The Sleuth Kit (TSK) & Autopsy: Open Source Digital Investigation Tools

Autopsy™ and The Sleuth Kit™ are open source digital investigation tools (a.k.a. digital forensic tools) that run on Windows, Linux, OS X, and other Unix systems. They can be used to analyze disk images and perform in-depth analysis of file systems (such as NTFS, FAT, HFS+, Ext3, and UFS) and several volume system types.

Examiners and analysts can use the Autopsy graphical interface or The Sleuth Kit (TSK) command line tools to conduct an investigation.

Developers can write modules to extend the functionality of both Autopsy and TSK. Refer to the Autopsy Developer's Guide or the TSK Framework Module Writer's Guide for details on how to incorporate your tools into TSK and Autopsy.

If you need a custom, automated solution, then you can build one using the TSK libraries or the framework. We have also done research on using Hadoop to analyze disk images using cloud computing infrastructures.

If you would like a custom solution built for you, contact Basis Technology for more information.

Recent Updates

Apr 9, 2013: The CFP for the 4th Annual Open Source Forensics Conference is up. Submissions are due by May 1. We've got a bigger space this year, so we won't have to close registration early!
Mar 28, 2013: Autopsy™ 3.0.5 was released. It has new features (timeline beta, open ZIP files), improvements, and bug fixes.
Feb 4, 2013: The Sleuth Kit™ 4.0.2 is now available! It has bug fixes and some new minor features.
Jan 23, 2013: Autopsy™ 3.0.4 was released. It has new features (tags, error reporting) and bug fixes (DLL dependencies, NTFS file system, out of memory, Exif, Office Documents in keyword search).

Follow @sleuthkit

(Merchandise!)


	Copyright © 2003-2013 by Brian Carrier	http://www.sleuthkit.org