Source : http://www.sleuthkit.org/index.php
Download : http://www.qnapclub.eu/index.php?act=detail&qpkg_id=389
x64 version : http://www.qoolbox.fr/Sleuthkit_4.3.0_x86_64.qpkg.zip [ FW 4.3 ]
x86 version : http://www.qoolbox.fr/Sleuthkit_4.3.0_x86.qpkg.zip
x41 version : http://www.qoolbox.fr/Sleuthkit_4.3.0_arm-x41.qpkg.zip
Note :
Binaries are in /opt/Sleuthkit/bin
built with AFFLIB (and S3 support) and LibEWF
added package
Coreutils (Latest release)
e2fsprog (Latest release)
findutils (Latest release)
ddrescue (Latest release)
photorec (Latest release)
About :
The Sleuth Kit is an open source forensic toolkit for analyzing Microsoft and UNIX file systems and disks. The Sleuth Kit enables investigators to identify and recover evidence from images acquired during incident response or from live systems. The Sleuth Kit is open source, which allows investigators to verify the actions of the tool or customize it to specific needs.
The Sleuth Kit uses code from the file system analysis tools of The Coroner's Toolkit (TCT) by Wietse Venema and Dan Farmer. The TCT code was modified for platform independence. In addition, support was added for the NTFS (see docs/ntfs.README) and FAT (see docs/fat.README) file systems. Previously, The Sleuth Kit was called The @stake Sleuth Kit (TASK). The Sleuth Kit is now independent of any commercial or academic organizations.
It is recommended that these command line tools can be used with the Autopsy Forensic Browser. Autopsy, (http://www.sleuthkit.org/autopsy), is a graphical interface to the tools of The Sleuth Kit and automates many of the procedures and provides features such as image searching and MD5 image integrity checks.
As with any investigation tool, any results found with The Sleuth Kit should be be recreated with a second tool to verify the data.
OVERVIEW
The Sleuth Kit allows one to analyze a disk or file system image created by 'dd', or a similar application that creates a raw image. These tools are low-level and each performs a single task. When used together, they can perform a full analysis. For a more detailed description of these tools, refer to docs/filesystem.README. The tools are briefly described in a file system layered approach. Each tool name begins with a letter that is assigned to the layer.