The Sleuth Kit
๐ฌ Digital Forensics ยท C
The Sleuth Kit is a comprehensive collection of command-line tools used for forensic analysis of disk images and file systems. It enables investigators to extract and analyze data from various file system types, including FAT, NTFS, and EXT. The tools can recover deleted files, extract metadata, and perform timeline analysis, providing crucial insights during digital investigations. Its open-source nature and compatibility with Autopsy, a graphical frontend, make it a staple in digital forensics.
Tags
Details
- Category
- ๐ฌ Digital Forensics
- Language
- C
- Repository
- sleuthkit/sleuthkit
- Platforms
- ๐งlinux๐macos๐ชwindows
Links
Alternatives & Comparisons
More in Digital Forensics
Volatility 3
PythonAdvanced memory forensics framework. Extracts artifacts from RAM dumps - processes, network connections, registry.
Autopsy
JavaDigital forensics platform with GUI. Disk image analysis, timeline analysis, keyword search, hash filtering.
Ghidra
JavaNSA's reverse engineering framework. Disassembly, decompilation, graphing, and scripting for binary analysis.
Binwalk
PythonFirmware analysis tool. Searches binary images for embedded files, executables, and file systems.
YARA
CPattern matching swiss knife for malware researchers. Create rules to identify and classify malware samples.
Velociraptor
GoEndpoint visibility and collection tool. Hunt for artifacts across thousands of endpoints simultaneously.