The Sleuth Kit (TSK) & Autopsy: Open Source Digital Investigation Tools

sleuthkit.org is the official web site for The Sleuth Kit and Autopsy Browser. Both are open source digital investigation tools (a.k.a. digital forensic tools) that run on Windows and Unix systems (such as Linux, OS X, Cygwin, FreeBSD, OpenBSD, and Solaris). They can be used to analyze NTFS, FAT, HFS+, Ext2, Ext3, UFS1, and UFS2 file systems and several volume system types.

The Sleuth Kit (TSK) is a C library and a collection of command line tools. Autopsy is a graphical interface to TSK. TSK can be integrated into automated forensics systems in many ways, including as a C library and by using the SQLite database that it can can create. The Sleuth Kit Hadoop Framework is a framework that incorporates TSK into cloud computing for large scale data analysis.

Recent Updates

Jan 15, 2012: Added links to the Sleuth Kit Hadoop Framework project and its documentation and code. The framework allows TSK to be used with cloud computing infrastructures.
Nov 14, 2011: The second beta release of Autopsy (version 3.0.0b2) was released. It doesn't add many new visible features (except hash database support), but it has an entirely new database backend to it. See the Autopsy page for more details.
Oct 12, 2011: Upated a few pages to reflect that the TSK code is now hosted on github.
Oct 7, 2011: TSK 3.2.3 was released. It fixes some minor bugs and has minor new features.

(Merchandise!)


	Copyright © 2003-2012 by Brian Carrier	http://www.sleuthkit.org