diff options
Diffstat (limited to 'system/sleuthkit/README')
| -rw-r--r-- | system/sleuthkit/README | 18 |
1 files changed, 11 insertions, 7 deletions
diff --git a/system/sleuthkit/README b/system/sleuthkit/README index 0d3bcb40ce..f64c370f72 100644 --- a/system/sleuthkit/README +++ b/system/sleuthkit/README @@ -1,8 +1,12 @@ -The Sleuth Kit is an open source forensic toolkit for analyzing -Microsoft and UNIX file systems and disks. The Sleuth Kit enables -investigators to identify and recover evidence from images -acquired during incident response or from live systems. The -Sleuth Kit is open source, which allows investigators to verify -the actions of the tool or customize it to specific needs. +The Sleuth Kit (TSK) is a library and collection of command line +tools that allow you to investigate disk images. The core +functionality of TSK allows you to analyze volume and file system +data. The plug-in framework allows you to incorporate additional +modules to analyze file contents and build automated systems. The +library can be incorporated into larger digital forensics tools and +the command line tools can be directly used to find evidence. -Sleuthkit can use libewf and afflib. + +Sleuthkit can optionally use libewf (for Expert Witness files) +and afflib (for Advanced Forensic Format files). Both are available +in SBo. |