The Sleuth Kit® are
open source digital investigation tools (a.k.a. digital
forensic tools) that run on Windows, Linux, OS X, and other Unix
systems. They can be used to analyze disk images and perform
in-depth analysis of file systems (such as NTFS, FAT, HFS+, Ext3,
and UFS) and several volume system types.
Examiners and analysts can use the Autopsy graphical interface or The Sleuth Kit (TSK) command line tools to conduct an investigation. Join the sleuthkit-users list to ask questions and help others.
Developers can write modules to extend the functionality of both Autopsy and TSK. Refer to the Autopsy Developer's Guide or the TSK Framework Module Writer's Guide for details on how to incorporate your tools into TSK and Autopsy.
If you need a custom, automated solution, then you can build one
using the TSK libraries or the framework. We have also done
research on using Hadoop to analyze
disk images using cloud computing infrastructures.
If you would like a custom solution built for you, contact Basis
Technology for more information.
- July 14, 2014: Autopsy 3.1.0 beta 1 was released. It has many new features, but also some known issues dealing with UI responsiveness that we are working on before a final release.
- Apr 10, 2014: Autopsy 3.0.10 was released with a fixed installer. No other features.
- Feb 3, 2014: Autopsy 3.0.9 was released with new features and bug fixes.
- Jan 26, 2014: The Sleuth Kit 4.1.3 is now available with minor bug fixes and enhancements.
- Oct 16, 2013: Autopsy 3.0.8 was released with an installer fix that prevented Keyword Search from working on some systems. No new other functionality.
- Sep 25, 2013: Autopsy 3.0.7 was released. New features include multi-select, 64-bit Windows, RegRipper output, and new Metadata content viewer.
- Sep 25, 2013: The Sleuth Kit 4.1.2 is now available that now compiles on Linux.
- July 23, 2013: Basis Technology has engineering openings (Mid-level, Principal, and UI) to work on writing TSK and Autopsy.
Recent sleuthkit-users Posts
Join the List