Difference between revisions of "The Sleuth Kit"

From SleuthKitWiki
Jump to: navigation, search
m (Capabilities)
m (Capabilities)
 
Line 9: Line 9:
 
* [[FAT]], [[exFAT]]
 
* [[FAT]], [[exFAT]]
 
* [[HFS]]
 
* [[HFS]]
* ISO 9660
+
* [[ISO9660|ISO 9660]]
 
* [[NTFS]]
 
* [[NTFS]]
 
* [[UFS|UFS 1, UFS 2]]
 
* [[UFS|UFS 1, UFS 2]]

Latest revision as of 08:29, 15 January 2014

The Sleuth Kit (TSK) is a digital forensics library and collection of command line tools that enable you to analyze disk images. The TSK Framework makes it easier to build end-to-end digital forensics solutions. TSK can be used in isolation, with the Autopsy user interface, or with one of the many Tools Using TSK or Autopsy.

You can get the official list of features at the sleuthkit.org site.

Capabilities

A summary of the tools contained in TSK can be found on the TSK Tool Overview page. Currently, TSK supports the following file systems:

Additional Information

  • The TSK User's Guide has information for users who want to use TSK in an investigation.
  • The TSK Library User's Guide has information for software developers who want to integrate TSK into their system.
  • The TSK Developer's Guide has information for software developers who want to contribute to the project.

General Information