[sleuthkit-users] Learning to use TSK
Brought to you by:
carrier
Menu
▾
▴
[sleuthkit-users] Learning to use TSK
|
From: Mike G. <do...@li...> - 2014-05-13 21:15:50
|
Hi there, I am very new to TSK and I have been trying to teach myself how to program in C++ using the TSK library. I have found https://digital-forensics.sans.org/community/papers/gcfa/forensic-investigation-usb-flashdrive-image-cc-terminals_188 to be helpful. However, I am looking for more examples of this code. Can anyone direct me to something similar. Additionally, I have been trying my own hand at it. I created the following small program. #include <iostream>#include <string>#include <stdio.h>#include <stdlib.h>#include </usr/include/tsk/libtsk.h> using namespace std;int main(int argc, char **argv){ TskImgInfo *img_info = new TskImgInfo(); TSK_TCHAR **temp = (TSK_TCHAR **) argv; printf("Opening directory %s \n", temp[1]); if(img_info->open(argv[1], TSK_IMG_TYPE_DETECT, 0) == 0) { printf("Directory opened successfully\n"); } else { printf("Error opening directory %s \n", temp[1]); exit(1); } return 0;} But I'm not sure what I'm even doing: What is TskImgInfo? Is that a disk image? Also, why does it only work on specific files and not on directories?And if I want to work with /dev/sdc for example, what must I replace TskImgInfo with? Thanks in advance, Mike Goldstein |
