Difference between revisions of "Help Documents"
m (Move mactime details link to mactime page.) |
m |
||
| Line 18: | Line 18: | ||
== Individual Tools == | == Individual Tools == | ||
| − | This section contains links to | + | This section contains links to pages on specific Sleuth Kit tools. All of the tools have a man page that comes with the tools. The man pages are automatically created with each release and a link to the latest man page is given in each of the below pages. |
| − | + | TSK is a suite of forensic analysis tools. Tools are grouped by their focus (e.g.: hash analysis, volume records, etc.). Below are all tools grouped by their particular focus area. | |
{| border="1" cellpadding="5" valign="top" | {| border="1" cellpadding="5" valign="top" | ||
| Line 46: | Line 46: | ||
|- | |- | ||
|Time Line Tools || [[mactime]] | |Time Line Tools || [[mactime]] | ||
| + | |} | ||
=Non-English Documents= | =Non-English Documents= | ||
* [http://www.monyo.com/technical/unix/TASK/autopsy-help-ja/ Japanese help by Motonobu Takahashi] | * [http://www.monyo.com/technical/unix/TASK/autopsy-help-ja/ Japanese help by Motonobu Takahashi] | ||
* [http://alonsocaballero.informatizate.net/archivos/autopsy_reydes.pdf Documentación de Autopsy en español por Alonso E. Caballero Quezada] | * [http://alonsocaballero.informatizate.net/archivos/autopsy_reydes.pdf Documentación de Autopsy en español por Alonso E. Caballero Quezada] | ||
Revision as of 18:47, 11 September 2008
This page contains links and references to online help documents on The Sleuth Kit and Autopsy. The Books and Courses on TSK page contains links to books and courses.
Contents
English Documents
Big Picture
This section contains links to articles on using The Sleuth Kit as a whole (i.e. the articles are not about a specific tool).
- The Sleuth Kit Informer (www.sleuthkit.org) newsletter (no longer active)
- Sleuth Kit Documents Page (www.sleuthkit.org)
- Autopsy Documents Page (www.sleuthkit.org)
- Law Enforcement and Forensic Examiner Introduction to Linux: A Beginner's Guide. Barry Grundy. 2003. NASA.
- GIAC Reports - Look at the reports that people submitted for their GIAC certification. There are quite a few if you search for 'sleuth' or 'autopsy'.
- CyberGuardians Cheat Sheet: 2-page PDF with sample commands for a variety of common TSK activities. Useful for veteran analysts who want to quickly look up a forgotten flag, or for a beginner looking to learn by example and experimentation.
- Licenses
Specific Topics
This section contains links to articles on specific topics that may not be specific to a specific tool.
Individual Tools
This section contains links to pages on specific Sleuth Kit tools. All of the tools have a man page that comes with the tools. The man pages are automatically created with each release and a link to the latest man page is given in each of the below pages.
TSK is a suite of forensic analysis tools. Tools are grouped by their focus (e.g.: hash analysis, volume records, etc.). Below are all tools grouped by their particular focus area.
| Focus | Tools |
|---|---|
| Disk Tools | disk_sreset, disk_stat |
| Volume System Tools | mmls, mmstat, mmcat |
| File System Tools (File Name Layer) | fls, ffind |
| File System Tools (Meta Data Layer) | icat, ifind, ils, istat |
| File System Tools (Data Layer) | dcalc, dcat, dls, dstat |
| File System Tools (File System Layer) | fsstat |
| File System Tools (Journal Layer) | jcat, jls |
| Hash Database Tools | hfind |
| Image Format Tools | img_cat, img_stat |
| Time Line Tools | mactime |
