- The Sleuth Kit
Infobox Software
name = The Sleuth Kit
caption =
collapsible =
author =Brian Carrier
developer =
released =
latest release version = 2.52
latest release date =April 10 ,2008
latest preview version =
latest preview date =
frequently updated =
programming language =
operating system =
platform =
size =
language =
status =
genre =Computer forensics
license =
website = http://www.sleuthkit.org/The Sleuth Kit (TSK) is a library and collection of
Unix - and Windows-based tools and utilities to allow for the forensic analysis of computer systems. It was written and maintained by digital investigatorBrian Carrier . TSK can be used to perform investigations and data extraction from images of Windows,Linux andUnix computers. The Sleuth Kit is normally used in conjunction with its custom front-end application, Autopsy, to provide a user friendly interface. Now there is a new front-end extended interface namedPTK . Several other tools also use TSK for file extraction.The Sleuth Kit is a free,
open source suite that provides a large number of specialized command-line based utilities.Tools
Some of the tools included in The Sleuth Kit include:
* ils lists all metadata entries, such as anInode .
* dls displays data blocks within a file system.
* fls lists allocated and unallocated file names within a file system.
* fsstat displays file system statistical information about an image or storage medium.
* ffind searches for file names that point to a specified metadata entry.
* mactime creates a timeline of all files based upon theirMAC times .
* disk_stat discovers the existence of aHost Protected Area .See also
*
Selective file dumper External links
* [http://www.sleuthkit.org/ The Sleuth Kit Official website]
* [http://www.sleuthkit.org/informer/ The Sleuth Kit Informer newsletter]
* [http://wiki.sleuthkit.org/ Sleuth Kit Wiki]
* [http://ptk.dflabs.com PTK Official website]
Wikimedia Foundation. 2010.
