This is a non-IMPACT record, meaning that access to the data is not
controlled by IMPACT. For access, see the directions below.
Disclaimer:
This Resource is offered and provided outside of the IMPACT mediation framework. IMPACT and the IMPACT Coordination Council/Blackfire Technology, Inc. expressly disclaim all conditions, representations and warranties including but not limited to Resource availability, quality, accuracy, non-infringement, and non-interference. All Resource information and access is controlled by entities and under terms that are external to the IMPACT legal framework.
Disclaimer:
This Resource is offered and provided outside of the IMPACT mediation framework. IMPACT and the IMPACT Coordination Council/Blackfire Technology, Inc. expressly disclaim all conditions, representations and warranties including but not limited to Resource availability, quality, accuracy, non-infringement, and non-interference. All Resource information and access is controlled by entities and under terms that are external to the IMPACT legal framework.
Summary
DS-1343
The Sleuth Kit
External Tool
External Data Source
GitHub
Unknown
Unknown
56 (lowest rank is 56)
Description
The Sleuth Kit (TSK) is a library and collection of command line digital forensics tools that allow you to investigate volume and file system data. The library can be incorporated into larger digital forensics tools and the command line tools can be directly used to find evidence.
The Sleuth Kit is an open source forensic toolkit for analyzing Microsoft and UNIX file systems and disks. The Sleuth Kit enables investigators to identify and recover evidence from images acquired during incident response or from live systems. The Sleuth Kit is open source, which allows investigators to verify the actions of the tool or customize it to specific needs. The Sleuth Kit uses code from the file system analysis tools of The Coroner's Toolkit (TCT) by Wietse Venema and Dan Farmer. The TCT code was modified for platform independence. In addition, support was added for the NTFS (see docs/ntfs.README) and FAT (see docs/fat.README) file systems.The Sleuth Kit allows one to analyze a disk or file system image created by 'dd', or a similar application that creates a raw image. These tools are low-level and each performs a single task. When used together, they can perform a full analysis.
Additional Details
46.6MB
false
Unknown
kit, sleuth, 1343, the sleuth kit, source, inferlink corporation, external data source, corporation, inferlink, external, tools, forensics, library, command, digital, file, system, evidence, volume, larger, investigate, tsk, incorporated, systems, code, tct, readme, toolkit, ntfs, fat, analysis, docs, investigators, image, recover, analyzing, enables, live, verify, dan, identify, independence, perform, farmer, response, application, performs, single, forensic, specific, microsoft, analyze, incident, platform, actions, creates, images, venema, level, task, created, disk, raw, support, unix, customize, modified, wietse, acquired, addition, disks, dd, other, coroner, tool