sleuthkit
« Back to VersTracker
Description:
Forensic toolkit
Type: Formula  |  Tracked Since: Dec 28, 2025
Links: Homepage  |  formulae.brew.sh
Category: Security
Tags: forensics security disk-analysis investigation data-recovery
Install: brew install sleuthkit
About:
The Sleuth Kit (TSK) is a library and collection of command-line tools that enable forensic analysis of disk images and file systems. It provides low-level access to file system data, allowing investigators to recover files, analyze metadata, and examine deleted data without modifying the original evidence. It serves as the core engine behind the Autopsy GUI tool.
Key Features:
  • Supports multiple file systems including NTFS, FAT, exFAT, ext2/3/4, HFS+, and UFS
  • Provides command-line tools for disk image analysis and data carving
  • Includes Java API for integration into custom forensic applications
  • Outputs data in machine-readable formats for automated processing
  • Open-source and cross-platform
Use Cases:
  • Digital forensics investigations and evidence analysis
  • Data recovery from damaged or formatted storage media
  • Incident response and malware analysis
  • Academic research in computer forensics
Alternatives:
  • Autopsy – GUI wrapper built on top of Sleuth Kit
  • Volatility – Focuses on memory forensics rather than disk/file system analysis
Version History
Detected Version Rev Change Commit
Sep 13, 2024 11:18pm 0 VERSION_BUMP b4531d95
« Back to VersTracker  |  Browse Packages  |  About