There are many documents that outline TSK.
- The TSK Tool Overview page lists all of the command line tools in TSK.
- The FS Analysis Techniques page lists some of the analysis techniques that you can perform.
There are also pages on this site on more specific topics.
- NTFS File Recovery
- Error Messages
- Metadata Address
- data units
- Block Address
- Orphan Files
- TSK Version Numbers
- SQLite Database v2 Schema
This section contains links to articles on using The Sleuth Kit as a whole (i.e. the articles are not about a specific tool).
- Law Enforcement and Forensic Examiner Introduction to Linux: A Beginner's Guide. Barry Grundy. 2003 (NASA OIG) - Updated December 2008.
- CyberGuardians Cheat Sheet: 2-page PDF with sample commands for a variety of common TSK activities. Useful for veteran analysts who want to quickly look up a forgotten flag, or for a beginner looking to learn by example and experimentation.
- Running Sleuthkit and Autopsy Under Windows by Charles Lucas (local copy)
This section lists locations where relevant documents may be found.
- The Sleuth Kit Informer (www.sleuthkit.org) newsletter (no longer active)
- Sleuth Kit Documents Page (www.sleuthkit.org)
- Autopsy Documents Page (www.sleuthkit.org)
- GIAC Reports - Look at the reports that people submitted for their GIAC certification. There are quite a few if you search for 'sleuth' or 'autopsy'.