Closed muteb closed 3 years ago
muteb
commented
3 years ago Thanks alot for implementing it.
let bytes_read = unsafe {tsk::tsk_fs_attr_read( self.tsk_fs_attr, self._offset, buf.as_mutptr() as , read_size, tsk::TSK_FS_FILE_READ_FLAG_ENUM_TSK_FS_FILE_READ_FLAG_NONE )};
forensicmatt
commented
3 years ago Sorry for the late response. Yes, you can now do basic read as seen in this test: https://github.com/forensicmatt/libtsk-rs/blob/5fba7c692e08e6de96dc3f40a41651d9881f360d/tests/test_tsk_wrappers.rs#L147
Keep in mind this is still very WIP and not stabalized. I plan to make even more changes to this so that different read flags can be specified.
I still have not implement read use the file apis.
Hi Matt, Thank you very much for this awesome wrapper. much appreciated.
Well I'm trying to read a file from the PhysicalDrive0 and save it to another location on my desk.. I believe the "file_open" function is the one that reads the file but it returns a handle: pub fn file_open(&self, path: &str) -> Result<TskFsFile, TskError> { TskFsFile::from_path(&self, path) }
Return result >> TskFsFile { tsk_fs: TskFs { handle: 0x26b81457b20 }, handle: 0x26b8bf13e60 }
Am I on the right direction and what would be the best way to do the copy?
Thanks,