!x){
partition_info("fiwalk_version",tsk_version_get_str());
partition_info("start_time",mytime());
partition_info("tsk_version",tsk_version_get_str());
}
if(x) x->pop();
if (opt_debug) printf("calling tsk_img_open(%s)\n",filename);
#ifdef SIGINFO
signal(SIGINFO,sig_info);
#endif
#ifdef TSK_WIN32
int count = process_image_file(argc,argv1,audit_file,sector_size);
if(count<=0 || sector_size!=512){
comment("Retrying with 512 byte sector size.");
count = process_image_file(argc,argv1,audit_file,512);
}
#else
int count = process_image_file(argc,argv,audit_file,sector_size);
if(count<=0 || sector_size!=512){
comment("Retrying with 512 byte sector size.");
count = process_image_file(argc,argv,audit_file,512);
}
#endif
/* Calculate time elapsed (reported as a comment and with rusage) */
struct timeval tv;
char tvbuf[64];
gettimeofday(&tv1,0);
tv.tv_sec = tv1.tv_sec - tv0.tv_sec;
if(tv1.tv_usec > tv0.tv_usec){
tv.tv_usec = tv1.tv_usec - tv0.tv_usec;
} else {
tv.tv_sec--;
tv.tv_usec = (tv1.tv_usec+1000000) - tv0.tv_usec;
}
sprintf(tvbuf, "%d.%06d",(int)tv.tv_sec, (int)tv.tv_usec);
comment("clock: %s",tvbuf);
#ifdef HAVE_SYS_RESOURCE_H
#ifdef HAVE_GETRUSAGE
/* Print usage information */
struct rusage ru;
memset(&ru,0,sizeof(ru));
if(getrusage(RUSAGE_SELF,&ru)==0){
if(x) x->push("rusage");
partition_info("utime",ru.ru_utime);
partition_info("stime",ru.ru_stime);
partition_info("maxrss",ru.ru_maxrss);
partition_info("minflt",ru.ru_minflt);
partition_info("majflt",ru.ru_majflt);
partition_info("nswap",ru.ru_nswap);
partition_info("inblock",ru.ru_inblock);
partition_info("oublock",ru.ru_oublock);
partition_info("clocktime",tv);
comment("stop_time: %s",cstr(mytime()));
if(x) x->pop();
}
#endif
#endif
// *** Added <finished time="(time_t)" duration="<seconds>" />
if(a){
a->write();
delete a;
}
if(t) comment("=EOF=");
if(x) {
x->pop(); // <dfxml>
x->close();
delete(x);
}
exit(0);
}
void printHelp(const po::options_description& desc) {
std::cout << "fsrip, Copyright (c) 2010-2012, Lightbox Technologies, Inc." << std::endl;
std::cout << "Built " << __DATE__ << std::endl;
std::cout << "TSK version is " << tsk_version_get_str() << std::endl;
std::cout << desc << std::endl;
}
// The initialization method for this module
void Init_tsk4r() {
rb_mtsk4r = rb_define_module("Sleuthkit");
rb_mtsk4r_v = rb_define_module_under(rb_mtsk4r, "Volume");
rb_mtsk4r_fs = rb_define_module_under(rb_mtsk4r, "FileSystem");
rb_const_set(rb_mtsk4r, rb_intern("TSK_VERSION"), rb_str_new2(tsk_version_get_str()));
// class definitions
rb_cTSKImage = rb_define_class_under(rb_mtsk4r, "Image", rb_cObject);
rb_cTSKVolumeSystem = rb_define_class_under(rb_mtsk4r_v, "System", rb_cObject);
rb_cTSKVolumePart = rb_define_class_under(rb_mtsk4r_v, "Partition", rb_cObject);
rb_cTSKFileSystem = rb_define_class_under(rb_mtsk4r_fs, "System", rb_cObject);
rb_cTSKFileSystemDir = rb_define_class_under(rb_mtsk4r_fs, "Directory", rb_cObject);
rb_cTSKFileSystemFileData = rb_define_class_under(rb_mtsk4r_fs, "FileData", rb_cObject);
rb_cTSKFileSystemFileMeta = rb_define_class_under(rb_mtsk4r_fs, "FileMeta", rb_cObject);
rb_cTSKFileSystemFileName = rb_define_class_under(rb_mtsk4r_fs, "FileName", rb_cObject);
rb_cTSKFileSystemAttr = rb_define_class_under(rb_mtsk4r_fs, "Attribute", rb_cObject);
rb_cTSKFileSystemBlock = rb_define_class_under(rb_mtsk4r_fs, "Block", rb_cObject);
// allocation functions
rb_define_alloc_func(rb_cTSKImage, allocate_image);
rb_define_alloc_func(rb_cTSKVolumeSystem, allocate_volume_system);
rb_define_alloc_func(rb_cTSKVolumePart, allocate_volume_part);
rb_define_alloc_func(rb_cTSKFileSystem, allocate_filesystem);
rb_define_alloc_func(rb_cTSKFileSystemDir, allocate_fs_dir);
rb_define_alloc_func(rb_cTSKFileSystemFileData, allocate_fs_file);
rb_define_alloc_func(rb_cTSKFileSystemFileMeta, allocate_fs_meta);
rb_define_alloc_func(rb_cTSKFileSystemFileName, allocate_fs_name);
rb_define_alloc_func(rb_cTSKFileSystemAttr, allocate_fs_attr);
rb_define_alloc_func(rb_cTSKFileSystemBlock, allocate_fs_block);
// sub classes
//rb_cTSKFileSystem = rb_define_class_under(rb_cTSKVolume, "ThirdClass", rb_cObject);
/* Sleuthkit::Image */
// some method templates
// object methods for Sleuthkit::Image objects
rb_define_method(rb_cTSKImage, "initialize", initialize_disk_image, -1);
rb_define_method(rb_cTSKImage, "image_open", image_open, 2);
rb_define_module_function(rb_cTSKImage, "image_type_to_description", image_type_to_desc, 1);
rb_define_module_function(rb_cTSKImage, "image_type_to_name", image_type_to_name, 1);
rb_define_module_function(rb_cTSKImage, "return_tsk_img_type_supported", return_tsk_img_type_supported, 0);
rb_define_module_function(rb_cTSKImage, "return_type_list", return_tsk_img_type_list, -1);
// attributes (read only)
rb_define_attr(rb_cTSKImage, "auto_detect", 1, 0);
rb_define_attr(rb_cTSKImage, "description", 1, 0);
rb_define_attr(rb_cTSKImage, "name", 1, 0);
rb_define_attr(rb_cTSKImage, "path", 1, 0);
rb_define_attr(rb_cTSKImage, "sector_size", 1, 0);
rb_define_attr(rb_cTSKImage, "size", 1, 0);
rb_define_attr(rb_cTSKImage, "type", 1, 0);
// attributes for linking RubyTSK objects
rb_define_attr(rb_cTSKImage, "volumes", 1, 1);
rb_define_attr(rb_cTSKImage, "filesystems", 1, 1);
/* Sleuthkit::Volume::System */
// object methods for VolumeSystem objects
rb_define_method(rb_cTSKVolumeSystem, "initialize", initialize_volume_system, -1);
rb_define_method(rb_cTSKVolumeSystem, "open", open_volume_system, 2); // change arg1 to klass?
rb_define_method(rb_cTSKVolumeSystem, "close", close_volume_system, 1);
rb_define_method(rb_cTSKVolumeSystem, "read_block", read_volume_block, 3); //read block given start and no. of blocks
rb_define_method(rb_cTSKVolumeSystem, "walk", walk_volume, 1);
rb_define_method(rb_cTSKVolumeSystem, "expose_part_at", volume_expose_part_by_idx, 1);
rb_define_private_method(rb_cTSKVolumeSystem, "get_partitions", volume_get_partitions, 1);
rb_define_module_function(rb_mtsk4r_v, "return_type_list", return_tsk_vol_type_list, -1);
// attributes
rb_define_attr(rb_cTSKVolumeSystem, "block_size", 1, 0);
rb_define_attr(rb_cTSKVolumeSystem, "description", 1, 0);
rb_define_attr(rb_cTSKVolumeSystem, "endian", 1, 0);
rb_define_attr(rb_cTSKVolumeSystem, "offset", 1, 0);
rb_define_attr(rb_cTSKVolumeSystem, "parent", 1, 0);
rb_define_attr(rb_cTSKVolumeSystem, "partition_count", 1, 0);
rb_define_attr(rb_cTSKVolumeSystem, "parts", 1, 0);
rb_define_attr(rb_cTSKVolumeSystem, "volume_system_type", 1, 0);
/* Sleuthkit::Volume::Partition */
// object methods for VolumePart objects
rb_define_method(rb_cTSKVolumePart, "initialize", initialize_volume_part, -1);
rb_define_method(rb_cTSKVolumePart, "open", open_volume_part, -1); // change arg1 to klass?
// rb_define_method(rb_cTSKVolumePart, "read_block", read_volume_part_block, 3); //read block given start and no. of blocks
// rb_define_method(rb_cTSKVolumePart, "walk", walk_volume_part, 1);
// attributes
rb_define_attr(rb_cTSKVolumePart, "address", 1, 0);
rb_define_attr(rb_cTSKVolumePart, "description", 1, 0);
rb_define_attr(rb_cTSKVolumePart, "flags", 1, 0);
rb_define_attr(rb_cTSKVolumePart, "length", 1, 0);
rb_define_attr(rb_cTSKVolumePart, "next", 1, 0);
rb_define_attr(rb_cTSKVolumePart, "parent", 1, 0);
rb_define_attr(rb_cTSKVolumePart, "prev", 1, 0);
rb_define_attr(rb_cTSKVolumePart, "slot_number", 1, 0);
rb_define_attr(rb_cTSKVolumePart, "start", 1, 0);
rb_define_attr(rb_cTSKVolumePart, "table_number", 1, 0);
/* Sleuthkit::FileSystem */
// object methods for FileSystem objects
rb_define_method(rb_cTSKFileSystem, "initialize", initialize_filesystem, -1);
rb_define_method(rb_cTSKFileSystem, "open", open_filesystem, -1); // change arg1 to klass?
rb_define_method(rb_cTSKFileSystem, "system_name", get_filesystem_type, 0);
rb_define_method(rb_cTSKFileSystem, "call_tsk_fsstat", call_tsk_fsstat, 1);
rb_define_method(rb_cTSKFileSystem, "call_tsk_istat", call_tsk_istat, -1);
rb_define_method(rb_cTSKFileSystem, "open_directory_by_name", open_directory_by_name, -1);
rb_define_method(rb_cTSKFileSystem, "open_directory_by_inum", open_directory_by_inum, -1);
rb_define_method(rb_cTSKFileSystem, "open_file_by_name", open_file_by_name, -1);
rb_define_method(rb_cTSKFileSystem, "open_file_by_inum", open_file_by_inum, -1);
rb_define_module_function(rb_mtsk4r_fs, "return_type_list", return_tsk_fs_type_list, -1);
// attributes based on TSK struct
int i;
for (i = 0; i < TSK4R_FS_ATTRS_COUNT; i++) {
rb_define_attr(rb_cTSKFileSystem, TSK4R_FS_ATTRS_NAMES[i], 1, 0);
}
// extra attributes
rb_define_attr(rb_cTSKFileSystem, "name", 1, 0);
rb_define_attr(rb_cTSKFileSystem, "description", 1, 0);
rb_define_attr(rb_cTSKFileSystem, "parent", 1, 0);
#ifdef TSK4R_DEPRECATED_TSK4_FEATURE
rb_define_attr(rb_cTSKFileSystem, "isOrphanHunting", 1, 0);
#endif
/* Sleuthkit::FileSystemDirectory */
// object methods for FileSystemDirectory objects
rb_define_method(rb_cTSKFileSystemDir, "initialize", initialize_fs_dir, -1);
rb_define_private_method(rb_cTSKFileSystemDir, "open_fs_directory", open_fs_directory, 3);
// attributes
rb_define_attr(rb_cTSKFileSystemDir, "parent", 1, 0);
// rb_define_attr(rb_cTSKFileSystemDir, "inum", 1, 0);
rb_define_attr(rb_cTSKFileSystemDir, "names_used", 1, 0);
rb_define_attr(rb_cTSKFileSystemDir, "names_alloc", 1, 0);
rb_define_attr(rb_cTSKFileSystemDir, "names", 1, 0);
rb_define_attr(rb_cTSKFileSystemDir, "file", 1, 0);
/* Sleuthkit::FileSystemFileData */
// object methods for FileSystemFileData objects
rb_define_method(rb_cTSKFileSystemFileData, "initialize", initialize_fs_file, -1);
rb_define_method(rb_cTSKFileSystemFileData, "open_fs_file", open_fs_file, -1);
rb_define_method(rb_cTSKFileSystemFileData, "get_number_of_attributes", get_number_of_attributes, 0);
// attributes
rb_define_attr(rb_cTSKFileSystemFileData, "address", 1, 0);
rb_define_attr(rb_cTSKFileSystemFileData, "content_len", 1, 0);
rb_define_attr(rb_cTSKFileSystemFileData, "parent", 1, 0);
rb_define_attr(rb_cTSKFileSystemFileData, "meta", 1, 0);
rb_define_attr(rb_cTSKFileSystemFileData, "name", 1, 0);
rb_define_attr(rb_cTSKFileSystemFileData, "uid", 1, 0);
/* Sleuthkit::FileSystemFileMeta */
// object methods for FileSystemFileMeta objects
rb_define_method(rb_cTSKFileSystemFileMeta, "initialize", initialize_fs_meta, -1);
rb_define_private_method(rb_cTSKFileSystemFileMeta, "get_meta_from_inum", get_meta_from_inum, 2);
rb_define_private_method(rb_cTSKFileSystemFileMeta, "get_meta_from_file", get_meta_from_file, 1);
rb_define_private_method(rb_cTSKFileSystemFileMeta, "get_meta_from_dir", get_meta_from_dir, 1);
// attributes
rb_define_attr(rb_cTSKFileSystemFileMeta, "parent", 1, 0);
rb_define_attr(rb_cTSKFileSystemFileMeta, "addr", 1, 0);
/* Sleuthkit::FileSystemFileName */
// object methods for FileSystemFileName objects
rb_define_method(rb_cTSKFileSystemFileName, "initialize", initialize_fs_name, -1);
// attributes (see lib/sleuthkit/file_system.rb for more)
rb_define_attr(rb_cTSKFileSystemFileName, "parent", 1, 0);
/* Sleuthkit::FileSystem:Attr */
rb_define_method(rb_cTSKFileSystemAttr, "initialize", initialize_fs_attr, -1);
rb_define_method(rb_cTSKFileSystemAttr, "fetch", fetch_attr, -1);
rb_define_method(rb_cTSKFileSystemAttr, "fetch_default_attribute", fetch_attr, -1);
rb_define_method(rb_cTSKFileSystemAttr, "fetch_attribute_by_index", fetch_attr, -1);
rb_define_attr(rb_cTSKFileSystemAttr, "file", 1, 0);
rb_define_attr(rb_cTSKFileSystemAttr, "flags", 1, 0);
rb_define_attr(rb_cTSKFileSystemAttr, "id", 1, 0);
rb_define_attr(rb_cTSKFileSystemAttr, "name", 1, 0);
rb_define_attr(rb_cTSKFileSystemAttr, "name_size", 1, 0);
rb_define_attr(rb_cTSKFileSystemAttr, "size", 1, 0);
rb_define_attr(rb_cTSKFileSystemAttr, "type", 1, 0);
/* Sleuthkit::FileSystem::Block */
rb_define_method(rb_cTSKFileSystemBlock, "initialize", initialize_fs_block, -1);
rb_define_method(rb_cTSKFileSystemBlock, "fetch", fetch_block, 2);
// attributes
rb_define_attr(rb_cTSKFileSystemBlock, "address", 1, 0);
rb_define_attr(rb_cTSKFileSystemBlock, "buffer", 1, 0);
rb_define_attr(rb_cTSKFileSystemBlock, "filesystem", 1, 0);
rb_define_attr(rb_cTSKFileSystemBlock, "flags", 1, 0);
rb_define_attr(rb_cTSKFileSystemBlock, "tag", 1, 0);
}
