2017-01-20 21:27:25 +08:00
|
|
|
The Sleuth Kit (TSK) is a library and collection of command line
|
|
|
|
|
tools that allow you to investigate disk images. The core
|
|
|
|
|
functionality of TSK allows you to analyze volume and file system
|
|
|
|
|
data. The plug-in framework allows you to incorporate additional
|
|
|
|
|
modules to analyze file contents and build automated systems. The
|
|
|
|
|
library can be incorporated into larger digital forensics tools and
|
2013-03-12 07:30:13 +08:00
|
|
|
the command line tools can be directly used to find evidence.
|
2010-05-12 04:55:30 +08:00
|
|
|
|
2013-03-12 07:30:13 +08:00
|
|
|
|
2017-01-20 21:27:25 +08:00
|
|
|
Sleuthkit can optionally use libewf (for Expert Witness files)
|
2013-07-15 03:19:42 +08:00
|
|
|
and afflib (for Advanced Forensic Format files).
|
2014-12-25 03:07:54 +08:00
|
|
|
|
|
|
|
|
Note: If you are building TSK for use with Plaso or the DFVFS, it is
|
2017-01-20 21:27:25 +08:00
|
|
|
strongly recommended that you build libewf support into TSK by
|
2014-12-25 03:07:54 +08:00
|
|
|
installing libewf first.
|
