ForensicsWiki will continue to operate as it has before and will not be shutting down. Thank you for your continued support of ForensicsWiki.

Difference between pages "The Sleuth Kit" and "Technology Pathways"

From ForensicsWiki
(Difference between pages)
Jump to: navigation, search
m (See Also)
 
 
Line 1: Line 1:
{{Infobox_Software |
+
{{expand}}
  name = The Sleuth Kit |
+
  maintainer = [[Brian Carrier]] |
+
  os = {{Linux}}, {{FreeBSD}}, {{OpenBSD}}, {{Mac OS X}}, {{SunOS}} |
+
  genre = {{Analysis}} |
+
  license = {{IBM Open Source License}}, {{Common Public License}}, {{GPL}} |
+
  website = [http://www.sleuthkit.org/ sleuthkit.org] |
+
}}
+
  
'''The Sleuth Kit''' ('''TSK''') is a collection of [[UNIX]]-based command line tools that allow you to investigate a computer. The current focus of the tools is the file and volume systems and TSK supports [[FAT]] (12/16/32), [[Ext2]]/[[Ext3|3]], [[NTFS]], [[Ufs|UFS]] (1 & 2), and ISO 9660 [[file system]]s.
+
== Products ==
 +
* [[ProDiscover]]
  
[[Autopsy]] is a frontend for TSK which allows browser-based access to the TSK tools.
+
== External Links ==
+
* [http://www.techpathways.com/ Official website]
=Features=
+
  
The Sleuth Kit is arranged in layers. There is a ''data layer'' which is concerned with how information is stored on a disk and a ''metadata layer'' which is considered with information such as [[inode]]s and [[directory|directories]]. The commands that deal with the data layer are prefixed with the letter ''d'', which the commands that deal with the metadata layer are prefixed with the letter ''i''.
+
[[Category:Organizations]]
 
+
[[Category:Vendors]]
Some of the commands in Sleuth Kit are:
+
 
+
; dcat
+
: Views the contents of a [[block]].
+
 
+
; dls
+
: Lists [[unallocated block]]s. Makes keyword searches more efficient. Gets a list of unallocated blocks.
+
 
+
; dcalc
+
: Tells you where an unallocated blocks are.
+
 
+
; dstat
+
: Details about a given block.
+
 
+
; icat
+
: View contents of a file given its inode value or [[cluster number]]. Doesn't list directories, lists the contents.
+
 
+
; ils
+
: Lists the files extents on a disk.
+
 
+
; istat
+
: Information about an inode number.
+
 
+
==File Systems Understood==
+
 
+
* [[NTFS]]
+
* [[FAT]]
+
* [[Ext2]], [[Ext3]]
+
* [[Ufs|UFS]] (1 & 2)
+
* ISO 9660
+
+
==File Search Facilities==
+
 
+
* Lists allocated and unallocated files.
+
* Lists and sorts by file type.
+
* Shows a time of creation and change.
+
+
==Historical Reconstruction==
+
+
==Searching Abilities==
+
+
* Searches for keywords.
+
* Builds an index.
+
 
+
==Hash Databases==
+
 
+
* Uses [[MD5]] or [[SHA-1]].
+
* Interfaces with NIST [[NSRL]], [[Hashkeeper]] and customer databases.
+
+
==Evidence Collection Features==
+
+
* Tracks forensic activity.
+
 
+
=History=
+
 
+
==License Notes==
+
 
+
Is it commercial or open source? Are there other licensing options?
+
 
+
= See Also =
+
* [[The Sleuth Kit How-To]]
+
 
+
= External Links =
+
 
+
* [http://www.sleuthkit.org/autopsy/desc.php Autopsy website]
+
+
==External Reviews==
+

Latest revision as of 07:29, 4 August 2012

Information icon.png

Please help to improve this article by expanding it.
Further information might be found on the discussion page.

Products

External Links