Sleuthkit

Jul 20, 2023

Tools and library for filesystem forensic analysis

The Sleuth Kit TSK is a library and collection of command line tools that allow you to investigate volume and file system data. The library can be incorporated into larger digital forensics tools and the command line tools can be directly used to find evidence.

The media management tools allow you to examine the layout of disks and other media. The Sleuth Kit supports DOS partitions, BSD partitions disk labels, Mac partitions, Sun slices Volume Table of Contents, and GPT disks. With these tools, you can identify where partitions are located and extract them so that they can be analyzed with file system analysis tools.



Checkout these related ports:
  • Zxfer - Easily and reliably transfer ZFS filesystems
  • Ztop - Display ZFS dataset I/O in real time
  • Zsm - ZFS Snapshot Manager
  • Zsd - Destroys ZFS snapshots
  • Zrepl - ZFS dataset replication tool
  • Zrep - ZFS based replication and failover solution
  • Zpool-iostat-viz - ZFS pool I/O latency statistics
  • Zoxide - Fast cd alternative that learns your habits
  • Zogftw - Creates redundant backups on encrypted ZFS pools
  • Znapzend - ZFS-centric backup tool
  • Zisofs-tools - User utilities for zisofs
  • Zidrav - File corruption detection and repair program
  • Zfstools - OpenSolaris-compatible auto snapshotting for ZFS
  • Zfsnap2 - Portable performant script to make rolling ZFS snapshots easy
  • Zfsnap - Simple sh script to make zfs rolling snaphosts with cron