Difference between revisions of "The Sleuth Kit"
From SleuthKitWiki
Apriestman (Talk | contribs) m (→Capabilities) |
Apriestman (Talk | contribs) m (→Capabilities) |
||
Line 10: | Line 10: | ||
* [[HFS]] | * [[HFS]] | ||
* ISO 9660 | * ISO 9660 | ||
+ | * [[NTFS]] | ||
* [[UFS|UFS 1, UFS 2]] | * [[UFS|UFS 1, UFS 2]] | ||
* [[YAFFS2]] | * [[YAFFS2]] |
Revision as of 08:11, 14 January 2014
The Sleuth Kit (TSK) is a digital forensics library and collection of command line tools that enable you to analyze disk images. The TSK Framework makes it easier to build end-to-end digital forensics solutions. TSK can be used in isolation, with the Autopsy user interface, or with one of the many Tools Using TSK or Autopsy.
You can get the official list of features at the sleuthkit.org site.
Capabilities
A summary of the tools contained in TSK can be found on the TSK Tool Overview page. Currently, TSK supports the following file systems:
- EXT2, EXT3, EXT4
- FAT, exFAT
- HFS
- ISO 9660
- NTFS
- UFS 1, UFS 2
- YAFFS2
Additional Information
- The TSK User's Guide has information for users who want to use TSK in an investigation.
- The TSK Library User's Guide has information for software developers who want to integrate TSK into their system.
- The TSK Developer's Guide has information for software developers who want to contribute to the project.