Extensible Open Source Investigations
Sleuth Kit LABS makes both closed and open source tools. This site has our open source tools.
Our automated incident response tool can be found at CyberTriage.com.
Our Open Source Tools
Two complementary tools covering GUI-based investigations and command-line forensic analysis.
Autopsy®
An easy-to-use, GUI-based program for efficiently analyzing hard drives and smartphones. Features a plug-in architecture for add-on modules or custom development in Java or Python.
Learn More Download (autopsy.com)
The Sleuth Kit®
A collection of command-line tools and a C library for analyzing disk images and recovering files. Powers Autopsy and many other open source and commercial forensics tools.
Learn More DownloadCommunity & Support
Trusted by Thousands Worldwide
These tools are used by thousands of investigators and analysts around the globe. Community-based e-mail lists and forums are available for support. Commercial training, support, and custom development is available from Sleuth Kit Labs.
Releases
Latest News
Fixes Excel bug — reverts TSK version.
Reverts to be more close to 4.12.1.
BitLocker and side-by-side Cyber Triage.
BitLocker and experimental XFS and BtrFS.
Automated Closed Source Tools
Cyber Triage®
Sleuth Kit Labs also builds automated investigation tools. Cyber Triage automatically scores intrusion-related data to help you quickly identify evidence. It has its own advanced remote collection tool and imports EDR telemetry and disk images. It allows even Jr analysts to quickly identify lateral movement, remote access, and malware.
Learn More Download