19 lines
842 B
Plaintext
19 lines
842 B
Plaintext
The Sleuth Kit (TSK) is a library and collection of command line
|
|
tools that allow you to investigate disk images. The core
|
|
functionality of TSK allows you to analyze volume and file system
|
|
data. The plug-in framework allows you to incorporate additional
|
|
modules to analyze file contents and build automated systems. The
|
|
library can be incorporated into larger digital forensics tools and
|
|
the command line tools can be directly used to find evidence.
|
|
|
|
Sleuthkit can optionally use the following libraries to support
|
|
various disk image formats:
|
|
- libewf (for Expert Witness files)
|
|
- afflib (for Advanced Forensic Format files).
|
|
- libvhdi
|
|
- libvmdk
|
|
|
|
Note: If you are building TSK for use with Plaso or the DFVFS, it is
|
|
strongly recommended that you build libewf, libvhdi and libvmdk
|
|
support into TSK by installing those libraries first.
|