This section contains links to articles on using The Sleuth Kit as a whole (i.e. the articles are not about a specific tool).
- The Sleuth Kit Informer (www.sleuthkit.org) newsletter (no longer active)
- Sleuth Kit Documents Page (www.sleuthkit.org)
- Autopsy Documents Page (www.sleuthkit.org)
- Law Enforcement and Forensic Examiner Introduction to Linux: A Beginner's Guide. Barry Grundy. 2003. NASA.
- GIAC Reports - Look at the reports that people submitted for their GIAC certification. There are quite a few if you search for 'sleuth' or 'autopsy'.
- CyberGuardians Cheat Sheet: 2-page PDF with sample commands for a variety of common TSK activities. Useful for veteran analysts who want to quickly look up a forgotten flag, or for a beginner looking to learn by example and experimentation.
This section contains links to articles on specific topics that may not be specific to a specific tool.
This section contains links to pages on specific Sleuth Kit tools. All of the tools have a man page that comes with the tools. The man pages are automatically created with each release and a link to the latest man page is given in each of the below pages.
TSK is a suite of forensic analysis tools. Tools are grouped by their focus (e.g.: hash analysis, volume records, etc.). Below are all tools grouped by their particular focus area.
|Disk Tools||disk_sreset, disk_stat|
|Volume System Tools||mmls, mmstat, mmcat|
|File System Tools (File Name Layer)||fls, ffind|
|File System Tools (Meta Data Layer)||icat, ifind, ils, istat|
|File System Tools (Data Layer)||dcalc, dcat, dls, dstat|
|File System Tools (File System Layer)||fsstat|
|File System Tools (Journal Layer)||jcat, jls|
|Hash Database Tools||hfind|
|Image Format Tools||img_cat, img_stat|
|Time Line Tools||mactime|