Difference between revisions of "Tools Using TSK or Autopsy"

From SleuthKitWiki
Jump to: navigation, search
Line 16: Line 16:
 
* [http://pyflag.sourceforge.net/ PyFlag]
 
* [http://pyflag.sourceforge.net/ PyFlag]
 
* [http://www.cerias.purdue.edu/homes/forensics/timeline.php Zeitline]
 
* [http://www.cerias.purdue.edu/homes/forensics/timeline.php Zeitline]
 +
 +
=Add-ons / Patches for The Sleuth Kit=
 +
The following were written by Sleuth Kit users and provide additional capabilities. Note that a patch may not work with the current version.<br>
 +
(in alphabetical order)
 +
* Comeforth: http://sourceforge.net/project/showfiles.php?group_id=55685&package_id=128368 Script] that uses TSK tools to process raw data. It is similar to lazarus, but Dan Higgens says that it provides a bit more flexibility for processing very large data sets.
 +
* Forensic Hash Database: [http://www.forinsect.de/forensics/ Patch] to use hfind and sorter with the Forensic Hash Database. By Matthias Hofherr (matthias at mhofherr dot de).
 +
* Index Search: [http://brainspark.nl/?show=tools_sleuthkit Patch] to let The Sleuth Kit index the ASCII words in an image. This provides faster keyword searches in Autopsy than by just extracting the strings. By Paul Bakker ( bakker at fox-it dot com).
 +
* Recoup Directory Contents: [http://metawire.org/~henk/recoup Script] to run fls and icat on a directory to export the files and create the needed subdirectories. By Dave Henkewick (dave at hoax dot ca).
 +
* Unicode: (NOTE: This patch is no longer needed as of version 2.03) [http://www.t-dori.net/forensics/ Patches] for the NTFS code in The Sleuth Kit to show Unicode names. By TAKAHASHI Motonobu (monyo at home dot monyo dot com) and tessy (tessy at tessy dot jp).
 +
 +
 +
 +
= Sleuth Kit Packages=
 +
The following packages have been contributed by Sleuth Kit users. NOTE: They have not been validated, reviewed, or tested by the original developers and have no warranties of any kind. Some packages may not be of the latest release, so check the version first.
 +
* [http://www.spenneberg.com/6.html?subject=%2FForensics%2F Ralf Spenneberg]
 +
* Oden Eriksson: [http://rpmfind.net/linux/rpm2html/search.php?query=sleuthkit RPM Find]
 +
* [http://packages.gentoo.org/search/?sstring=sleuthkit Gentoo]
 +
* Thomas Rude: [http://www.crazytrain.com/down.html crazytrain.com]
 +
* Matthew Shannon: [http://sleuthkit.sourceforge.net/packages/shannon/sleuthkit-1.62-1.src.rpm src], [http://sleuthkit.sourceforge.net/packages/shannon/sleuthkit-1.62-1.i686.rpm i686] (Note that no Autopsy rpms match this rpm).
 +
* Dag Wieers: http://dag.wieers.com/packages/sleuthkit/ dag.wieers.com]
 +
* opr: [http://www.freebsd.org/cgi/ports.cgi?query=^sleuthkit&stype=all FreeBSD Ports]
 +
 +
 +
 +
=Add-ons / Patches for Autopsy=
 +
(in alphabetical order)
 +
*

Revision as of 20:18, 4 June 2007

Bootable CDs with The Sleuth Kit & Autopsy

(in alphabetical order)

Tools that Integrate The Sleuth Kit

(in alphabetical order)

Add-ons / Patches for The Sleuth Kit

The following were written by Sleuth Kit users and provide additional capabilities. Note that a patch may not work with the current version.
(in alphabetical order)

  • Comeforth: http://sourceforge.net/project/showfiles.php?group_id=55685&package_id=128368 Script] that uses TSK tools to process raw data. It is similar to lazarus, but Dan Higgens says that it provides a bit more flexibility for processing very large data sets.
  • Forensic Hash Database: Patch to use hfind and sorter with the Forensic Hash Database. By Matthias Hofherr (matthias at mhofherr dot de).
  • Index Search: Patch to let The Sleuth Kit index the ASCII words in an image. This provides faster keyword searches in Autopsy than by just extracting the strings. By Paul Bakker ( bakker at fox-it dot com).
  • Recoup Directory Contents: Script to run fls and icat on a directory to export the files and create the needed subdirectories. By Dave Henkewick (dave at hoax dot ca).
  • Unicode: (NOTE: This patch is no longer needed as of version 2.03) Patches for the NTFS code in The Sleuth Kit to show Unicode names. By TAKAHASHI Motonobu (monyo at home dot monyo dot com) and tessy (tessy at tessy dot jp).


Sleuth Kit Packages

The following packages have been contributed by Sleuth Kit users. NOTE: They have not been validated, reviewed, or tested by the original developers and have no warranties of any kind. Some packages may not be of the latest release, so check the version first.


Add-ons / Patches for Autopsy

(in alphabetical order)