The Sleuth Kit

Open Source Disk Forensics Tool

What is The Sleuth Kit?

The core functionality of The Sleuth Kit allows you to analyze volume and file system data. The library can be incorporated into larger digital forensics tools and the command line tools can be directly used to find evidence. TSK allows Cyber Triage to access locked files without modifying timestamps and allows it to see files hidden by attackers.

Integration actions

Allows Cyber Triage to access file systems via The Sleuth Kit.

Whom is it built for?

Internal IR Teams.

Why is it useful?

Allows Cyber Triage to access files directly instead of through Windows APIs which may be hijacked by rootkits. The integration also allows Cyber Triage to access files that are normally locked using standard methods of file access.

Where is it used?

Cyber Triage’s agentless collection tool uses The Sleuth Kit to analyze disk images and recover files from them. It is used behind the scenes in Autopsy and many other open-source and commercial forensics tools.

What is the required Cyber Triage version?

Lite, Standard, and Team.

Additional links

*For more information about this integration contact our sales team: sales@cybertriage.com.

Visit Site