Searchtools, Indexed searching in forensic images

Diving into the workings

This article has been published in the Sleuthkit Informer #16 Description Forensic investigations of hard drives/images have a lot of benefit from the different tools that are around. Some of these tools are Open Source or Free Software, and some of these tools are commercial. Searching for keywords is probably one of the most performed actions during forensic investigations. But depending on the tools that are used this can take a lot of time depending on the size of the hard drive/image that is investigated. [Read More]

Sleuthkit/Autopsy Searchtools patch

What is Searchtools?

Description As the main Forensic tool I like to use Autopsy/Sleuthkit. As it is missing some features in comparison to (commercial) Windows products, I’ve decided to contribute and add some new features to Autopsy and Sleuthkit. This is done in cooperation with Brian Carrier. One of the major missing features is indexed searching. Indexed searching greatly speeds up searches for words during investigations. So Searchtools was introduced. This article describes the features. [Read More]

Sleuthkit/Autopsy Foremost patch

Adding Foremost to Autopsy

Description Author: P. Vissers Foremost is a tool which can recover data from unallocated space by user definable headers and optionally footers. It runs on most Linux distributions. I thought it would be handy to be able to integrate this into Autopsy, along with the option to edit the configuration file. Well, here is the patch. Effort has been made to respect the original format of the ‘base/autopsyfunc.pm’. Foremost 0. [Read More]