<!DOCTYPE html> <html lang="en"> <head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <title>The Sleuth Kit: Documents</title> <meta name='description' content='The Sleuth Kit is a C library and collection of open source command line tools for the forensic analysis of NTFS, FAT, EXT2FS, and FFS file systems'> <!-- Bootstrap CSS --> <link href="/bootstrap/css/bootstrap.min.css" rel="stylesheet"> <!-- Plugins CSS --> <!--<link href="/plugins/font-awesome/css/font-awesome.min.css" rel="stylesheet">--> <!--<link href="/plugins/owl-carousel/owl.carousel.css" rel="stylesheet"> <link href="/plugins/owl-carousel/owl.transitions.css" rel="stylesheet"> <link href="/plugins/owl-carousel/owl.theme.css" rel="stylesheet"> --> <!--<link href="/plugins/lightbox/css/lightbox.css" rel="stylesheet">--> <!-- Theme CSS --> <link href="/css/style-theme.css" rel="stylesheet"> <!-- <link href="css/style-theme.min.css" rel="stylesheet"> --> <link href="/css/style-colours.css" rel="stylesheet"> <!-- <link href="css/style-colours.min.css" rel="stylesheet"> --> <link href="/css/style-mixedcolours.css" rel="stylesheet"> <!-- <link href="css/style-mixedcolours.min.css" rel="stylesheet"> --> <!-- loader --> <link href="/css/loader.css" rel="stylesheet"> <!--<script src="/plugins/pace/pace.min.js"></script>--> <!-- Custom Theme CSS --> <link href="/css/styles.css" rel="stylesheet"> <!-- HTML5 Shim and Respond.js IE8 support of HTML5 elements and media queries --> <!-- WARNING: Respond.js doesn't work if you view the page via file:// --> <!--[if lt IE 9]> <script src="https://oss.maxcdn.com/libs/html5shiv/3.7.0/html5shiv.js"></script> <script src="https://oss.maxcdn.com/libs/respond.js/1.4.2/respond.min.js"></script> <![endif]--> </head> <body class="background-light twlsky-orange isolated-sections"> <!-- Page Outer Container --> <div class="outer-container clearfix"> <!-- =========== Header =========== --> <header class="clearfix"> <!--<div class="logo"> <a href="index.html"><img src="images/design/logo.png" alt="TWILLI Sky" id="logo_dark"></a> </div>--><!-- .logo --> <div id="main-menu-container" class="clearfix"> <div id="mobile-menu-icon" class="btn btn-outline-inverse visible-xs"><span class="glyphicon glyphicon-th"></span></div> <ul id="main-menu"> <!-- Home --> <li class="menu-item"> <a href="/index.php">Home</a> </li> <!-- Autopsy --> <li class="menu-item"><a href="/autopsy/">Autopsy</a> <ul class="sub-menu"> <li class="menu-item"><a href="/autopsy/features.php">Features</a></li><li class="menu-item"><a href="/autopsy/download.php">Download</a></li><li class="menu-item"><a href="http://www.autopsy.com/training" target="_blank">Training</a></li><li class="menu-item"><a href="/autopsy/docs.php">Documents</a></li><li class="menu-item"><a href="/autopsy/history.php">History</a></li><li class="menu-item"><a href="/autopsy/licenses.php">Licenses</a></li> </ul> </li> <!-- Sleuth Kit Menu --> <li class="menu-item current-menu-ancestor"><a href="/sleuthkit/">The Sleuth Kit</a> <ul class="sub-menu"> <li class="menu-item"><a href="/sleuthkit/desc.php">File Systems</a></li><li class="menu-item"><a href="/sleuthkit/download.php">Download</a></li><li class="menu-item current-menu-ancestor"><a href="/sleuthkit/docs.php">Documents</a></li><li class="menu-item"><a href="/sleuthkit/history.php">History</a></li><li class="menu-item"><a href="/sleuthkit/licenses.php">Licenses</a></li> </ul> </li> <li class="menu-item"> <a href="/proj.php">Other Projects</a> <ul class="sub-menu"> <li class="menu-item"><a href="/tsk_hadoop/index.php">Hadoop</a></li><li class="menu-item"><a href="/mac-robber/index.php">mac-robber</a></li> </ul> </li> <li class="menu-item"> <a href="/support.php">Support</a> <ul class="sub-menu"> <li class="menu-item"><a href="http://www.autopsy.com/category/blog/">Blog (www.autopsy.com)</a></li> <li class="menu-item"><a href="http://forum.sleuthkit.org/">Forum (forum.sleuthkit.org)</a></li> <!--<li class="menu-item"><a href="http://X">E-mail</a></li>--> </ul> </li> <li class="menu-item"> <a href="/about.php">About</a></li> </ul><!-- #main-menu --> </div><!-- #menu-container --> </header> <!-- =========== Page Body Inside Content =========== --> <div class="inside-body-content-container clearfix"> <!-- End: Header --> <!-- =========== Section 1 =========== --> <div class="container-fluid horizontal-section-container clearfix"> <div class="row"> <div class="col-sm-12"> <div id="home-intro-paragraph" class="section-container featured-text clearfix"> <p>The Sleuth Kit can be used in two ways. The C library can be incorporated into larger digital forensic tools and the command line tools can be used directly by a user. </p> <h2>Tools</h2> <p>This section can help you find information on using the command line tools that come with TSK. Tool documents can be broken into two categories: those that come with the tools and those that are on the Wiki. Here are some useful starting points on the Wiki: </p> <ul> <li><a href="http://wiki.sleuthkit.org/index.php?title=Help_Documents">Help Documents</a> </li> <li><a href="http://wiki.sleuthkit.org/index.php?title=Books_and_Courses_on_TSK">Books and Courses on TSK</a> </li> </ul> <p>You can also subscribe to the <a HREF="http://lists.sourceforge.net/lists/listinfo/sleuthkit-users">Sleuth Kit Users</a> e-mail list, which is a forum for discussing the tools. </p> <p>The remainder of this page contains links to the documents that come with TSK. You can access the man pages from the Wiki. </p> <h3>Reference Documents</h3> <UL> <LI><A HREF="./docs/ref_fs.txt"> File System Analysis Techniques</A></LI> <LI><A HREF="./docs/ref_timeline.txt"> File Activity Timelines</A></LI> </UL> <p> For a general file system reference, check out my <a href="http://www.digital-evidence.org/fsfa/">File System Forensic Analysis</a> book. </p> <h3>Sleuth Kit Implementation Notes (SKINs)</h3> <UL> <LI><A HREF="./docs/skins_fat.txt"> FAT File System</A></LI> <LI><A HREF="./docs/skins_ntfs.txt"> NTFS File System</A></LI> </UL> <h2>C Library</h2> <p>The wiki contains information on how to use the library:</p> <ul> <li><a href="http://www.sleuthkit.org/sleuthkit/docs/api-docs/latest/">Library User's Guide</a></li> <li><a href="http://wiki.sleuthkit.org/index.php?title=Developer%27s_Guide">Developer's Guide</a> </li> </ul> </div><!-- .section-container --> <!-- End: Website Intro Paragraph --> </div><!-- --> </div><!-- .row --> </div><!-- .container-flu <!-- begin footer --> </div><!-- .inside-body-content-container --> <!-- End: Page Body Inside Content --> </div><!-- .outer-container --> <!-- End: Page Outer Container --> <!-- Beneath Footer --> <div id="beneath-footer" class="center-container clearfix"> <!-- left --> <div class="col-sm-6 beneath-footer-left"> <div class="text"> &copy; 2003-2023 Brian Carrier </div> </div> <!-- right --> <!-- <div class="col-sm-6 beneath-footer-right"> <ul class="social-media-icons clearfix"> <li><a href="#" target="_blank" title="Twitter"><i class="fa fa-twitter"></i></a></li> </ul> </div> --> </div><!-- #beneath-footer --> <!-- go to top --> <div id="go-to-top" onclick="scroll_to_top(this.event);" title="Go to top"><span class="glyphicon glyphicon-chevron-up"></span></div> <!-- Jquery and Bootstrap JS --> <!-- <script src="https://ajax.googleapis.com/ajax/libs/jquery/1.11.1/jquery.min.js"></script> --> <script src="/js/jquery.min.js"></script> <script src="/bootstrap/js/bootstrap.min.js"></script> <!-- Easing - for transitions and effects --> <script src="/js/jquery.easing.1.3.js"></script> <!-- Plugins --> <script src="/js/detectmobilebrowser.js"></script> <!--<script src="/plugins/owl-carousel/owl.carousel.min.js"></script> - <script src="/plugins/lightbox/js/lightbox.min.js"></script> <script src="/plugins/masonry/masonry.pkgd.min.js"></script> --> <!-- Custom functions for this theme --> <script src="/js/functions.js"></script> <!-- <script src="js/functions-min.js"></script> --> <script src="/js/initialise-functions.js"></script> </body> </html>