About

sleuthkit.org is the official website for The Sleuth Kit®, Autopsy®, and other open source digital investigation tools. From here, you can find documents, case studies, and download the latest versions of the software.

These tools have the following goals:

  • Provide as much information as possible. These tools require the user to know what data can be ignored for a given case, but the data are there in case it is needed.
  • Open. Everything is an an open format so that users can verify it, learn from it, and not be constrained by it.
  • Education.

Mission

To create the leading open source file and volume system forensic analysis tools that run on all major platforms and allow access to common data types in methods that support standard analysis techniques.

History

The Sleuth Kit was previously developed with assistance from @stake and was called The @stake Sleuth Kit (TASK). TASK was based on The Coroner's Toolkit (TCT) and TCTUTILs and it added support for FAT and NTFS file systems.

Autopsy was originally developed as a graphical interface to TCT and TCTUTILs in March 2001. It has been constantly updated to reflect the advancements in The Sleuth Kit. Version 3 was a complete rewrite and largely funded by Basis Technology.

Development

Brian Carrier has developed most of the code in The Sleuth Kit, Autopsy 1 and 2, mac-robber, and TCTUTILs. Basis Technology has been building Autopsy 3. Dan Farmer and Wietse Venema developed The Coroner's Toolkit, from which these tools were based on. Credit for all patches and debugging help from users are noted in the CHANGES file in each distribution.

Samir Kapuria helped with the new interface design of Autopsy 1.70.

Support

The following companies have supported the development of The Sleuth Kit.