The Sleuth Kit

The Sleuth Kit
Original author(s) Brian Carrier
Stable release
4.4.1 / May 30, 2017 (2017-05-30)
Development status Active
Written in C, Perl
Operating system Unix-like, Windows
Type Computer forensics
License IPL, CPL, GPL
Website www.sleuthkit.org

The Sleuth Kit (TSK) is a library and collection of Unix- and Windows-based utilities to facilitate the forensic analysis of computer systems. It was written and is maintained primarily by digital investigator Brian Carrier.[1]

The Sleuth Kit is capable of parsing NTFS, FAT/ExFAT, UFS 1/2, Ext2, Ext3, Ext4, HFS, ISO 9660 and YAFFS2 file systems either separately or within disk images stored in raw (dd), Expert Witness or AFF formats.[2] The Sleuth Kit can be used to examine most Microsoft Windows, most Apple Macintosh OSX, many Linux and some other UNIX computers.

The Sleuth Kit can be used:

The Sleuth Kit is a free, open source suite that provides a large number of specialized command-line based utilities.

It is based on The Coroner's Toolkit, and is the official successor platform.[3]

Tools

Some of the tools included in The Sleuth Kit include:

See also

References

  1. "About". www.sleuthkit.org. Brian Carrier. Retrieved 2016-08-30.
  2. "File and Volume System Analysis". www.sleuthkit.org. Brian Carrier. Retrieved 2016-08-30.
  3. http://www.porcupine.org/forensics/tct.html


This article is issued from Wikipedia. The text is licensed under Creative Commons - Attribution - Sharealike. Additional terms may apply for the media files.