Python
Truxton supports Python 3.12 via a pyd library named Truxton.pyd
.
This exposes the functionality of Truxton to Python.
Contents
Overview
You must use the "import" directive to load the Truxton Python provider in a file named truxton.pyd
.
This directive will search a variety of folders for the pyd
file for Truxton (truxton.pyd
).
Normally, this file is installed in the SDK folder (C:\Program Files\Truxton\SDK
) along with all of the dependent files. Be sure to include the full path (e.g. c:\program files\truxton\sdk
)
in your PATH
environment variable so that Windows can locate all the needed dependencies.
You can modify the PYTHONPATH
environment variable to include the SDK folder and Python will automatically search this folder.
Doing so will allow you to specify the Truxton library at the top of your scripts:
import truxton
If you don't have permission to modify environment variables, or you want to test your code with different versions of Truxton, you can manually modify Python's module search path.
Instead of using PYTHONPATH
environment variable, you can tell Python which folder contains truxton.pyd
by adding the following to the top of your scripts:
import sys
sys.path.append('C:/Program Files/Truxton/SDK')
import truxton
You can, within code, change which version of Truxton will be used with your script. This ensures your script will always work should a breaking change be introduced in a subsequent release of Truxton.
When you import truxton
you will get all of the predefined constants for file type, data type, origins, locations,
messages, entities, relations, events, media, objects, url methods, and urls.
You can see them all by issuing a dir
command.
>>> dir(truxton)
This will allow your Python code to use the same constant names as C, C++ and C# code.
>>> print(truxton.Type_JPEG)
203
Once you have this working, you can start playing with Truxton.
import sys
sys.path.append('C:/Program Files/Truxton/SDK')
import truxton
def main() -> None:
t = truxton.create()
print(t.version)
return None
if __name__ == "__main__":
sys.exit(main())
Style
In general, when using a Truxton Python object, you will follow this pattern:
- Create the object
- Set the data members of the object
- Call
save()
to store the object in the Truxton database.
Until you call save()
, nothing will appear in Truxton.
Classes
Truxton exposes several classes to Python.
- Truxton - The top level object.
- TruxtonArtifact - For adding records to the
[Entity]
table. - TruxtonArtifactType - For adding custom artifact types to Truxton. This will make an entry in the
[EntityType]
table. - TruxtonBolo - For adding BOLO criteria to generate alerts.
- TruxtonChildFileIO - For writing a file to Truxton.
- TruxtonCommunication - For adding email, sms, mms, etc. communications to Truxton.
- TruxtonEnumeration - For enumerating everything in Truxton.
- TruxtonETL - For becoming a Truxton ETL process.
- TruxtonEvent - For adding records to the
[Event]
table. - TruxtonEventType - For adding custom event types to Truxton. This will make an entry in the
[EventType]
table. - TruxtonExport - For exporting files out of Truxton.
- TruxtonEXIF - For adding records to the
[EXIF]
table. - TruxtonFileIO - For working with a read-only file stored in Truxton.
- TruxtonFileType - For adding new file types to Truxton. This will make an entry in the
[FileType]
table. - TruxtonInvestigation - For creating new investigations in Truxton. This will make an entry in the
[Investigation]
table. - TruxtonInvestigationEvent - For creating new investigation events in Truxton. This will make an entry in the
[InvestigationEvent]
table. - TruxtonJurisdiction - For creating new jurisdictions in Truxton. This will make an entry in the
[Jurisdiction]
table. - TruxtonLocation - For adding geographic coordinates to the
[Location]
table. - TruxtonMedia - For adding media to Truxton. This will make an entry in the
[Media]
table. - TruxtonMessage - The way Truxton ETL processes communicate.
- TruxtonMessageAddress -
- TruxtonMessageParticipant -
- TruxtonNote - This will add notes to an investigation. This will make an entry in the
[InvestigatorNote]
table. - TruxtonObject - The object responsible for a connection to Truxton.
- TruxtonOptions - The object responsible for retrieving configuration variables from Truxton's Configuration System.
- TruxtonRelation - For adding records to the
[Relation]
table for relating two items in Truxton. - TruxtonSensitiveSiteList - For handling Sensitive Site Lists. A sensitive site is an area that you want to be aware if any geographic coordinate in the siezed media was near.
- TruxtonSubject - For adding subjects of investigations, aka persons of interest, aka suspects. This will make an entry in the
[Suspect]
table. - TruxtonUrl - For adding records to the
[WebsiteVisit]
table. - TruxtonUSB - For adding records to the
[USBDevice]
table.
Remarks
The Python API is designed primarily for programs to contribute to Truxton.
Truxton.pyd
was developed using the C API with a thin adapter layer of code to translate from Python provider semantics to Truxton calls.
Samples
- Open a file in Truxton - How to access the contents of a file in Truxton
- Register a New File Type - Create your own type of file
- ETL for File Identification - Identify new file types
- ETL for File Exploitation - Exploit files
- Export Videos - Export only unique videos from Truxton
- Export E01s - Exporting E01s from Truxton
- Rack Configuration - Displaying information about the configuration of a server in a rack
- Query the Truxton Database - Using Python to pull information out of the Truxton database
- Tag Notification - Your ETL gets notified when a user tags something
- Carve a File's Contents - You can carve a file already in Truxton
- Change Depot Paths - Change the path to the depot files in the database
- Identify Type of File - How to determine the type of a file
- List Supported File Types - How to list the types of files that Truxton knows about
- Add a file to be triaged - How to add a new file to be included in a Triage load
- Using SQLite - How to access SQLite databases in Truxton