| Original author(s) | Brian Carrier |
|---|---|
| Stable release | 3.0.0 / 2008-10-19 |
| Written in | c / perl |
| Type | Computer forensics |
| Website | http://www.sleuthkit.org/ |
The Sleuth Kit (TSK) is a library and collection of Unix- and Windows-based tools and utilities to allow for the forensic analysis of computer systems. It was written and maintained by digital investigator Brian Carrier. TSK can be used to perform investigations and data extraction from images of Windows, Linux and Unix computers. The Sleuth Kit is normally used in conjunction with its custom front-end application, Autopsy, to provide a user friendly interface. Now there is a new front-end extended interface named PTK[1]. Several other tools also use TSK for file extraction.
The Sleuth Kit is a free, open source suite that provides a large number of specialized command-line based utilities.
Contents |
Tools
Some of the tools included in The Sleuth Kit include:
- ils lists all metadata entries, such as an Inode.
- blkls displays data blocks within a file system (formerly called dls).
- fls lists allocated and unallocated file names within a file system.
- fsstat displays file system statistical information about an image or storage medium.
- ffind searches for file names that point to a specified metadata entry.
- mactime creates a timeline of all files based upon their MAC times.
- disk_stat (currently Linux-only) discovers the existence of a Host Protected Area.
References
- ^ http://wiki.sleuthkit.org/index.php?title=PTK Description of PTK in the Sleuth Kit Wiki
See also
External links
This entry is from Wikipedia, the leading user-contributed encyclopedia. It may not have been reviewed by professional editors (see full disclaimer)
