“The Sleuth Kit (TSK) is a library and collection of command line tools that allow you to investigate volume and file system data. It is a collection of open source file system forensics tools that allow one to view allocated and deleted data from NTFS, FAT, FFS, and EXT2FS images. The Autopsy Forensic Browser provides a graphical interface to The Sleuth Kit.
The Sleuth Kit is an open source forensic toolkit for analyzing Microsoft and UNIX file systems and disks. The Sleuth Kit enables investigators to identify and recover evidence from images acquired during incident response or from live systems. The Sleuth Kit is open source, which allows investigators to verify the actions of the tool or customize it to specific needs.“
Official change log for The Sleuth Kit:
New Features:
- More DOS partition types are displayed.
- Added fcat tool that takes in file name and exports content (equivalent to using ifind and icat together).
- performance improvements with FAT code (maps and dir_add)
- performance improvements with NTFS code (maps)
- added AONLY flag to block_walk
- Updated blkls and blkcalc to use AONLY flag — MUCH faster.
Bug Fixes:
- Fixed mactime issue where it could choose the wrong timezone that did not follow daylight savings times.
- Fixed file size of alternate data streams in framework.
- Incorporated memory leak fixes and raw device fixes from ADF Solutions.
Download The Sleuth Kit:
The Sleuth Kit 4.0.1 – sleuthkit-win32-4.0.1.zip/sleuthkit-framework-win32-4.0.1.zip/sleuthkit-4.0.1.tar.gz
No comments:
Post a Comment