Digital Forensics with The Sleuth Kit
Beginner Introduction to The Sleuth Kit (command line)
About The Sleuth Kit
The Sleuth Kit is a collection of command line tools and a C library that allows you to analyze disk images and recover files from them. It is used behind the scenes in Autopsy and many other open source and commercial forensics tools.
The toolkit is used by analysts to analyze file systems and images, including NTFS, FAT, ext2/3, HFS+, and ISO 9660. It can be used to recover deleted data, recover lost partitions, and perform in-depth analysis of the file systems and images.
Because it offers a strong and adaptable platform for evaluating digital data, the Sleuth Kit is useful for DFIR engagements because it can assist forensic analyst in identifying the root cause of an incident and acquiring evidence for use in court cases.
