Searchtools, Indexed searching in forensic images

Diving into the workings

This article has been published in the Sleuthkit Informer #16 Description Forensic investigations of hard drives/images have a lot of benefit from the different tools that are around. Some of these tools are Open Source or Free Software, and some of these tools are commercial. Searching for keywords is probably one of the most performed actions during forensic investigations. But depending on the tools that are used this can take a lot of time depending on the size of the hard drive/image that is investigated.

Sleuthkit/Autopsy Searchtools patch

What is Searchtools?

Description As the main Forensic tool I like to use Autopsy/Sleuthkit. As it is missing some features in comparison to (commercial) Windows products, I've decided to contribute and add some new features to Autopsy and Sleuthkit. This is done in cooperation with Brian Carrier. One of the major missing features is indexed searching. Indexed searching greatly speeds up searches for words during investigations. So Searchtools was introduced. This article describes the features.