Qnap [ SleuthKit ] [ 4.3.0 ] command line digital forensics tools that allow you to investigate volume and file system data


Représentant QNAP
2 Janvier 2014
10 579

Source : http://www.sleuthkit.org/index.php

Download : http://www.qnapclub.eu/index.php?act=detail&qpkg_id=389

x64 version : http://www.qoolbox.fr/Sleuthkit_4.3.0_x86_64.qpkg.zip [ FW 4.3 ]
x86 version : http://www.qoolbox.fr/Sleuthkit_4.3.0_x86.qpkg.zip
x41 version : http://www.qoolbox.fr/Sleuthkit_4.3.0_arm-x41.qpkg.zip

Note :

Binaries are in /opt/Sleuthkit/bin

built with AFFLIB (and S3 support) and LibEWF

added package

Coreutils (Latest release)
e2fsprog (Latest release)
findutils (Latest release)
ddrescue (Latest release)
photorec (Latest release)

About :

The Sleuth Kit is an open source forensic toolkit for analyzing Microsoft and UNIX file systems and disks. The Sleuth Kit enables investigators to identify and recover evidence from images acquired during incident response or from live systems. The Sleuth Kit is open source, which allows investigators to verify the actions of the tool or customize it to specific needs.

The Sleuth Kit uses code from the file system analysis tools of The Coroner's Toolkit (TCT) by Wietse Venema and Dan Farmer. The TCT code was modified for platform independence. In addition, support was added for the NTFS (see docs/ntfs.README) and FAT (see docs/fat.README) file systems. Previously, The Sleuth Kit was called The @stake Sleuth Kit (TASK). The Sleuth Kit is now independent of any commercial or academic organizations.

It is recommended that these command line tools can be used with the Autopsy Forensic Browser. Autopsy, (http://www.sleuthkit.org/autopsy), is a graphical interface to the tools of The Sleuth Kit and automates many of the procedures and provides features such as image searching and MD5 image integrity checks.

As with any investigation tool, any results found with The Sleuth Kit should be be recreated with a second tool to verify the data.


The Sleuth Kit allows one to analyze a disk or file system image created by 'dd', or a similar application that creates a raw image. These tools are low-level and each performs a single task. When used together, they can perform a full analysis. For a more detailed description of these tools, refer to docs/filesystem.README. The tools are briefly described in a file system layered approach. Each tool name begins with a letter that is assigned to the layer.