Page History

...

• Pre-SIP Tools and Workflow
  • AccessData FTK (Forensic Toolkit)
    • See YouTube video on the use of AccessData FTK to extract technical metadata and to assign descriptive metadata to collections at http://www.youtube.com/watch?v=hDAhbR8dyp8
      
  • Bulk Extractor
    • Description: "a C++ program that scans a disk image, a file, or a directory of files and extracts useful information without parsing the file system or file system structures". For sample output, see http://www.forensicswiki.org/wiki/Bulk_extractor
    • Availability:
    • License:
    • Developers:
    • First release: September, 2008?
    • Current release:
  • Gumshoe
    • description: Gumshoe is a Rails-based application for searching metadata from disk images. It relies on Blacklight, Solr, and fiwalk.
    • Availability:
    • License:
    • Developers: Mark Matienzo
    • First release:
    • Current release:

• • fiwalk
    • description
  • sleuthkit
    • description: The Sleuth Kit (TSK) is a library and collection of command line tools that allow you to investigate volume and file system data. The library can be incorporated into larger digital forensics tools and the command line tools can be directly used to find evidence. You can use it with the Autopsy Forensic Browser.
    • Availability: download here.
    • License: Some of the files have roots in The Coroner's Toolkit (TCT) and are distributed under the IBM Public License. These files are limited to the file system code and mainly for the FFS and Ext2 file systems. Files that have been created since the fork are released under the Common Public License. This includes all other files in the library. Note that the Common Public License is a generic form of the IBM Public License. TSK also distributes a striped down copy of GNU binutils strings, which has a GPL 2license.
    • Developers:
    • First release:
    • Current release: 3.2.1 (February, 27, 2011)
  • autopsy
    • description
  • guymager (imaging tool)

...