forensic_rs/
activity.rs

1
2use crate::utils::time::Filetime;
3
4/// Activity of a user in a device
5#[derive(Clone, Debug, Default)]
6pub struct ForensicActivity {
7    pub timestamp : Filetime,
8    pub user : String,
9    pub session_id : SessionId,
10    pub activity : ActivityType
11}
12#[derive(Clone, Debug, Default)]
13pub enum SessionId {
14    #[default]
15    Unknown,
16    Id(String)
17}
18#[derive(Clone, Debug, Default)]
19pub enum ActivityType {
20    Login,
21    Browsing(String),
22    FileSystem(FileSystemActivity),
23    ProgramExecution(ProgramExecution),
24    #[default]
25    Unknown
26}
27
28#[derive(Clone, Default)]
29pub struct ProgramExecution {
30    pub executable : String
31}
32
33impl ProgramExecution {
34    pub fn new(executable : String) -> Self {
35        Self {
36            executable
37        }
38    }
39}
40
41impl From<ProgramExecution> for ActivityType {
42    fn from(v: ProgramExecution) -> Self {
43        ActivityType::ProgramExecution(v)
44    }
45}
46impl std::fmt::Debug for ProgramExecution {
47    fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
48        f.write_str(&self.executable)
49    }
50}
51
52#[derive(Clone, Default, Debug)]
53pub enum FileSystemActivity {
54    Open(String),
55    Delete(String),
56    Move((String, String)),
57    Create(String),
58    #[default]
59    Unknown
60}
forensic_rs/activity.rs

forensic_rs/
activity.rs
