Repository navigation
sleuthkit
- Website
- Wikipedia
The Sleuth Kit® (TSK) is a library and collection of command line digital forensics tools that allow you to investigate volume and file system data. The library can be incorporated into larger digital forensics tools and the command line tools can be directly used to find evidence.
Forensic Analysis Tool for Btrfs File System.
A series of Linux and Windows based Forensics labs. Tools used include: FTK, EnCase, Sleuthkit, Autopsy, Volatility, etc.
Collection of popular DFIR tools in a lightweight and fast docker image
NBTempoW V. 2.1 is a forensic tool for making timelines from block devices image files (raw, ewf,physicaldrive, etc.). It uses TSK (The Sleuthkit) and it has been developed with Lazarus V. 1.6.2 ( Delphi compatible cross-platform IDE for Rapid Application Development). It runs only in Windows. If the device image file is splitted, you can select just the first chunk.
Python tool to extract File slacks from disk images.
🕵️♂️ Unlock the story hidden in data - Your digital investigation partner. TheSleuthKit (TSK) Python Wrapper.
Recover normal and deleted files from a partition
A Bash script that utilizes The Sleuth Kit to recover directories in their entirety
Solutions to some assignments of the Digital Forensics course that I took during my master's degree at UNIGE (University of Genova).
An interactive shell for The Sleuth Kit's fls tool.
A collection of digital forensics lab reports covering Linux artifact recovery, shell history analysis, bash script forensics, and incident reconstruction using tools like SleuthKit, Auditd, and command-line utilities.
This repository is a mirror of https://gitlab.com/sequence/connectors/tsk
This repository offers practical labs in digital forensics, covering techniques for Linux, Windows, mobile, and network environments. Explore hands-on exercises like timeline reconstruction and memory analysis to enhance your investigative skills. 🖥️🔍