The sysutils/sleuthkit port

sleuthkit-4.10.1 – forensic toolkit based on TCT (cvsweb github mirror)


The Sleuth Kit (previously known as TASK) is the only open  
source forensic toolkit for a complete analysis of Microsoft
and UNIX file systems.
It enables investigators to identify and recover evidence from 
images acquired during incident response or from live systems.

Some of its features :

* Analyzes images generated by the open source 'dd' utility,
  found on all UNIX systems and available for Windows systems.
* Supports the NTFS, FAT, FFS, and EXT2FS file systems. Images
  of a different endian ordering than the analysis system can
  be used.
* The tools are organized in a layered approach, where the names
  in each layer start with the same letter to help the user identify
  the function of the tool. The layers include File System, File
  Name (directory entries and NTFS index trees), Meta-Data (UNIX
  inodes and NTFS MFT entries), and Content (blocks and clusters).
* Identifies deleted files by name and location.
* Identifies the status of content units (blocks and clusters)
  and meta-data structures.
* Maps the relationship of objects across different layers.
WWW: https://www.sleuthkit.org/


Remi Pointel

Only for arches

aarch64 alpha amd64 arm hppa i386 mips64 mips64el powerpc powerpc64 riscv64 sparc64


security sysutils

Library dependencies

Build dependencies

Run dependencies