🗂️ Navigation
📁 Security Operations
📋 Digital Forensics
🔧 The Sleuth Kit

The Sleuth Kit

An open-source library and collection of utilities for forensic analysis of computer systems.

Visit Website →

Overview

The Sleuth Kit (TSK) is a collection of command-line tools and a C library for forensic analysis of disk images. It allows investigators to analyze volume and file system data, recovering files and examining low-level details of various file systems like NTFS, FAT, Ext3/4, and HFS+. It is the foundational engine behind the Autopsy graphical interface.

✨ Key Features

  • File system analysis (NTFS, FAT, ExFAT, UFS, Ext2/3/4, HFS+, ISO 9660)
  • Command-line tools for detailed, granular analysis
  • Recovers deleted files
  • Analyzes raw (dd), Expert Witness (E01), and AFF image formats
  • Can be used as a C library to build custom tools

🎯 Key Differentiators

  • Powerful command-line interface for scripting and automation
  • Core library can be integrated into other applications
  • Fundamental, low-level analysis capabilities
  • Completely open source

Unique Value: Provides powerful, low-level, command-line access for forensic analysis of file systems, serving as a critical building block for many other forensic tools.

🎯 Use Cases (4)

Deep file system forensics Data recovery Foundation for custom digital forensics tools Scripting and automation of forensic tasks

✅ Best For

  • Serves as the backend for Autopsy and many other open-source and commercial forensic tools.

💡 Check With Vendor

Verify these considerations match your specific requirements:

  • Users who require a graphical user interface and are not comfortable with command-line tools.

💻 Platforms

Desktop Windows Linux macOS Unix-like

✅ Offline Mode Available

🔌 Integrations

Autopsy log2timeline/plaso Cyber Triage

💰 Pricing

Contact for pricing
Free Tier Available

Free tier: The software is completely free and open source.

Visit The Sleuth Kit Website →

🔄 Similar Tools in Digital Forensics

EnCase Forensic

A court-proven solution for digital forensic investigations, enabling examiners to collect and decry...

Contact

FTK (Forensic Toolkit)

A comprehensive digital forensics platform that quickly processes and analyzes evidence from compute...

Contact

Autopsy

A free, open-source, and extensible digital forensics tool with a graphical interface for The Sleuth...

Contact

Wireshark

A free and open-source packet analyzer used for network troubleshooting, analysis, and communication...

Contact

Cellebrite UFED

A leading solution for lawful extraction, decoding, and analysis of data from a wide range of mobile...

Contact

Magnet AXIOM

An all-in-one digital forensics suite for analyzing data from mobile devices, computers, and cloud a...

Contact