SANS Digital Forensics and Incident Response Blog

Digital Forensics Case Leads: Carrier updates The Sleuth Kit

Welcome to the second installment of Digital Forensics Case Leads! This edition includes recently released updates to the popular Open Source digital forensics tools, Autopsy and The Sleuth Kit, an article by a lawyer-turned-computer-forensic-examiner and tips for uncovering Linux USB artifacts.

Tools:

  • Brian Carrier released an updated version of The Sleuth Kit (TSK 3.1.0) and its graphical browser based front-end, Autopsy (Version 2.22.) TSK includes HFS+ support and handles sectors that are not 512-bytes each. The current version of TSK also includes NTFS SID data, improved support for GPT partitions, AFFLIB formats and other new features.

Good Reads:

News:

Levity:

Coming Events:

Digital Forensics Case Leads for 20100211 was compiled by Ray Strubinger of the Georgia Institute of Technology. Ray leads the digital forensics and incident response team and when the incidents permit, he is involved in various aspects of the Institute's defense-in-depth strategy.