Exploitation Layer

From truxwiki.com
Jump to navigation Jump to search

The Exploitation Layer is the collection of processes on the Message Bus that exploit data in Truxton. These are separate processes (or groups of processes) that operate on a single file at a time that Load extracted from the media.

Description

The exploitation layer is typically controlled by the Truxton Service and is configurable through the TruxtonService.xml file. If an ETL process dies, it will be restarted by the Truxton Service. These processes run in the background and only wake up when a message arrives on their message queue. When a message arrives, the process performs the given task and waits for the next message.

Default Exploiters

Truxton ships with the following members of the ETL layer.

Name Description
Load The loader of data
Alert For generating alerts
Archives Expanding some archive files
Carve Finding files in freespace
ContactSheet Creating video thumbnails
EMail For parsing EMail
Expand Extracting information from files
Finished For tidying things up at the end of a load
Identify For identifying files based on their content
LangID Determines the language of text (Spanish, Chinese, etc)
Maintenance Performs non-forensic tasks such as deleting depots
Notify For notifying interested parties
Poly For expanding multi-part files
Registry Truxton's Regsitry exploitation
RegRipper For processing Windows Registry files
RemoteFileExpander Using proprietary technology to expand files
Report For preparing reports from raw data
Stitch For fragmented file carving
TextExtract Extracts text from files
Thumbnail Create thumbnails of images
Yara For scanning file contents and tagging