Difference between revisions of "Help Documents"

From SleuthKitWiki
Jump to: navigation, search
(Moved articles from other doc page and rearranged this a bit.)
 
(22 intermediate revisions by 4 users not shown)
Line 1: Line 1:
This page contains links and references to help documents that were created by [[The Sleuth Kit]] and [[Autopsy]] users.  
+
This page contains links and references to online help documents on [[The Sleuth Kit]].  The [[Books and Courses on TSK]] page contains links to books and courses.
 +
 
 +
= Command Line Tools =
 +
* The [[TSK Tool Overview]] page lists all of the command line tools in TSK.
 +
* The [[FS Analysis]] Techniques page shows how the command line tools can be used.
 +
* [[Error Messages]] (Explanation of messages that you may encounter)
 +
 
 +
= Analysis Techniques =
 +
* [[Timelines]]
 +
 
 +
== Concepts ==
 +
These should get moved to a better location on the wiki
 +
* [[Metadata Address]]
 +
* [[data units]]
 +
* [[Block Address]]
 +
* [[Orphan Files]]
  
= English Documents =
 
 
== Big Picture ==
 
== Big Picture ==
 
This section contains links to articles on using The Sleuth Kit as a whole (i.e. the articles are not about a specific tool).  
 
This section contains links to articles on using The Sleuth Kit as a whole (i.e. the articles are not about a specific tool).  
 +
* [http://www.linuxleo.com/ Law Enforcement and Forensic Examiner Introduction to Linux: A Beginner's Guide]. Barry Grundy. 2003 (NASA OIG) - Updated December 2008.
 +
* [http://www.cyberguardians.org/docs/ForensicsSheet.pdf CyberGuardians Cheat Sheet]: 2-page PDF with sample commands for a variety of common TSK activities.  Useful for veteran analysts who want to quickly look up a forgotten flag, or for a beginner looking to learn by example and experimentation.
 +
* [http://www.memophage.net/Running_Sleuthkit_and_Autopsy_Under_Windows.pdf Running Sleuthkit and Autopsy Under Windows]  by Charles Lucas ([http://www.sleuthkit.org/sleuthkit/docs/lucas_cygwin_v1.2.pdf local copy])
 +
 +
 +
== General Locations ==
 +
This section lists locations where relevant documents may be found.
 
* [http://www.sleuthkit.org/informer/ The Sleuth Kit Informer (www.sleuthkit.org)] newsletter (no longer active)
 
* [http://www.sleuthkit.org/informer/ The Sleuth Kit Informer (www.sleuthkit.org)] newsletter (no longer active)
 
* [http://www.sleuthkit.org/sleuthkit/docs.php Sleuth Kit Documents Page (www.sleuthkit.org)]
 
* [http://www.sleuthkit.org/sleuthkit/docs.php Sleuth Kit Documents Page (www.sleuthkit.org)]
 
* [http://www.sleuthkit.org/autopsy/docs.php Autopsy Documents Page (www.sleuthkit.org)]
 
* [http://www.sleuthkit.org/autopsy/docs.php Autopsy Documents Page (www.sleuthkit.org)]
* [ftp://ftp.hq.nasa.gov/pub/ig/ccd/linuxintro/ Law Enforcement and Forensic Examiner Introduction to Linux: A Beginner's Guide]. Barry Grundy. 2003. NASA.
 
 
* [http://www.giac.org/ GIAC Reports] - Look at the reports that people submitted for their GIAC certification. There are quite a few if you search for 'sleuth' or 'autopsy'.
 
* [http://www.giac.org/ GIAC Reports] - Look at the reports that people submitted for their GIAC certification. There are quite a few if you search for 'sleuth' or 'autopsy'.
* [[Licenses]]
 
 
== Individual Tools ==
 
This section contains links to articles on using specific Sleuth Kit tools. All of the tools have a description on the main sleuthkit.org page, but the links below are for the new wiki home.
 
 
Sleuthkit is a suite of forensic analysis tools.  Tools are grouped by their focus (e.g.: hash analysis, volume records, etc.).  Below are all tools grouped by their particular focus area.
 
 
{| border="1" cellpadding="5" valign="top"
 
|-
 
!Focus
 
!Tools
 
|-
 
| Disk Tools || [[disk_sreset]], [[disk_stat]]
 
|-
 
| Volume System Tools || [[mmls]], [[mmstat]]
 
|-
 
| File System Tools (File Name Layer) || [[fls]], [[ffind]]
 
|-
 
| File System Tools (Meta Data Layer) || [[icat]], [[ifind]], [[ils]], [[istat]]
 
|-
 
| File System Tools (Data Layer) || [[dcalc]], [[dcat]], [[dls]], [[dstat]]
 
|-
 
| File System Tools (File System Layer) || [[fsstat]]
 
|-
 
| File System Tools (Journal Layer) || [[jcat]], [[jls]]
 
|-
 
| Hash Database Tools || [[hfind]]
 
|-
 
| Image Format Tools || [[img_cat]], [[img_stat]]
 
|-
 
|Time Line Tools || [[mactime]]
 
* A description of the [[mac-robber output]]
 
|}
 
  
 
=Non-English Documents=
 
=Non-English Documents=
 
* [http://www.monyo.com/technical/unix/TASK/autopsy-help-ja/ Japanese help by Motonobu Takahashi]
 
* [http://www.monyo.com/technical/unix/TASK/autopsy-help-ja/ Japanese help by Motonobu Takahashi]
 
* [http://alonsocaballero.informatizate.net/archivos/autopsy_reydes.pdf Documentación de Autopsy en español por Alonso E. Caballero Quezada]
 
* [http://alonsocaballero.informatizate.net/archivos/autopsy_reydes.pdf Documentación de Autopsy en español por Alonso E. Caballero Quezada]

Latest revision as of 20:27, 5 June 2012

This page contains links and references to online help documents on The Sleuth Kit. The Books and Courses on TSK page contains links to books and courses.

Command Line Tools

  • The TSK Tool Overview page lists all of the command line tools in TSK.
  • The FS Analysis Techniques page shows how the command line tools can be used.
  • Error Messages (Explanation of messages that you may encounter)

Analysis Techniques

Concepts

These should get moved to a better location on the wiki

Big Picture

This section contains links to articles on using The Sleuth Kit as a whole (i.e. the articles are not about a specific tool).


General Locations

This section lists locations where relevant documents may be found.

Non-English Documents