An Introduction To The Sleuth Kit and File System Forensic Analysis presented at AUScert 2007

by Brian Carrier,

Summary : This tutorial will be on the basics of The Sleuth Kit (TSK) and Autopsy Forensic Browser, both of which are open source digital investigation tools. The tutorial will also cover some of the high- level details of file systems because the design of TSK is based on a file system design. The tutorial will cover how to install the tools and how to use them to look for evidence. This tutorial will require a laptop with Linux, OS X, or Free/OpenBSD. It will be assumed that the attendees will be comfortable using their laptop and know basic command line tools.