The Sleuth Kit and Autopsy
From Just Solve the File Format Problem
(Difference between revisions)
(Created page with "[http://www.sleuthkit.org/sleuthkit/ The Sleuth Kit] (TSK) is a C library and a set of command line tools for forensic analysis of filesystems and disk images. [http://www.sle...") |
(Fix/update links. Added references to supported file system image formats for easier tracking, and streamlined these. Streamlined Supported file systems. Added Links section.) |
||
| (3 intermediate revisions by 2 users not shown) | |||
| Line 1: | Line 1: | ||
| − | [ | + | {| |
| + | |[[Software]] | ||
| + | | > | ||
| + | |[[File rendering/interaction software]] | ||
| + | | > | ||
| + | |[[The Sleuth Kit and Autopsy]] | ||
| + | |} | ||
| + | |||
| + | [https://www.sleuthkit.org/sleuthkit/ The Sleuth Kit] (TSK) is a C library and a set of command line tools for forensic analysis of filesystems and disk images. [https://www.sleuthkit.org/autopsy/ Autopsy] is a graphical front end for TSK and provides some additional features on top of it, including extracting and searching the text contents from multiple file formats over an entire image. | ||
Supported disk and file system image formats | Supported disk and file system image formats | ||
| − | * raw (i.e. dd) | + | * raw disk image (i.e. dd) |
| − | * Expert Witness (i.e. EnCase) | + | * [[Expert Witness]] (i.e. EnCase)<ref>[http://wiki.sleuthkit.org/index.php?title=Reference_Documents Reference documents - SleuthKitWiki]</ref> |
| − | * AFF | + | * [[Advanced Forensics Format]] (AFF)<ref>[http://wiki.sleuthkit.org/index.php?title=Reference_Documents Reference documents - SleuthKitWiki]</ref> |
Supported file systems: | Supported file systems: | ||
| − | * [[ | + | * [[ext2]], [[ext3]], [[ext4]] (Traditional [[Linux]] File System) |
| − | + | * [[FAT]], [[ExFAT]] (File Allocation Table, Extended File Allocation Table) | |
| − | + | * [[HFS]] (Apple ''variant'' File System) | |
| − | + | ||
| − | * [[ | + | |
| − | + | ||
| − | * [[HFS]] | + | |
* [[ISO 9660]] / CDFS (Compact Disc File System) | * [[ISO 9660]] / CDFS (Compact Disc File System) | ||
| + | * [[NTFS]] ([[Microsoft Windows]](NT) File System) | ||
| + | * [[UFS]], [[UFS2]] (Unix File System) | ||
| + | * [[YAFFS]] (Yet Another Flash File System) | ||
| + | |||
| + | == Links == | ||
| + | * [https://www.sleuthkit.org/sleuthkit/ Main website] | ||
| + | * [http://wiki.sleuthkit.org/index.php?title=The_Sleuth_Kit The Sleuth Kit - SleuthKitWiki] | ||
| + | |||
| + | == References == | ||
| + | <references/> | ||
| + | |||
| + | {{DEFAULTSORT:Sleuth Kit and Autopsy, The}} | ||
| + | [[Category:Software]] | ||
| + | [[Category:Forensics and Law Enforcement]] | ||
Latest revision as of 02:50, 16 August 2025
| Software | > | File rendering/interaction software | > | The Sleuth Kit and Autopsy |
The Sleuth Kit (TSK) is a C library and a set of command line tools for forensic analysis of filesystems and disk images. Autopsy is a graphical front end for TSK and provides some additional features on top of it, including extracting and searching the text contents from multiple file formats over an entire image.
Supported disk and file system image formats
- raw disk image (i.e. dd)
- Expert Witness (i.e. EnCase)[1]
- Advanced Forensics Format (AFF)[2]
Supported file systems:
- ext2, ext3, ext4 (Traditional Linux File System)
- FAT, ExFAT (File Allocation Table, Extended File Allocation Table)
- HFS (Apple variant File System)
- ISO 9660 / CDFS (Compact Disc File System)
- NTFS (Microsoft Windows(NT) File System)
- UFS, UFS2 (Unix File System)
- YAFFS (Yet Another Flash File System)
