SE
sequence-sh/TSKConnector
This repository is a mirror of https://gitlab.com/sequence/connectors/tsk
Sequence Connector for The Sleuth Kit®
Sequence® is a collection of libraries for
automation of cross-application e-discovery and forensic workflows.
This connector contains Steps that interact with the
Autopsy Console application.
Steps
| Step | Description | Result Type |
|---|---|---|
AutopsyCreateNewCase |
Creates a new Autopsy Case. | Unit |
AutopsyAddDataSource |
Add a Data Source to an Autopsy Case. | Unit |
AutopsyGenerateReports |
Generate Reports for an Autopsy Case. | Unit |
AutopsyListDataSources |
List all Data Sources in an Autopsy Case. | Unit |
Examples
Create a new Case and add data to it
- AutopsyCreateNewCase
CaseName: "TestCase"
CaseBaseDirectory: "C:\\Cases"
CaseType: AutopsyCaseType.single
DataSourcePath: "C:\\Data\\loadfile_0001-10001.dat"
IngestProfileName: ""This will create a new case in c:\Cases.
The Case name will be 'TestCase' with the current date and time appended to it.
Settings
The TSK Connector requires additional configuration which can be
provided using the settings key in connectors.json.
Supported Settings
| Name | Required | Type | Description |
|---|---|---|---|
| AutopsyPath | ✔ | string |
The Path the to the Autopsy Executable |
Example Settings
"Sequence.Connectors.TSK": {
"id": "Sequence.Connectors.TSK",
"enable": true,
"version": "0.16.0",
"settings": {
"AutopsyPath": "C:\\Program Files\\Autopsy-4.19.1\\bin\\autopsy64.exe"
}
}Documentation
Download
Try SCL and Core
https://sequence.sh/playground
Package Releases
Can be downloaded from the Releases page.
NuGet Packages
Release nuget packages are available from nuget.org.