sleuthkit

The Sleuth Kit® (TSK) is a library and collection of command line digital forensics tools that allow you to investigate volume and file system data. The library can be incorporated into larger digital forensics tools and the command line tools can be directly used to find evidence.

An efficient tool for search files, directories, and alternate data streams directly from NTFS image files.

Forensic Analysis Tool for Btrfs File System.

An efficient tool for extracting files, directories, and alternate data streams directly from NTFS image files.

A series of Linux and Windows based Forensics labs. Tools used include: FTK, EnCase, Sleuthkit, Autopsy, Volatility, etc.

Collection of popular DFIR tools in a lightweight and fast docker image

NBTempoW V. 2.1 is a forensic tool for making timelines from block devices image files (raw, ewf,physicaldrive, etc.). It uses TSK (The Sleuthkit) and it has been developed with Lazarus V. 1.6.2 ( Delphi compatible cross-platform IDE for Rapid Application Development). It runs only in Windows. If the device image file is splitted, you can select just the first chunk.

Python tool to extract File slacks from disk images.

Forensic Inode Analysis

🕵️‍♂️ Unlock the story hidden in data - Your digital investigation partner. TheSleuthKit (TSK) Python Wrapper.

A Bash script that utilizes The Sleuth Kit to recover directories in their entirety

Recover normal and deleted files from a partition

Linux command line thumbstick file recovery script using SleuthKit

Solutions to some assignments of the Digital Forensics course that I took during my master's degree at UNIGE (University of Genova).

Automatic Github Workflows packager for autopsy

An interactive shell for The Sleuth Kit's fls tool.

This repository is a mirror of https://gitlab.com/sequence/connectors/tsk