Skip to content

py4n6/pytsk

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

pytsk is a Python binding for the SleuthKit.

This is a Python binding against the libtsk (SleuthKit library). The aim is
to make the binding reflect the TSK API as much as possible in capabilities,
while at the same time having a nice Pythonic OO interface:

4.11.1: http://www.sleuthkit.org/sleuthkit/docs/api-docs/4.11.1/

WARNING: use pytsk at your own risk. libtsk is known to have many defects. For
processing data from untrusted sources it is highly recommended to add
additional security measures, such as a security sandbox.

If downloaded pytsk using git you'll have to first run:

python setup.py update

If you want to use the latest version of Sleuthkit that is checked into git
(also known as HEAD), instead of the currently supported version, you can run:

python setup.py update --use-head

To build the bindings just use the standard Python setuptools:

python setup.py build
python setup.py install

At the top level of the source tree.

The Python binding is autogenerated from the libtsk header files using a small
OO C shim. This means that most of the fields in many of the structs are already
available. We aim to provide most of the functionality using this shim (e.g.
traversing and iterating over lists etc). The authoritative source of
documentation is the library API linked above.