diff --git a/README.md b/README.md index 63e0a4853fb34428649d19bcfad00fdbc8bf5452..ce20a6a82d80ee1a00857bfb76208f84cc2410e3 100644 --- a/README.md +++ b/README.md @@ -3,7 +3,6 @@ [](https://ci.appveyor.com/project/bcarrier/sleuthkit) # [The Sleuth Kit](http://www.sleuthkit.org/sleuthkit) -README File ## INTRODUCTION The Sleuth Kit is an open source forensic toolkit for analyzing @@ -16,8 +15,8 @@ the tool or customize it to specific needs. The Sleuth Kit uses code from the file system analysis tools of The Coroner's Toolkit (TCT) by Wietse Venema and Dan Farmer. The TCT code was modified for platform independence. In addition, -support was added for the NTFS (see docs/ntfs.README) and FAT (see -docs/fat.README) file systems. Previously, The Sleuth Kit was +support was added for the NTFS (see [wiki/ntfs](http://wiki.sleuthkit.org/index.php?title=FAT_Implementation_Notes)) +and FAT (see [wiki/fat](http://wiki.sleuthkit.org/index.php?title=NTFS_Implementation_Notes)) file systems. Previously, The Sleuth Kit was called The @stake Sleuth Kit (TASK). The Sleuth Kit is now independent of any commercial or academic organizations. @@ -35,8 +34,8 @@ The Sleuth Kit allows one to analyze a disk or file system image created by 'dd', or a similar application that creates a raw image. These tools are low-level and each performs a single task. When used together, they can perform a full analysis. For a more detailed -description of these tools, refer to docs/filesystem.README. The -tools are briefly described in a file system layered approach. Each +description of these tools, refer to [wiki/filesystem](http://wiki.sleuthkit.org/index.php?title=TSK_Tool_Overview). +The tools are briefly described in a file system layered approach. Each tool name begins with a letter that is assigned to the layer. ### File System Layer: @@ -88,8 +87,8 @@ contents of the data units allocated to the metadata structure which metadata structure has allocated a given content unit or file name. -Refer to the ntfs.README doc for information on addressing metadata -attributes in NTFS. +Refer to the [ntfs wiki](http://wiki.sleuthkit.org/index.php?title=NTFS_Implementation_Notes) +for information on addressing metadata attributes in NTFS. ### Human Interface Layer (file): The human interface layer allows one to interact with files in a @@ -110,7 +109,7 @@ made. The mactime (TCT) program takes as input the 'body' file that was generated by fls and ils. To get data on allocated and unallocated file names, use 'fls -rm dir' and for unallocated inodes use 'ils -m'. Note that the behavior of these tools are different -than in TCT. For more information, refer to docs/mac.README. +than in TCT. For more information, refer to [wiki/mactime](http://wiki.sleuthkit.org/index.php?title=Mactime). #### Hash Databases @@ -127,7 +126,7 @@ an index of a hash database and perform quick lookups using a binary search algorithm. The 'hfind' tool can perform lookups on the NIST National Software Reference Library (NSRL) (www.nsrl.nist.gov) and files created from the 'md5' or 'md5sum' command. Refer to the -docs/hfind.README file for more details. +[wiki/hfind](http://wiki.sleuthkit.org/index.php?title=Hfind) file for more details. #### File Type Categories Different types of files typically have different internal structure. @@ -143,24 +142,24 @@ The 'sorter' program in The Sleuth Kit will use other Sleuth Kit tools to sort the files in a file system image into categories. The categories are based on rule sets in configuration files. The 'sorter' tool will also use hash databases to flag known bad files -and ignore known good files. Refer to the 'docs/sorter.README' +and ignore known good files. Refer to the [wiki/sorter](http://wiki.sleuthkit.org/index.php?title=Sorter) file for more details. ## LICENSE -The file system tools (in the src/fstools directory) are released -under the IBM open source license and Common Public License, both -are located in the license directory. The modifications to 'mactime' -from the original 'mactime' in TCT and 'mac-daddy' are released -under the Common Public License. Other tools in the src directory +The file system tools (in the [tools/fstools](https://github.com/sleuthkit/sleuthkit/tree/develop/tools/fstools) + directory) are released under the IBM open source license and Common Public License, both +are located in the [licenses directory](https://github.com/sleuthkit/sleuthkit/tree/develop/licenses). +The modifications to 'mactime' from the original 'mactime' in TCT and 'mac-daddy' are released +under the Common Public License. Other tools in the tools directory are either Common Public License or the GNU Public License. ## INSTALL For installation instructions, refer to the INSTALL.txt document. ## OTHER DOCS -The 'docs' directory contains documents that describe the provided tools -in more detail. The Sleuth Kit Informer is a newsletter that contains +The [wiki](http://wiki.sleuthkit.org/index.php?title=Main_Page) contains documents that +describe the provided tools in more detail. The Sleuth Kit Informer is a newsletter that contains new documentation and articles. > www.sleuthkit.org/informer/ @@ -172,5 +171,6 @@ announcements list. > http://sourceforge.net/mail/?group_id=55685 Brian Carrier -carrier <at> sleuthkit <dot> org + +carrier at sleuthkit dot org