slackbuilds/system/sleuthkit
Barry J. Grundy 640598ed25
system/sleuthkit: Updated for version 4.11.1
Signed-off-by: Willy Sudiarto Raharjo <willysr@slackbuilds.org>
2022-04-30 13:52:11 +07:00
..
README system/sleuthkit: Disable Java support by default. 2022-02-25 22:58:03 +07:00
slack-desc
sleuthkit.SlackBuild system/sleuthkit: Updated for version 4.11.1 2022-04-30 13:52:11 +07:00
sleuthkit.info system/sleuthkit: Updated for version 4.11.1 2022-04-30 13:52:11 +07:00

README

The Sleuth Kit (TSK) is a library and collection of command line
tools that allow you to investigate disk images. The core
functionality of TSK allows you to analyze volume and file system
data. The plug-in framework allows you to incorporate additional
modules to analyze file contents and build automated systems. The
library can be incorporated into larger digital forensics tools and
the command line tools can be directly used to find evidence.

Sleuthkit can optionally use the following libraries to support
various disk image formats:
  - libewf (for Expert Witness files)
  - afflib (for Advanced Forensic Format files).
  - libvhdi
  - libvmdk

Note: If you are building TSK for use with Plaso or the DFVFS, it is
strongly recommended that you build libewf, libvhdi and libvmdk
support into TSK by installing those libraries first.

Note: by default, Java support is disabled in this build. If you
require Java support, install a JDK (jdk, openjdk8, etc), source its
profile script, and run sleuthkit.SlackBuild with JAVA=yes in the
environment. Be warned that the Java build process downloads many
files, therefore it requires network access (something SlackBuild
scripts normally don't do).