The Sleuth Kit - Digital Forensic Tool
The Sleuth Kit is a digital forensics library and a collection of command line tools that allows you to analyze disk images and recover files from them. This tool also allows you to add additional modules to analyze file contents and build automated systems.
The tools in this kit allow you to examine the file systems of a suspect computer in a non-intrusive fashion. Yes, it is possible, because these tools do not rely on the operating system.
The Sleuth Kit supports DOS partitions, BSD partitions, Mac partitions, Sun slices (Volume Table of Contents), and GPT disks.
- Analyzes raw, Expert Witness (i.e. EnCase) and AFF file system and disk images.
- Supports the NTFS, FAT, ExFAT, UFS 1, UFS 2, EXT2FS, EXT3FS, Ext4, HFS, ISO 9660, and YAFFS2 file systems.
- Tools can be run on a live Windows or UNIX system during Incident Response.
- Shows files that have been "hidden" by rootkits.
For more information, please visit http://www.sleuthkit.org/sleuthkit/docs.php