OpenBSD ports

The sysutils/sleuthkit port

sleuthkit-4.10.1 – forensic toolkit based on TCT

Description

The Sleuth Kit (previously known as TASK) is the only open  
source forensic toolkit for a complete analysis of Microsoft
and UNIX file systems.
It enables investigators to identify and recover evidence from 
images acquired during incident response or from live systems.

Some of its features :

* Analyzes images generated by the open source 'dd' utility,
  found on all UNIX systems and available for Windows systems.
* Supports the NTFS, FAT, FFS, and EXT2FS file systems. Images
  of a different endian ordering than the analysis system can
  be used.
* The tools are organized in a layered approach, where the names
  in each layer start with the same letter to help the user identify
  the function of the tool. The layers include File System, File
  Name (directory entries and NTFS index trees), Meta-Data (UNIX
  inodes and NTFS MFT entries), and Content (blocks and clusters).
* Identifies deleted files by name and location.
* Identifies the status of content units (blocks and clusters)
  and meta-data structures.
* Maps the relationship of objects across different layers.

Only for arches

aarch64 aarch64 alpha amd64 amd64 arm arm hppa i386 i386 mips64 mips64 mips64el mips64el powerpc powerpc powerpc64 powerpc64 riscv64 riscv64 sparc64

Categories:

security sysutils

Library dependencies

• databases/sqlite3
• devel/libbfio
• sysutils/libvhdi
• sysutils/libvmdk

Build dependencies

• devel/autoconf/2.69
• devel/automake/1.15
• devel/libtool
• devel/metaauto
• devel/metaauto

Run dependencies

• converters/p5-DateManip