Skip to content

sequence-sh/TSKConnector

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

301 Commits

.gitlab/issue_templates

.gitlab/issue_templates

 
 

TSK.Tests

TSK.Tests

 
 

TSK

TSK

 
 

.editorconfig

.editorconfig

 
 

.gitignore

.gitignore

 
 

.gitlab-ci.yml

.gitlab-ci.yml

 
 

CHANGELOG.md

CHANGELOG.md

 
 

LICENSE

LICENSE

 
 

NOTICE

NOTICE

 
 

README.md

README.md

 
 

TSK.sln

TSK.sln

 
 

TSK.sln.DotSettings

TSK.sln.DotSettings

 
 

codecov.yml

codecov.yml

 
 

Repository files navigation

Sequence Connector for The Sleuth Kit®

Sequence® is a collection of libraries for automation of cross-application e-discovery and forensic workflows.

This connector contains Steps that interact with the Autopsy Console application.

Steps

Step Description Result Type
AutopsyCreateNewCase Creates a new Autopsy Case. Unit
AutopsyAddDataSource Add a Data Source to an Autopsy Case. Unit
AutopsyGenerateReports Generate Reports for an Autopsy Case. Unit
AutopsyListDataSources List all Data Sources in an Autopsy Case. Unit

Examples

Create a new Case and add data to it

- AutopsyCreateNewCase
    CaseName: "TestCase"
    CaseBaseDirectory: "C:\\Cases"
    CaseType: AutopsyCaseType.single
    DataSourcePath: "C:\\Data\\loadfile_0001-10001.dat"
    IngestProfileName: ""

This will create a new case in c:\Cases. The Case name will be 'TestCase' with the current date and time appended to it.

Settings

The TSK Connector requires additional configuration which can be provided using the settings key in connectors.json.

Supported Settings

Name Required Type Description
AutopsyPath string The Path the to the Autopsy Executable

Example Settings

"Sequence.Connectors.TSK": {
  "id": "Sequence.Connectors.TSK",
  "enable": true,
  "version": "0.16.0",
  "settings": {
    "AutopsyPath": "C:\\Program Files\\Autopsy-4.19.1\\bin\\autopsy64.exe"
  }
}

Documentation

https://sequence.sh

Download

https://sequence.sh/download

Try SCL and Core

https://sequence.sh/playground

Package Releases

Can be downloaded from the Releases page.

NuGet Packages

Release nuget packages are available from nuget.org.

About

This repository is a mirror of https://gitlab.com/sequence/connectors/tsk

sequence.sh

Topics

automation orchestration forensics sequence ediscovery sleuthkit tsk autopsy edrm

Resources

Readme

License

Apache-2.0 license
Activity
Custom properties

Stars

0 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases

7 tags

Contributors 2

  •  
  •  

Languages