Difference between revisions of "Help Documents"
From SleuthKitWiki
(Added link to the book / course page.) |
(→Big Picture) |
||
| Line 7: | Line 7: | ||
* [http://www.sleuthkit.org/sleuthkit/docs.php Sleuth Kit Documents Page (www.sleuthkit.org)] | * [http://www.sleuthkit.org/sleuthkit/docs.php Sleuth Kit Documents Page (www.sleuthkit.org)] | ||
* [http://www.sleuthkit.org/autopsy/docs.php Autopsy Documents Page (www.sleuthkit.org)] | * [http://www.sleuthkit.org/autopsy/docs.php Autopsy Documents Page (www.sleuthkit.org)] | ||
| − | * [ | + | * [http://www.linuxleo.com/ Law Enforcement and Forensic Examiner Introduction to Linux: A Beginner's Guide]. Barry Grundy. 2003. NASA. |
* [http://www.giac.org/ GIAC Reports] - Look at the reports that people submitted for their GIAC certification. There are quite a few if you search for 'sleuth' or 'autopsy'. | * [http://www.giac.org/ GIAC Reports] - Look at the reports that people submitted for their GIAC certification. There are quite a few if you search for 'sleuth' or 'autopsy'. | ||
* [[Licenses]] | * [[Licenses]] | ||
Revision as of 15:41, 7 May 2008
This page contains links and references to online help documents on The Sleuth Kit and Autopsy. The Books and Courses on TSK page contains links to books and courses.
English Documents
Big Picture
This section contains links to articles on using The Sleuth Kit as a whole (i.e. the articles are not about a specific tool).
- The Sleuth Kit Informer (www.sleuthkit.org) newsletter (no longer active)
- Sleuth Kit Documents Page (www.sleuthkit.org)
- Autopsy Documents Page (www.sleuthkit.org)
- Law Enforcement and Forensic Examiner Introduction to Linux: A Beginner's Guide. Barry Grundy. 2003. NASA.
- GIAC Reports - Look at the reports that people submitted for their GIAC certification. There are quite a few if you search for 'sleuth' or 'autopsy'.
- Licenses
Individual Tools
This section contains links to articles on using specific Sleuth Kit tools. All of the tools have a description on the main sleuthkit.org page, but the links below are for the new wiki home.
Sleuthkit is a suite of forensic analysis tools. Tools are grouped by their focus (e.g.: hash analysis, volume records, etc.). Below are all tools grouped by their particular focus area.
| Focus | Tools |
|---|---|
| Disk Tools | disk_sreset, disk_stat |
| Volume System Tools | mmls, mmstat |
| File System Tools (File Name Layer) | fls, ffind |
| File System Tools (Meta Data Layer) | icat, ifind, ils, istat |
| File System Tools (Data Layer) | dcalc, dcat, dls, dstat |
| File System Tools (File System Layer) | fsstat |
| File System Tools (Journal Layer) | jcat, jls |
| Hash Database Tools | hfind |
| Image Format Tools | img_cat, img_stat |
| Time Line Tools | mactime
|
