File: fw_setup.dox

package info (click to toggle)
sleuthkit 4.6.5-1%2Bdeb10u1
  • links: PTS, VCS
  • area: main
  • in suites: buster
  • size: 39,264 kB
  • sloc: ansic: 171,812; cpp: 44,216; sh: 31,364; java: 17,674; makefile: 1,241; xml: 838; perl: 797; python: 707; sed: 16
file content (65 lines) | stat: -rw-r--r-- 4,921 bytes parent folder | download | duplicates (5) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
 
/*! \page fw_setup_page Setting up the Image Analysis Process Infrastructure

This page outlines how to get the basic infrastructure in place for any type of run. 

The \ref fw_extract_page and \ref fw_pipeline_page pages focus on set up for the three phases of the image analysis process (see \ref basics_page for an overview of this process).  

\section fw_setup_env Development Environment

You will need to build the framework library using the instructions that come with the source code.  
You will also need to configure your build environment to depend on the <tt>libtskframework.dll</tt> file (or other dynamic library if on a non-Windows platform). 

You will need to include the <tt>framework.h</tt> file in your source code files. This header contains includes of other headers that define the core of the framework.  
You may need to include additional .h files depending on what framework classes and functions you need to use. 


\section fw_setup_minimal Minimal Setup

One of the design goals of the framework is to minimize the framework set up code that you need to write.  
This section outlines the minimal set of set up steps to take, relying on defualt implementations for the rest.  
If the default implementations do not meet your needs, you'll also need to refer to the \ref fw_setup_adv section.

\subsection fw_setup_min_serv Services

The framework's management of the disk image analysis process depends on the instantiation of a set of framework services. Review the \ref mod_stuff_services for an overview of these services.
  
Some of the framework services will default to a basic implementation if you do not supply your own implementation, but others require explicit set up and registration:

- Image Database: An instance of a class that implements the TskImgDB interface must be created and registered using TskServices::setImgDB().  
The framework comes with a basic SQLite implementation of TskImgDB (TskImgDBSqlite), but to use it you must construct a TskImgDBSqlite object and specify where you want to store the database file.

- Task Scheduling: An instance of of a class that implements the Scheduler interface must be created and registered using TskServices::setScheduler().  
Methods for getting tasks out of the scheduler will depend on the implementation and design of the scheduler, so it is up to the user of the framework library to create the instance and make sure that the tasks are retrieved from it.  
The framework comes with a basic queue implementation of the Scheduler interface (TskSchedulerQueue). 

<!--// @@@ Review this in future because it could default to ImgDB-->

- Blackboard: An instance of of a class that implements the TskBlackBoard interface must be created and registered using TskServices::setBlackboard().
Currently, the only implementation of this interface provided by the framework is the TskDBBlackBoard class that writes the blackboard contents to the image database. 

- Image File: An instance of of a class that implements the TskImageFile interface must be created and registered using TskServices::setImageFile().
TskImageFileTsk is the Sleuth Kit-based implementation of TskImageFile provided by the framework. 


\subsection fw_setup_min_prop System Properties
Currently only one of the predefined system properties managed by TskSystemProperties must be set:  

- Output Directory: TskSystemProperties::OUT_DIR must be set to the path of the desired output folder. In distributed systems, it is recommended that you specify the location of a shared output folder. 

In practice, other predefined ssytem properties will also need values. See TskSystemProperties::PredefinedProperty for details.

Note that the TskSystemProperties service is one of the framework services for which a default implementation will be created (see \ref fw_setup_adv) if one has not be explicitly created and registered.  
If you do not want the default implementation, ensure that before any settings are made, you construct and register an instance of your custom TskSystemProperties service. 


\section fw_setup_adv Advanced Setup

Some of the most basic framework services have default implementations that will be created as needed if a specific instance is not otherwise created and registered: 

- System Properties: The values returned by the TskSystemProperties service can be populated with a series of calls to TskSystemProperties::set() when a program launches or the system properties can be populated by a local configuration file.  
The default TskSystemPropertiesImpl class allows you to store configuration data in an XML file.  See its description for more details. 
- Logging: The Log interface allows messages from the framework and modules to go to a single location.  
If a specific instance is not set, messages will be sent to STDERR.  
Otherwise, a Log object can be explicitly created with a specified log file path. 

*/