The Sleuth Kit Explained

The Sleuth Kit
Author:Brian Carrier
Programming Language:C, Perl
Operating System:Unix-like, Windows
Genre:Computer forensics
License:IPL, CPL, GPL

The Sleuth Kit (TSK) is a library and collection of Unix- and Windows-based utilities for extracting data from disk drives and other storage so as to facilitate the forensic analysis of computer systems. It forms the foundation for Autopsy, a better known tool that is essentially a graphical user interface to the command line utilities bundled with The Sleuth Kit.[1] [2]

The collection is open source and protected by the GPL, the CPL and the IPL. The software is under active development and it is supported by a team of developers. The initial development was done by Brian Carrier[3] who based it on The Coroner's Toolkit. It is the official successor platform.[4]

The Sleuth Kit is capable of parsing NTFS, FAT/ExFAT, UFS 1/2, Ext2, Ext3, Ext4, HFS, ISO 9660 and YAFFS2 file systems either separately or within disk images stored in raw (dd), Expert Witness or AFF formats.[5] The Sleuth Kit can be used to examine most Microsoft Windows, most Apple Macintosh OSX, many Linux and some other UNIX computers.

The Sleuth Kit can be used via the included command line tools, or as a library embedded within a separate digital forensic tool such as Autopsy or log2timeline/plaso.

Tools

Some of the tools included in The Sleuth Kit include:

Applications

The Sleuth Kit can be used

See also

Notes and References

  1. Book: Parasram, Shiva V. N.. Digital forensics with Kali Linux: perform data acquisition, digital investigation, and threat analysis using Kali Linux tools. 2017. 978-1-78862-957-7. Birmingham, UK. 1020288734.
  2. Book: Altheide, Cory. Digital forensics with open source tools: using open source platform tools for performing computer forensics on target systems: Windows, Mac, Linux, UNIX, etc.. 2011. Syngress. Harlan A. Carvey. 978-1-59749-587-5. Burlington, MA. 713324784.
  3. Web site: About. 2016-08-30. www.sleuthkit.org. Brian Carrier.
  4. Web site: The Coroner's Toolkit (TCT).
  5. Web site: File and Volume System Analysis. www.sleuthkit.org. 2016-08-30 . Brian Carrier.
  6. Web site: Autopsy: Lesson 1: Analyzing Deleted JPEGs. 2020-06-20. www.computersecuritystudent.com.
  7. Web site: FS Analysis - SleuthKitWiki. 2020-06-20. wiki.sleuthkit.org.
  8. Web site: The Sleuth Kit - analyze disk images and recover files. 2020-06-20. LinuxLinks. en-GB.