LinuxLinks.com
Newbies What Next ? News Forums Calendar

Search





News Sections
Home
General News (3973/0)
Reviews (628/0)
Press Releases (464/0)
Distributions (187/0)
Software (878/0)
Hardware (522/0)
Security (192/0)
Tutorials (345/0)
Off Topic (181/0)


User Functions
Username:

Password:

Don't have an account yet? Sign up as a New User


Events
There are no upcoming events




The Sleuth Kit

The Sleuth Kit

The Sleuth Kit (TSK) is a library and collection of command line file and volume system forensic analysis tools that allow you to investigate and analyze volume and file system data. With this software, investigators can identify and recover evidence from images acquired during incident response or from live systems. The software is open source, which allows investigators to verify the actions of the tool or customize it to specific needs.

The library can be incorporated into larger digital forensics tools and the command line tools can be directly used to find evidence.

The volume system (media management) tools allow you to examine the layout of disks and other media. TSK supports DOS partitions, BSD partitions (disk labels), Mac partitions, Sun slices (Volume Table of Contents), and GPT disks. With these tools, you can identify where partitions are located and extract them so that they can be analyzed with file system analysis tools.

TSK allows users to analyze a disk or file system image created by 'dd', or a similar application that creates a raw image. These tools are low-level and each performs a single task. When used together, they can perform a full analysis.

TSK is based on The Coroner's Toolkit.

 TSK 4.1.3

Price
Free to download

Size
7.6MB
License

IBM Public License, Common Public License, GNU GPL v2

Developer
Brian Carrier

Website
www.sleuthkit.org

System Requirements
Optional:

Autospy
AFFLIB
libEWF

Support:
The Sleuth Kit Informer, Wiki, Developer's Guide, SourceForge Project Page, Mailing Lists

Selected Reviews:
Secure Computing Magazine

Features include:

  • Analyzes raw (i.e. dd), Expert Witness (i.e. EnCase) and AFF file system and disk images
  • Supports the NTFS, FAT, UFS 1, UFS 2, EXT2FS, EXT3FS, and ISO 9660 file systems
  • Tools can be run on a live system during Incident Response. These tools will show files that have been "hidden" by rootkits and will not modify the A-Time of files that are viewed
  • List allocated and deleted ASCII and Unicode file names
  • Display the details and contents of all NTFS attributes (including all Alternate Data Streams)
  • Display file system and meta-data structure details
  • Create time lines of file activity, which can be imported into a spread sheet to create graphs and reports
  • Lookup file hashes in a hash database, such as the NIST NSRL, Hash Keeper, and custom databases that have been created with the 'md5sum' tool
  • Organize files based on their type (for example all executables, jpegs, and documents are separated). Pages of thumbnails can be made of graphic images for quick analysis
  • 'md5' and 'sha1' tools to generate hashes of files and other data
  • hfind creates an index of a hash database and perform quick lookups using a binary search algorithm
  • ils lists all metadata entries, such as an Inode
  • blkls displays data blocks within a file system (formerly called dls)
  • fls lists allocated and unallocated file names within a file system
  • fsstat displays file system statistical information about an image or storage medium
  • ffind searches for file names that point to a specified metadata entry
  • mactime creates a timeline of all files based upon their MAC times
  • disk_stat discovers the existence of a Host Protected Area

TSK

Return to Digital Forensics Home Page

Bookmark and Share


Last Updated Monday, May 26 2014 @ 12:14 PM EDT


We have written a range of guides highlighting excellent free books for popular programming languages. Check out the following guides: C, C++, C#, Java, JavaScript, CoffeeScript, HTML, Python, Ruby, Perl, Haskell, PHP, Lisp, R, Prolog, Scala, Scheme, Forth, SQL, Node.js (new), Fortran (new), Erlang (new), Pascal (new), and Ada (new).


Group Tests
All Group Tests

Top Free Software
5 Office Suites
7 Document Processors
6 Lean Desktops
6 Desktop Search
9 Project Management
9 Groupware Apps
14 File Managers
10 Databases
21 Backup Tools
21 DVD Tools
21 Window Managers
21 Productivity Tools
9 Terminal Emulators
21 Financial Tools
21 Text Editors
21 Video Emulators
21 Home Emulators
42 Graphics Apps
6 CAD Apps
42 Scientific Apps
10 Web Browsers
42 Email Apps
12 Instant Messaging
10 IRC Clients
7 Twitter Clients
12 News Aggregators
11 VoIP Apps
11 Remote Display Apps
42 Best Games
42 More Games
21 More Games
21 Notable Games (1)
21 Notable Games (2)
21 Notable Games (3)
8 ASCII Games
9 Educational Games
42 Audio Apps
42 Video Apps
6 Screencasting Apps
80 Security Apps
9 System Monitoring
6 Family History Apps
11 PDF Tools
6 Music Servers
6 Collection Managers
7 Calculator Apps
8 Geometry Apps
Free Console Apps
14 Multimedia
Programming
8 Compilers
9 IDEs
9 Debuggers
7 Revision Control Apps
6 Doc Generators
'Free' Proprietary
21 Closed-Source Apps
Top Commercial Apps
42 Games
Free Web Software
21 Web CMS
14 Wiki Engines
8 Blog Apps
6 eCommerce Apps
5 Human Resource Apps
10 ERP
10 CRM
6 Data Warehouse Apps
8 Business Intelligence
6 Point-of-Sale

All Group Tests

Other Articles
Migrating from Windows
Back up your data
Distribution Guide
Distro Portal Pages
20 Free Linux Books
Running Linux Under Windows


Older Stories
Saturday 08/02
  • The Best Lightweight Graphical Email Clients (0)

  • Sunday 07/20
  • Excellent Free Distraction-Free Tools for Writers (0)
  • Pick of the Bunch: Console Internet Applications (0)
  • Mobile Phone Management Made Easy (0)

  • Saturday 06/28
  • Easy File Comparisons With These Great Free Diff Tools (0)
  • 9 ASCII Games You'll Want to Play Again and Again (0)

  • Friday 06/13
  • 12 Remarkable Free Shell Scripting Books (0)

  • Saturday 06/07
  • Open Source LDAP Solutions (0)

  • Monday 06/02
  • Delightful ASCII Art Tools (0)

  • Saturday 05/31
  • Best Tools for Network Inventory Management (0)


  • Vote

    What do you find MOST attractive about Open Source software?

    Amount of customization
    Security
    Freedom provided
    Speed of development
    Quality
    Multiple versions
    Cost
    Potential to contribute
    Ability to modify code
    Results
    4850 votes | 2 comments

    Built with GeekLog and phpBB
    Comments to the webmaster are welcome
    Copyright 2009 LinuxLinks.com - All rights reserved