Have ideas to improve npm?Join in the discussion! »

    tsk-js
    TypeScript icon, indicating that this package has built-in type declarations

    0.5.1 • Public • Published

    TSK-js

    Build Status NPM Downloads License

    A module that allows you to investigate disk images using Javascript by using The Sleuth Kit as library.

    Its main functionalities are image analysis (mmls), list allocated and deleted files inside a directory or file system (fls), extract files (icat), generate timelines (mactime) and look up strings inside the image (grep).

    Some of those functionalities are based on tools offered by The Sleuth Kit.

    Installation

    You can install it just using the command:

    $ npm install tsk-js --save

    Documentation

    The full documentation can be found here

    Usage example

    This is an example of a script that performs a brief analysis. To learn how to use it in more detail go to User guide section.

    const { TSK } = require("tsk-js");
    analyzeImage("hdd-001.dd")
     
    ////
     
    function searchRecursive(needle, img, imgaddr, inode, cb) {
        // Retrieve files in current folder
        const files = img.list({ imgaddr, inode });
     
        // Process 
        files
            .filter((f) => f.name === needle)
            .forEach((f) => cb(f));
     
        files
            .filter((f) => f.type === "directory")
            .forEach((f) => searchRecursive(needle, img, imgaddr, f.inode, cb));
    }
     
    function analyzePartition(img, imgaddr) {
        // Search file
        searchRecursive("carta.txt", img, imgaddr, undefined, (file) => {
            const { inode } = file;
            const buff = img.get({ imgaddr, inode });
     
            console.log("File found!");
            console.log("Print it's content:");
            console.log("---------------------------");
            console.log(buff.toString());
            console.log("---------------------------");
        });
     
        // Generate timeline
        const timeline = img.timeline(() => {}, { imgaddr });
        console.log(timeline.length);
    }
     
    function analyzeDisk(img, res) {
        res.partitions
            .filter((p) => p.hasFs)
            .forEach((p) => analyzePartition(img, p.start));
    }
     
    function analyzeImage(imgfile) {
        const img = new TSK("hdd-001.dd");
        const res = img.analyze();
        if (res.type === "disk") {
            analyzeDisk(img, res);
        } else {
            analyzePartition(img, 0);
        }
    }

    Keywords

    Install

    npm i tsk-js

    DownloadsWeekly Downloads

    35

    Version

    0.5.1

    License

    MIT

    Unpacked Size

    17.6 MB

    Total Files

    48

    Last publish

    Collaborators

    • avatar