 |
| FOCSoft.BlogSpot.Com |
The Sleuth Kit is a C++ library and collection of open source file system forensics tools that allow you to, among other things, view allocated and deleted data from NTFS, FAT, FFS, EXT2, Ext3, HFS+, and ISO9660 images.
The Sleuth Kit® (TSK) is a library and collection of command line tools that allow you to investigate disk images. The core functionality of TSK allows you to analyze volume and file system data. The plug-in framework
allows you to incorporate additional modules to analyze file contents
and build automated systems. The library can be incorporated into larger
digital forensics tools and the command line tools can be directly used to find evidence.
There are three different packages for each The Sleuth Kit® (TSK) release.
- sleuthkit-X.X.X.tar.gz: This is the source code release of TSK core and framework that you must compile on your computer. This is most commonly used on non-windows systems.
- sleuthkit-X.X.X-win32.zip: This is the compiled windows release of TSK core. This has executables and libraries that allow you to run this on windows.
- sleuthkit-X.X.X-framework-win32.zip: This is the compiled windows release of the framework. It has the tsk_analyzeimg program that allows you to run the framework on a disk image.
Muhammad Shahbaz (17 Years Old) is a Young blogger, SEO Expert, & Cyber Security Expert from Pakistan
0 Comments:
Post a Comment
If you're having issues, Please leave an email address I can contact you on -
I advise you to also "subscribe to the comment feed" and get email updates when I respond to your question.
Hyperlinks are not allowed, Spam/advertising comments will NEVER BE TOLERATED and will be deleted immediately!
Thanks for reading,
Administrator Of FOCSoft