Directory
The @stake Sleuth Kit (TASK) allows an investigator examine the file systems of a suspect computer in a non-intrusive fashion. TASK is a collection of UNIX-based command line tools that can analyze NTFS, FAT, FFS, EXT2FS, and EXT3FS file systems. TASK reads and processes the file system structures itself and therefore operating system support for the file systems is not required. Furthermore, these can be used during Incident Response on live systems to bypass the kernel and view files that are being hidden by rootkits. The Autopsy Forensic Browser is a graphical interface to the tools in TASK, which allows one to more easily conduct an investigation. Autopsy provides case management, image integrity, keyword searching, and other automated operations.
