Exploitation Layer
Jump to navigation
Jump to search
The Exploitation Layer is the collection of processes on the Message Bus that exploit data in Truxton. These are separate processes (or groups of processes) that operate on a single file at a time that Load extracted from the media.
Description
The exploitation layer is typically controlled by the Truxton Service and is configurable through the TruxtonService.xml
file.
If an ETL process dies, it will be restarted by the Truxton Service.
These processes run in the background and only wake up when a message arrives on their message queue.
When a message arrives, the process performs the given task and waits for the next message.
Default Exploiters
Truxton ships with the following members of the ETL layer.
Name | Description |
---|---|
Load | The loader of data |
Alert | For generating alerts |
Archives | Expanding some archive files |
Carve | Finding files in freespace |
ContactSheet | Creating video thumbnails |
For parsing EMail | |
Expand | Extracting information from files |
Finished | For tidying things up at the end of a load |
Identify | For identifying files based on their content |
LangID | Determines the language of text (Spanish, Chinese, etc) |
Maintenance | Performs non-forensic tasks such as deleting depots |
Notify | For notifying interested parties |
Poly | For expanding multi-part files |
Registry | Truxton's Regsitry exploitation |
RegRipper | For processing Windows Registry files |
RemoteFileExpander | Using proprietary technology to expand files |
Report | For preparing reports from raw data |
Stitch | For fragmented file carving |
TextExtract | Extracts text from files |
Thumbnail | Create thumbnails of images |
Yara | For scanning file contents and tagging |