The @stake Sleuth Kit (TASK) is the only open source forensic toolkit
for a complete analysis of Microsoft and UNIX file systems.  TASK
enables investigators to identify and recover evidence from images
acquired during incident response or from live systems.

TASK is written in C and uses the file system tools of The Coroner's
Toolkit (TCT) and TCTutils as a foundation.

Some of its features :

* Analyzes images generated by the open source 'dd' utility,
  found on all UNIX systems and available for Windows systems.

* Supports the NTFS, FAT, FFS, and EXT2FS file systems. Images
  of a different endian ordering than the analysis system can be
  used.

* The tools are organized in a layered approach, where the names
  in each layer start with the same letter to help the user identify
  the function of the tool. The layers include File System, File
  Name (directory entries and NTFS index trees), Meta-Data (UNIX
  inodes and NTFS MFT entries), and Content (blocks and clusters).

* Identifies deleted files by name and location.

* Identifies the status of content units (blocks and clusters)
  and meta-data structures.

* Maps the relationship of objects across different layers.

WWW: ${HOMEPAGE}
