The Sleuth Kit (TSK) & Autopsy: Open Source Digital Investigation Tools

Autopsy™ and The Sleuth Kit™ are open source digital investigation tools (a.k.a. digital forensic tools) that run on Windows, Linux, OS X, and other Unix systems. They can be used to analyze disk images and perform in-depth analysis of file systems (such as NTFS, FAT, HFS+, Ext3, and UFS) and several volume system types.

Examiners and analysts can use the Autopsy graphical interface or The Sleuth Kit (TSK) command line tools to conduct an investigation.

Developers can write modules to extend the functionality of both Autopsy and TSK. Refer to the Autopsy Developer's Guide or the TSK Framework Module Writer's Guide for details on how to incorporate your tools into TSK and Autopsy.

If you need a custom, automated solution, then you can build one using the TSK libraries or the framework. We have also done research on using Hadoop to analyze disk images using cloud computing infrastructures.

If you would like a custom solution built for you, contact Basis Technology for more information.

Recent Updates

Jun 17, 2013: The Sleuth Kit™ 4.1.0 is now available! Core now has YAFFS2 and Ext4 support. Framework now builds on Linux/OS X.
May 29, 2013: We have a new Autopsy logo. Stop by our booth at TechnoSecurity to get stickers.
May 29, 2013: We're using the Basis Technology Blog for Autopsy / TSK blog postings. Check out the recent posting on the new timeline feature.
Apr 9, 2013: The CFP for the 4th Annual Open Source Forensics Conference is up. Submissions are due by May 1. We've got a bigger space this year, so we won't have to close registration early!
Mar 28, 2013: Autopsy™ 3.0.5 was released. It has new features (timeline beta, open ZIP files), improvements, and bug fixes.

Follow @sleuthkit

(Merchandise!)


	Copyright © 2003-2013 by Brian Carrier	http://www.sleuthkit.org