Linux SleuthKit

el33t · Oct 21, 2005

This kinda tools really amazes me lol

The Sleuth Kit (previously known as TASK) is a collection of UNIX-based command line file and volume system forensic analysis tools. The file system tools allow you to examine file systems of a suspect computer in a non-intrusive fashion. Because the tools do not rely on the operating system to process the file systems, deleted and hidden content is shown.

The volume system (media management) tools allow you to examine the layout of disks and other media. The Sleuth Kit supports DOS partitions, BSD partitions (disk labels), Mac partitions, Sun slices (Volume Table of Contents), and GPT disks. With these tools, you can identify where partitions are located and extract them so that they can be analyzed with file system analysis tools.

Download: http://www.sleuthkit.org/sleuthkit/download.php

---------
PENGUIN Sleuth Kit Bootable CD

This CD is geared towards the live previewing of computer systems out in the field. Included several forensic, security auditing and sys admin tools.

Download: http://www.linux-forensics.com/downloads.html

Regards.

KingKrool · Oct 21, 2005

Basically they use their own filesystem driver.... not revolutionary, every data recovery s/w does that, so why did you make that bold..

The question is (if u have used it u can answer), what other info does it provide?

el33t · Oct 22, 2005

I was just wondering who wrote the first "revolutionary" guide on Kernel compiling, by any chance was it you KK

I doubt what google has to say with his thousands of search results for it

Regards.

KingKrool · Oct 22, 2005

revolutionary? My guide?? I am laughing as much as you on that one...

I just don't understand why u made that bold... u seemed excited, even tho your team made the only crack for GDB... so you do know what this kind of software does. Maybe you wanted to put some emphasis on it, but I don't see why. I am not against the post, just the boldface placement.

I really do want to know - what other tools does it provide? Data recovery is old stuff, they must have something else to justify the s/w. Cos u often hear of forensic tools such as this, but I have never come across one that is openly available, so if you have experience with this tool, tell me so I cn decide whether to dld that live cd

Eldorados · Oct 22, 2005

how does the software work???

KingKrool · Oct 22, 2005

Work regarding which feature?

el33t · Oct 22, 2005

hey can GDB analyse files from ext3,UFS(solaris) filesystems ,N0!? Actually I had successfully used R-Linux to once recover data from my lost ext3 partition

Do u find this interesting;

http://www.sleuthkit.org/sleuthkit/docs/ref_fs.html

Regards.

KingKrool · Oct 22, 2005

Now that is more like it.

There was a tool from GRC too for data recovery including FAT,NTFS and ext