• Home
  • Autopsy
    • Features
    • Download
    • Training
    • Documents
    • History
    • Licenses
  • The Sleuth Kit
    • File Systems
    • Download
    • Documents
    • History
    • Licenses
  • Other Projects
    • Hadoop
    • mac-robber
  • Support
    • Blog (www.autopsy.com)
    • Forum (forum.sleuthkit.org)
  • About

The Sleuth Kit can be used in two ways. The C library can be incorporated into larger digital forensic tools and the command line tools can be used directly by a user.

Tools

This section can help you find information on using the command line tools that come with TSK. Tool documents can be broken into two categories: those that come with the tools and those that are on the Wiki. Here are some useful starting points on the Wiki:

  • Help Documents
  • Books and Courses on TSK

You can also subscribe to the Sleuth Kit Users e-mail list, which is a forum for discussing the tools.

The remainder of this page contains links to the documents that come with TSK. You can access the man pages from the Wiki.

Reference Documents

  • File System Analysis Techniques
  • File Activity Timelines

For a general file system reference, check out my File System Forensic Analysis book.

Sleuth Kit Implementation Notes (SKINs)

  • FAT File System
  • NTFS File System

C Library

The wiki contains information on how to use the library:

  • Library User's Guide
  • Developer's Guide
© 2003-2023 Brian Carrier