The sleuth kit windows — Ваш верный помощник с OS Windows

Download

Download Version 4.14.0 (Apr 15, 2025) of The Sleuth Kit®:

Source Code
Windows Binaries

Other versions and GPG signatures can be found at:

Version 4.3.0 and later: GitHub
Version 4.2.0 and earlier: Source Forge

Other info:

Current version (version 4.0) has been tested with:
- AFFLIB: 3.3.6
- libewf: libewf-20130416
Source code from github.com
My GPG Key: local copy or
MIT’s server.
Bindings in other languages.
See Developer’s Guide for details on the source code repository.

The Sleuth Kit can be used with Autopsy, which can be downloaded here.

Refer to the SleuthKitWiki for Packages and Add-ons.

Bugs

See the Support page for details on reporting bugs.

Announcements

Announcements of new releases are sent to the
sleuthkit-announce and sleuthkit-users
e-mail lists and the RSS feed .

Источник

Sleuth Kit 4.14.0

This release REVERTS many changes from 4.13.0. It is more close to 4.12.1 than it is to 4.13.0.
It was created from the Dec 3, 2024 ct-3.13.0 tag (28a838d) and has changes from the Sleuth Kit Labs team.
- Added BitLocker support (Windows only)
- Updated LibVMDK and LibVHDI
- Updated to Visual Studio 2019
- Updated logical folder caching
- Java changes listed in the 4.13.0 release
Use of the optimize pragma was added to the Java SQLite code (after the 4.13.0 release)

It does NOT have the experimental btrfs or bfs, and other changes that went into 4.13.0. Those will go into a future release (perhaps as a v5 so that there can be parallel releases).

The Sleuth Kit 4.13.0

C/C++:

Added BitLocker support (Windows only)
Updated LibVMDK and LibVHDI
Updated to Visual Studio 2019
Updated logical folder caching
Added support for btrfs (experimental) and xfs (experimental)
Implemented new unit test framework with Catch
Updated to C++17. (Update to C++20 pending a solution for compiling for Windows XP)
Other changes from @simsong, @uckelman-sf, @joachimmetz, and others.

Java:

Changed how child map was loaded at start up
Updated handling of OS Accounts in Java DB, especially for Linux
Updated PostgreSQL SSL configuration

The Sleuth Kit 4.12.1

C/C++:

Bug fixes from Luis Nassif and Joachim Metz
Added check to stop for very large folders to prevent memory exhaustion

Java:

Added File Repository concept for files to be stored in another location
Schema updated to 9.4
Fixed OS Account merge bug and now fire events when accounts are merged

The Sleuth Kit 4.12.0

There was a 1-year gap since 4.11.1 and the git log has 441 commits in that timeframe.

Many for small fixes.
This set of release notes is much more of an overview than other releases

What’s New:

LVM Support (non-Windows) from @joachimmetz
Logical File System support (a folder structure is parsed by TSK libraries) from @APriestman (Basis)

What’s Changed:

Lots of bug fixes from the Basis team and Joachim Metz
Additional fixes from @Eran-YT, @msuhanov, @uckelman , @dschoemantruter, and @sashashura
General themes of C/C++ bounds checks and Java improvements to OS Accounts, Ingest jobs, CaseDbAccessManager, and much more.

The Sleuth Kit 4.11.1

C/C++:

Several fixes from @joachimmetz
NTFS Decompression bug fix from @kastonework and @uckelman-sf

Java:

Fixed connection leak when making OS Accounts in bridge
OsAccount updates for instance types and special Windows SIDs
Fixed issue with duplicate value in Japanese timeline translation

The Sleuth Kit 4.11.0

C/C++:

Added checks at various layers to detect encrypted file systems and disks to give more useful error messages.
Added checks to detect file formats that are not supported (such as AD1, ZIP, etc.) to give more useful error messages.
Added tsk_imageinfo tool that detects if an image is supported by TSK and if it is encrypted.
Add numerous bound checks from @joachimmetz
Clarified licenses as pointed out by @joachimmetz

Java:

Updated from Schema 8.6 to 9.1.
Added tables and classes for OS Accounts and Realms (Domains).
Added tables and classes for Host Addresses (IP, MAC, etc.).
Added tables and classes for Analysis Results vs Data Artifacts by adding onto BlackboardArtifacts.
Added tables and classes for Host and Person to make it easier to group data sources.
Added static types for standard artifact types.
Added File Attribute table to allow custom information to be stored for each file.
Made ordering of getting lock and connection consistent.
Made the findFile methods more efficient by using extension (which is indexed).

The Sleuth Kit 4.10.2

C/C++

Added support for Ext4 inline data

Java

New Blackboard Artifacts for ALEAPP/ILEAPP, Yara, Geo Area, etc.
Upgraded to PostgreSQL JDBC Driver 42.2.18
Added SHA256 to files table in DB and added utility calculation methods.
Changed TimelineManager to make events for any artifact with a time stamp
Added Japanese translations
Fixed synchronization bug in getUniquePath

The Sleuth Kit 4.10.1

C/C++:

Changed Windows build to use Nuget for libewf, libvmdk, libvhdi.
Fixed compiler warnings
Clarrified licenses and added Apache license to distribution
Improved error handling for out of memory issues
Rejistry++ memory leak fixes

Java:

Localized for Japanese

NOTE: .deb file was updated because the initial one was compiled for Java11 instead of Java8. The one for Java8 has an MD5 of c3ca85a89ba19ed34f26d227384a4f11.

The Sleuth Kit 4.10.0

C/C++:

Removed PostgreSQL code (that was used only by Java code)
Added Java callback support so that database inserts are done in Java.

Java:

Added methods and callbacks as required to allow database population to happen in Java instead of C/C++.
Added support to allow Autopsy streaming ingest where files are added in batches.
Added TaggingManager class and concept of a TagSet to support ProjectVic categories.
Fixed changes to normalization and validation of emails and phone numbers.
Added a CASE/UCO JAR file that creates JSON-LD based on TSK objects.

The Sleuth Kit 4.9.0

C/C++

Removed framework project. Use Autopsy instead if you need an analysis framework.
Various fixes from Google-based fuzzing.
Ensure all reads (even big ones) are sector aligned when reading from Windows device.
Ensure all command line tools support new pool command line arguments.
Create virtual files for APFS unallocated space
HFS fix to display type

Java:

More artifact helper methods
More artifacts and attributes for drones and GPS coordinates
Updated TimelineManager to insert GPS artifacts into events table

Источник

Это приложение для Windows под названием The Sleuth Kit, последнюю версию которого можно загрузить как sleuthkit-4.1.3-win32.zip. Его можно запустить онлайн на бесплатном хостинг-провайдере OnWorks для рабочих станций.

Загрузите и запустите онлайн это приложение под названием The Sleuth Kit с OnWorks бесплатно.

Следуйте этим инструкциям, чтобы запустить это приложение:

— 1. Загрузил это приложение на свой компьютер.

— 2. Введите в нашем файловом менеджере https://www.onworks.net/myfiles.php?username=XXXXX с желаемым именем пользователя.

— 3. Загрузите это приложение в такой файловый менеджер.

— 4. Запустите любой онлайн-эмулятор OS OnWorks с этого сайта, но лучше онлайн-эмулятор Windows.

— 5. В только что запущенной ОС Windows OnWorks перейдите в наш файловый менеджер https://www.onworks.net/myfiles.php?username=XXXXX с желаемым именем пользователя.

— 6. Скачайте приложение и установите его.

— 7. Загрузите Wine из репозиториев программного обеспечения вашего дистрибутива Linux. После установки вы можете дважды щелкнуть приложение, чтобы запустить его с помощью Wine. Вы также можете попробовать PlayOnLinux, необычный интерфейс поверх Wine, который поможет вам установить популярные программы и игры для Windows.

Wine — это способ запустить программное обеспечение Windows в Linux, но без Windows. Wine — это уровень совместимости с Windows с открытым исходным кодом, который может запускать программы Windows непосредственно на любом рабочем столе Linux. По сути, Wine пытается заново реализовать Windows с нуля, чтобы можно было запускать все эти Windows-приложения, фактически не нуждаясь в Windows.

The Sleuth Kit

ОПИСАНИЕ

Sleuth Kit — это библиотека C ++ и набор инструментов судебной экспертизы файловой системы с открытым исходным кодом, которые позволяют, среди прочего, просматривать выделенные и удаленные данные из образов NTFS, FAT, FFS, EXT2, Ext3, HFS + и ISO9660.

Аудитория

Правительство, Информационные технологии

Интерфейс пользователя

Командная строка

Язык программирования

C ++, C

Среда базы данных

SQLite

Это приложение также можно загрузить с https://sourceforge.net/projects/sleuthkit/. Он размещен в OnWorks, чтобы его можно было легко запускать в сети с помощью одной из наших бесплатных операционных систем.

Скачать приложения для Windows и Linux

Приложения для Linux
Приложения для Windows

1

Настольный клиент Rocket.Chat

Клиент Rocket.Chat Desktop — это
официальное настольное приложение для Rocket.Chat,
простая, но мощная сеть с открытым исходным кодом
чат платформа. Он протестирован на macOS,
Окна …

Скачать настольный клиент Rocket.Chat
2

ОфисЭтаж

OfficeFloor обеспечивает инверсию
управление связью, с его: — зависимостью
впрыск — продолжение впрыска —
внедрение потока Для получения дополнительной информации
посетить…

Скачать OfficeFloor
3

ДивКит

DivKit — это серверный пакет с открытым исходным кодом.
Фреймворк пользовательского интерфейса (SDUI). Это позволяет вам
развертывать обновления с сервера для
разные версии приложения. Также это может быть
используется для …

Скачать DivKit
4

субконвертер

Утилита для преобразования между различными
формат подписки. Пользователи Shadowrocket
следует использовать ss, ssr или v2ray в качестве цели.
Вы можете добавить &remark= к
Telegram-любимый HT…

Скачать субконвертер
5

СВЭШ

SWASH — это числовой
инструмент для моделирования неустойчивости,
негидростатический, со свободной поверхностью,
вращательный поток и явления переноса
в прибрежных водах как …

Скачать SWASH
6

VBA-M (Архивировано — сейчас на Github)

Проект переехал в
https://github.com/visualboyadvance-m/visualboyadvance-m
Особенности:Создание читовСохранить состояниямульти
система, поддерживает gba, gbc, gb, sgb,
sgb2Т…

Скачать VBA-M (в архиве — сейчас на Github)
Больше »

Команды Linux

1

a2ps-lpr-обертка

a2ps-lpr-wrapper – lp/lpr-обертка
скрипт для GNU a2ps на Debian …

Запустить a2ps-lpr-wrapper
2

а2пс

a2ps — форматирование файлов для печати на
PostScript-принтер…

Запустить a2ps
3

набор мощности процессора

cpupower-set — Установить мощность процессора
соответствующее ядро или оборудование
конфигурации…

Запустите cpupower-set
4

мощность процессора

cpupower — показывает и устанавливает процессор
значения, связанные с мощностью…

Запустите процессор
5

collect_stx_titles

collect_stx_titles — собрать заголовок
объявления из документов Stx…

Запустите сбор_stx_titles
6

скамья гатлинга

скамейка — http бенчмарк …

Беговая скамейка Гатлинга
Больше »

Источник

(Redirected from Sleuth Kit)

The Sleuth Kit (TSK) is a library and collection of Unix- and Windows-based utilities for extracting data from disk drives and other storage so as to facilitate the forensic analysis of computer systems. It forms the foundation for Autopsy, a better known tool that is essentially a graphical user interface to the command line utilities bundled with The Sleuth Kit.^[2]^[3]

The Sleuth Kit


Original author(s)	Brian Carrier
Stable release	4.14.0^[1] / 15 April 2025; 23 days ago
Repository	github.com/sleuthkit/sleuthkit
Written in	C, Perl
Operating system	Unix-like, Windows
Type	Computer forensics
License	IPL, CPL, GPL
Website	www.sleuthkit.org/sleuthkit/

The collection is open source and protected by the GPL, the CPL and the IPL. The software is under active development and it is supported by a team of developers. The initial development was done by Brian Carrier^[4] who based it on The Coroner’s Toolkit. It is the official successor platform.^[5]

The Sleuth Kit is capable of parsing NTFS, FAT/ExFAT, UFS 1/2, Ext2, Ext3, Ext4, HFS, ISO 9660 and YAFFS2 file systems either separately or within disk images stored in raw (dd), Expert Witness or AFF formats.^[6] The Sleuth Kit can be used to examine most Microsoft Windows, most Apple Macintosh OSX, many Linux and some other UNIX computers.

The Sleuth Kit can be used via the included command line tools, or as a library embedded within a separate digital forensic tool such as Autopsy or log2timeline/plaso.

Some of the tools included in The Sleuth Kit include:

ils lists all metadata entries, such as an Inode.
blkls displays data blocks within a file system (formerly called dls).
fls lists allocated and unallocated file names within a file system.
fsstat displays file system statistical information about an image or storage medium.
ffind searches for file names that point to a specified metadata entry.
mactime creates a timeline of all files based upon their MAC times.
disk_stat (currently Linux-only) discovers the existence of a Host Protected Area.

The Sleuth Kit can be used

for use in forensics, its main purpose
for understanding what data is stored on a disk drive, even if the operating system has removed all metadata.
for recovering deleted image files ^[7]
summarizing all deleted files^[8]
search for files by name or included keyword ^[9]
for use by future historians dealing with computer storage devices

Autopsy (software) — A graphical user interface to The Sleuth Kit.
CAINE Linux − Includes The Sleuth Kit

^ «Release 4.14.0». 15 April 2025. Retrieved 1 May 2025.
^ Parasram, Shiva V. N. (2017). Digital forensics with Kali Linux: perform data acquisition, digital investigation, and threat analysis using Kali Linux tools. Birmingham, UK. ISBN 978-1-78862-957-7. OCLC 1020288734.{{cite book}}: CS1 maint: location missing publisher (link)
^ Altheide, Cory (2011). Digital forensics with open source tools: using open source platform tools for performing computer forensics on target systems: Windows, Mac, Linux, UNIX, etc. Harlan A. Carvey. Burlington, MA: Syngress. ISBN 978-1-59749-587-5. OCLC 713324784.
^ «About». www.sleuthkit.org. Brian Carrier. Retrieved 2016-08-30.
^ «The Coroner’s Toolkit (TCT)».
^ «File and Volume System Analysis». www.sleuthkit.org. Brian Carrier. Retrieved 2016-08-30.
^ «Autopsy: Lesson 1: Analyzing Deleted JPEGs». www.computersecuritystudent.com. Retrieved 2020-06-20.
^ «FS Analysis — SleuthKitWiki». wiki.sleuthkit.org. Retrieved 2020-06-20.
^ «The Sleuth Kit — analyze disk images and recover files». LinuxLinks. Retrieved 2020-06-20.

Official website

Источник

The Sleuth Kit (TSK — Forensics) :: Framework

The Sleuth Kit is a C++ library and collection of open source file
system forensics tools that allow you to, among other things, view
allocated and deleted data from NTFS, FAT, FFS, EXT2, Ext3, HFS+, and
ISO9660 images.
The Sleuth Kit® (TSK) is a library and collection of command line tools that allow you to investigate disk images. The core functionality of TSK allows you to analyze volume and file system data. The plug-in framework allows you to incorporate additional modules to analyze file contents and build automated systems. The library can be incorporated into larger digital forensics tools and the command line tools can be directly used to find evidence.

There are three different packages for each The Sleuth Kit® (TSK) release.

sleuthkit-X.X.X.tar.gz: This is the source code release of TSK core and framework that you must compile on your computer. This is most commonly used on non-windows systems.
sleuthkit-X.X.X-win32.zip: This is the compiled windows release of TSK core. This has executables and libraries that allow you to run this on windows.
sleuthkit-X.X.X-framework-win32.zip: This is the compiled windows release of the framework. It has the tsk_analyzeimg program that allows you to run the framework on a disk image.

Tutorials ::

Download ::

Windows (x86) :: Sleuthkit-4.1.2-win32.zip | Sleuthkit-4.1.2-framework-win32.zip

Linux :: Sleuthkit-4.1.2.tar.gz
Official Website :: http://www.sleuthkit.org/sleuthkit/

Источник