1 /*
2  * The Sleuth Kit
3  *
4  * Contact: Brian Carrier [carrier <at> sleuthkit [dot] org]
5  * Copyright (c) 2010-2012 Basis Technology Corporation. All Rights
6  * reserved.
7  *
8  * This software is distributed under the Common Public License 1.0
9  */
10 
11 #include "tsk/framework/framework_i.h"
12 
13 #ifndef _TSK_AUTO_IMPL_H
14 #define _TSK_AUTO_IMPL_H
15 
16 #ifdef __cplusplus
17 
18 // Include the other TSK header files
19 #include "tsk/libtsk.h"
20 #include "tsk/framework/services/TskImgDB.h"
21 #include "tsk/framework/services/Scheduler.h"
22 #include <map>
23 #include <string>
24 #include <queue>
25 
26 /**
27  * Implements TskAuto and is used to analyze the data in a disk image
28  * and populate TskImgDB with the results.  Call extractFiles() after
29  * image has been opened.
30  * Will queue up files and submit them after m_numOfFilesToQueue files
31  * are added to the queue.
32  */
33 class TSK_FRAMEWORK_API TSKAutoImpl:public TskAuto {
34 public:
35     TSKAutoImpl();
36     virtual ~ TSKAutoImpl();
37 
38     virtual uint8_t openImage(TSK_IMG_INFO *);
39     virtual void closeImage();
40 
41     virtual TSK_FILTER_ENUM filterVol(const TSK_VS_PART_INFO * vs_part);
42     virtual TSK_FILTER_ENUM filterFs(TSK_FS_INFO * fs_info);
43     virtual TSK_RETVAL_ENUM processFile(TSK_FS_FILE * fs_file, const char *path);
44     virtual uint8_t handleError();
45     uint8_t extractFiles();
46     uint8_t scanImgForFs(const uint64_t sect_start, const uint64_t sect_count = 1024);
47 
48 private:
49     TskImgDB &m_db;
50     int m_curFsId;
51     int m_curVsId;
52     bool m_vsSeen;
53     uint64_t m_numFilesSeen;
54     time_t m_lastUpdateMsg;
55     std::queue<Scheduler::task_struct> m_filesToSchedule;   ///< Scheduler tasks to submit once transaction is committed
56     static const unsigned int m_numOfFilesToQueue = 1000;    ///< max number of files to queue up in a transaction before committing
57 
58     TSK_RETVAL_ENUM insertFileData(TSK_FS_FILE * fs_file,
59         const TSK_FS_ATTR *, const char *path, uint64_t & fileId);
60     TSK_RETVAL_ENUM insertBlockData(const TSK_FS_ATTR * fs_attr);
61     virtual TSK_RETVAL_ENUM processAttribute(TSK_FS_FILE *,
62         const TSK_FS_ATTR * fs_attr, const char *path);
63     void createDummyVolume(const TSK_DADDR_T sect_start, const TSK_DADDR_T sect_len,
64                            const char * desc, TSK_VS_PART_FLAG_ENUM flags);
65     void commitAndSchedule();
66 };
67 
68 #endif
69 
70 #endif
71