Windows Forensics Cookbook
上QQ阅读APP看书,第一时间看更新

NTFS Analysis with The Sleuth Kit

The Sleuth Kit is a collection of command-line tools (and also a library) for the forensic analysis of drive images. These tools can help you with analysis of both volume and file system data (in a non-intrusive fashion, of course). It's cross-platform, so you can use any operating system you like to work with this toolkit. It supports both RAW and E01 images, so you can use any image that you acquired while following the previous recipes. This collection of tools will be very useful in your future digital forensic examinations: it supports a wide range of file systems, including NTFS, FAT, ExFAT, EXT2, EXT3, EXT4, HFS, and so on.