Books

There are many books in the Links section that contain examples of using The Sleuth Kit. In particular, I wrote two chapters in Know Your Enemy 2nd Edition about using Autopsy and TSK. All sales proceeds of the book go to The Honeynet Project (which is a volunteer and non-profit group that I am a member of).

Reference Documents

(The following are also available in The Sleuth Kit installation file)

• File System Analysis Techniques
• File Activity Timelines

For a general file system reference, check out my File System Forensic Analysis book.

Sleuth Kit Implementation Notes (SKINs)

(The following are also available in The Sleuth Kit installation file)

• FAT File System
• NTFS File System

Other

• Sleuth Kit Informer
• Running Sleuthkit and Autopsy Under Windows (local copy) by Charles Lucas
• API Docs (for using the TSK library to develop other programs)