Skip to content
Snippets Groups Projects
Unverified Commit a09fe17c authored by Richard Cordovano's avatar Richard Cordovano Committed by GitHub
Browse files

Merge pull request #1655 from f97gujo/develop

Update README with links
parents 62dd0b04 1d40445e
No related branches found
No related tags found
No related merge requests found
......@@ -3,7 +3,6 @@
[![Build status](https://ci.appveyor.com/api/projects/status/8f7ljj8s2lh5sqfv?svg=true)](https://ci.appveyor.com/project/bcarrier/sleuthkit)
# [The Sleuth Kit](http://www.sleuthkit.org/sleuthkit)
README File
## INTRODUCTION
The Sleuth Kit is an open source forensic toolkit for analyzing
......@@ -16,8 +15,8 @@ the tool or customize it to specific needs.
The Sleuth Kit uses code from the file system analysis tools of
The Coroner's Toolkit (TCT) by Wietse Venema and Dan Farmer. The
TCT code was modified for platform independence. In addition,
support was added for the NTFS (see docs/ntfs.README) and FAT (see
docs/fat.README) file systems. Previously, The Sleuth Kit was
support was added for the NTFS (see [wiki/ntfs](http://wiki.sleuthkit.org/index.php?title=FAT_Implementation_Notes))
and FAT (see [wiki/fat](http://wiki.sleuthkit.org/index.php?title=NTFS_Implementation_Notes)) file systems. Previously, The Sleuth Kit was
called The @stake Sleuth Kit (TASK). The Sleuth Kit is now independent
of any commercial or academic organizations.
......@@ -35,8 +34,8 @@ The Sleuth Kit allows one to analyze a disk or file system image
created by 'dd', or a similar application that creates a raw image.
These tools are low-level and each performs a single task. When
used together, they can perform a full analysis. For a more detailed
description of these tools, refer to docs/filesystem.README. The
tools are briefly described in a file system layered approach. Each
description of these tools, refer to [wiki/filesystem](http://wiki.sleuthkit.org/index.php?title=TSK_Tool_Overview).
The tools are briefly described in a file system layered approach. Each
tool name begins with a letter that is assigned to the layer.
### File System Layer:
......@@ -88,8 +87,8 @@ contents of the data units allocated to the metadata structure
which metadata structure has allocated a given content unit or
file name.
Refer to the ntfs.README doc for information on addressing metadata
attributes in NTFS.
Refer to the [ntfs wiki](http://wiki.sleuthkit.org/index.php?title=NTFS_Implementation_Notes)
for information on addressing metadata attributes in NTFS.
### Human Interface Layer (file):
The human interface layer allows one to interact with files in a
......@@ -110,7 +109,7 @@ made. The mactime (TCT) program takes as input the 'body' file
that was generated by fls and ils. To get data on allocated and
unallocated file names, use 'fls -rm dir' and for unallocated inodes
use 'ils -m'. Note that the behavior of these tools are different
than in TCT. For more information, refer to docs/mac.README.
than in TCT. For more information, refer to [wiki/mactime](http://wiki.sleuthkit.org/index.php?title=Mactime).
#### Hash Databases
......@@ -127,7 +126,7 @@ an index of a hash database and perform quick lookups using a binary
search algorithm. The 'hfind' tool can perform lookups on the NIST
National Software Reference Library (NSRL) (www.nsrl.nist.gov) and
files created from the 'md5' or 'md5sum' command. Refer to the
docs/hfind.README file for more details.
[wiki/hfind](http://wiki.sleuthkit.org/index.php?title=Hfind) file for more details.
#### File Type Categories
Different types of files typically have different internal structure.
......@@ -143,24 +142,24 @@ The 'sorter' program in The Sleuth Kit will use other Sleuth Kit
tools to sort the files in a file system image into categories.
The categories are based on rule sets in configuration files. The
'sorter' tool will also use hash databases to flag known bad files
and ignore known good files. Refer to the 'docs/sorter.README'
and ignore known good files. Refer to the [wiki/sorter](http://wiki.sleuthkit.org/index.php?title=Sorter)
file for more details.
## LICENSE
The file system tools (in the src/fstools directory) are released
under the IBM open source license and Common Public License, both
are located in the license directory. The modifications to 'mactime'
from the original 'mactime' in TCT and 'mac-daddy' are released
under the Common Public License. Other tools in the src directory
The file system tools (in the [tools/fstools](https://github.com/sleuthkit/sleuthkit/tree/develop/tools/fstools)
directory) are released under the IBM open source license and Common Public License, both
are located in the [licenses directory](https://github.com/sleuthkit/sleuthkit/tree/develop/licenses).
The modifications to 'mactime' from the original 'mactime' in TCT and 'mac-daddy' are released
under the Common Public License. Other tools in the tools directory
are either Common Public License or the GNU Public License.
## INSTALL
For installation instructions, refer to the INSTALL.txt document.
## OTHER DOCS
The 'docs' directory contains documents that describe the provided tools
in more detail. The Sleuth Kit Informer is a newsletter that contains
The [wiki](http://wiki.sleuthkit.org/index.php?title=Main_Page) contains documents that
describe the provided tools in more detail. The Sleuth Kit Informer is a newsletter that contains
new documentation and articles.
> www.sleuthkit.org/informer/
......@@ -172,5 +171,6 @@ announcements list.
> http://sourceforge.net/mail/?group_id=55685
Brian Carrier
carrier <at> sleuthkit <dot> org
carrier at sleuthkit dot org
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment