Difference between revisions of "Tools Using TSK or Autopsy"

From SleuthKitWiki
Jump to: navigation, search
(Bootable CDs with The Sleuth Kit & Autopsy)
 
(8 intermediate revisions by 7 users not shown)
Line 10: Line 10:
 
* [http://localareasecurity.com/ Local Area Security Linux]
 
* [http://localareasecurity.com/ Local Area Security Linux]
 
* [http://www.linux-forensics.com/downloads.html Penguin Sleuth Kit (knoppix)]
 
* [http://www.linux-forensics.com/downloads.html Penguin Sleuth Kit (knoppix)]
 +
* [http://www.networksecuritytoolkit.org Network Security Toolkit (NST)]
 
* [http://www.projectplanb.org/ Plan-B]
 
* [http://www.projectplanb.org/ Plan-B]
 
* [http://snarl.eecue.com/ Snarl (FreeBSD)]
 
* [http://snarl.eecue.com/ Snarl (FreeBSD)]
Line 16: Line 17:
 
* [http://www.iritaly-livecd.org IRItaly Live CD Project ('''Gentoo''' based)]
 
* [http://www.iritaly-livecd.org IRItaly Live CD Project ('''Gentoo''' based)]
 
* [http://www.forlex.it/index.php?option=com_content&view=section&layout=blog&id=7&Itemid=41&lang=it ForLEx Live CD - Forensic Linux Examination ('''Debian''' based)]
 
* [http://www.forlex.it/index.php?option=com_content&view=section&layout=blog&id=7&Itemid=41&lang=it ForLEx Live CD - Forensic Linux Examination ('''Debian''' based)]
 
 
'''Source(s):'''  [http://downloadranking.com/support.php  Tools Using TSK]
 
 
  
 
=Tools that Integrate The Sleuth Kit=
 
=Tools that Integrate The Sleuth Kit=
 
(in alphabetical order)
 
(in alphabetical order)
 
* [http://www.netmon.ch/allin1.html Allin1]
 
* [http://www.netmon.ch/allin1.html Allin1]
 +
* [http://archivematica.org/ Archivematica]
 
* [[Autopsy]]
 
* [[Autopsy]]
 
* [http://scripts4cf.sourceforge.net/tools.html NBTempo]
 
* [http://scripts4cf.sourceforge.net/tools.html NBTempo]
 
* [http://www.agilerm.net/publications_4.html Nigilant32 for Windows]
 
* [http://www.agilerm.net/publications_4.html Nigilant32 for Windows]
 
* [http://www.basistech.com/digital-forensics/odyssey.html Odyssey Digital Forensics Search]
 
* [http://www.basistech.com/digital-forensics/odyssey.html Odyssey Digital Forensics Search]
* [http://ptk.dflabs.com PTK Forensics]
+
* [http://ptk.dflabs.com PTK Forensics] [[PTK]]
 
* [http://pyflag.sourceforge.net/ PyFlag]
 
* [http://pyflag.sourceforge.net/ PyFlag]
 
* [http://scripts4cf.sourceforge.net/tools.html Raw2Fs]
 
* [http://scripts4cf.sourceforge.net/tools.html Raw2Fs]
Line 34: Line 32:
 
* [http://sfdumper.sourceforge.net/ Selective File Dumper]
 
* [http://sfdumper.sourceforge.net/ Selective File Dumper]
 
* [http://www.cerias.purdue.edu/homes/forensics/timeline.php Zeitline]
 
* [http://www.cerias.purdue.edu/homes/forensics/timeline.php Zeitline]
 
 
'''Source(s):'''  [http://downloadranking.com/support.php  Tools Using TSK]
 
 
  
 
=Add-ons / Patches for The Sleuth Kit and Autopsy=
 
=Add-ons / Patches for The Sleuth Kit and Autopsy=
Line 64: Line 58:
 
* Debian: [http://packages.debian.org/stable/admin/sleuthkit Debian Packages (stable)]
 
* Debian: [http://packages.debian.org/stable/admin/sleuthkit Debian Packages (stable)]
 
* Slackware: [http://www.linuxpackages.net/search_view.php?by=name&name=sleuthkit Slackware Packages]
 
* Slackware: [http://www.linuxpackages.net/search_view.php?by=name&name=sleuthkit Slackware Packages]
 
 
'''Source(s):'''  [http://downloadranking.com/support.php  Tools Using TSK]
 
 
  
 
=Autopsy Packages=
 
=Autopsy Packages=
Line 79: Line 69:
 
* Debian: [http://packages.debian.org/stable/admin/autopsy Debian Packages (stable)]
 
* Debian: [http://packages.debian.org/stable/admin/autopsy Debian Packages (stable)]
 
* Slackware: [http://www.linuxpackages.net/search_view.php?by=name&name=autopsy Slackware Packages]
 
* Slackware: [http://www.linuxpackages.net/search_view.php?by=name&name=autopsy Slackware Packages]
* Ubuntu: [http://www.bestessay.net www.bestessay.com]
+
* Ubuntu: [http://packages.ubuntu.com/search?keywords=autopsy Ubuntu Packages]
 
+
 
+
'''Source(s):'''  [http://downloadranking.com/support.php  Tools Using TSK]
+

Latest revision as of 05:06, 19 December 2016

Bootable CDs with The Sleuth Kit & Autopsy

(in alphabetical order)

Tools that Integrate The Sleuth Kit

(in alphabetical order)

Add-ons / Patches for The Sleuth Kit and Autopsy

The following were written by Sleuth Kit users and provide additional capabilities. Note that a patch may not work with the current version.
(in alphabetical order)

  • Comeforth: Script that uses TSK tools to process raw data. It is similar to lazarus, but Dan Higgens says that it provides a bit more flexibility for processing very large data sets.
  • FUNDL - File Undeleter: Script that uses TSK tools (fls and icat), for recovering the deleted files - Windows version Script.
  • foremost: Patch to use foremost with Autopsy. By Pepijn Vissers (vissers at fox-it dot com).
  • Forensic Hash Database: Patch to use hfind and sorter with the Forensic Hash Database. By Matthias Hofherr (matthias at mhofherr dot de).
  • Index Search: Patch to let Autopsy and The Sleuth Kit index the ASCII words in an image. This provides faster keyword searches in Autopsy than by just extracting the strings. By Paul Bakker ( bakker at fox-it dot com).
  • Recoup Directory Contents: Script to run fls and icat on a directory to export the files and create the needed subdirectories. By Dave Henkewick (dave at hoax dot ca).
  • Qt bindings for TSK: qttsk provides the user with a graphical frontend to fls and icat. In the future mmls will also be supported.
  • Unicode: (NOTE: This patch is no longer needed as of version 2.03) Patches for the NTFS code in The Sleuth Kit to show Unicode names. By TAKAHASHI Motonobu (monyo at home dot monyo dot com) and tessy (tessy at tessy dot jp).

Sleuth Kit Packages

The following packages have been contributed by Sleuth Kit users and/or distribution developers. NOTE: They have not been validated, reviewed, or tested by the original developers and have no warranties of any kind. Some packages may not be of the latest release, so check the version first.

Autopsy Packages

The following packages have been contributed by Autopsy users. NOTE: They have not been validated, reviewed, or tested by the original developers of Autopsy and have no warranties of any kind. Some packages may not be of the latest release, so check the version first.