The Sleuth Kit

WHAT IS THE SLEUTH KIT?

Single API

The core functionality of The Sleuth Kit allows you to analyze volume and file system data. The library can be incorporated into larger digital forensics tools and the command line tools can be directly used to find evidence. TSK allows Cyber Triage to access locked files, does not modify timestamps, and allows it to see files hidden by attackers. 

INTEGRATION ACTIONS:

Allows Cyber Triage to access file systems via The Sleuth Kit

WHOM IS IT BUILT FOR?

Internal IR Teams

WHY IS IT USEFUL?

Allows Cyber Triage to access files directly instead of through Windows APIs which may be hijacked by rootkits. The integration also allows Cyber Triage to access files that are normally locked using standard methods of file access.

WHERE IS IT USED?

Cyber Triage’s agentless collection tool uses The Sleuth Kit to analyze disk images and recover files from them. It is used behind the scenes in Autopsy and many other open-source and commercial forensics tools.

WHAT IS THE REQUIRED CYBER TRIAGE VERSION?

Lite, Standard, and Team

ADDITIONAL LINKS:

 https://github.com/sleuthkit/sleuthkit 

https://twitter.com/intent/follow?original_referer=https%3A%2F%2Fwww.sleuthkit.org%2F&ref_src=twsrc%5Etfw&region=follow_link&screen_name=sleuthkit&tw_p=followbutton 

*For more information about this integration contact our sales team:  Sales@cybertriage.com.

Visit site