This page contains links and references to online help documents on The Sleuth Kit and Autopsy. The Books and Courses on TSK page contains links to books and courses.

English Documents

Big Picture

This section contains links to articles on using The Sleuth Kit as a whole (i.e. the articles are not about a specific tool).

• The Sleuth Kit Informer (www.sleuthkit.org) newsletter (no longer active)
• Sleuth Kit Documents Page (www.sleuthkit.org)
• Autopsy Documents Page (www.sleuthkit.org)
• Law Enforcement and Forensic Examiner Introduction to Linux: A Beginner's Guide. Barry Grundy. 2003. NASA.
• GIAC Reports - Look at the reports that people submitted for their GIAC certification. There are quite a few if you search for 'sleuth' or 'autopsy'.
• CyberGuardians Cheat Sheet: 2-page PDF with sample commands for a variety of common TSK activities. Useful for veteran analysts who want to quickly look up a forgotten flag, or for a beginner looking to learn by example and experimentation.
• Licenses

Specific Topics

This section contains links to articles on specific topics that may not be specific to a specific tool.

• NTFS File Recovery

Individual Tools

This section contains links to pages on specific Sleuth Kit tools. All of the tools have a man page that comes with the tools. The man pages are automatically created with each release and a link to the latest man page is given in each of the below pages.

TSK is a suite of forensic analysis tools. Tools are grouped by their focus (e.g.: hash analysis, volume records, etc.). Below are all tools grouped by their particular focus area.

Non-English Documents

• Japanese help by Motonobu Takahashi
• Documentación de Autopsy en español por Alonso E. Caballero Quezada