Difference between revisions of "TCT"

From Free Software Directory
Jump to: navigation, search
m (<replacetext_editsummary>)
(New version. * Successor is 'Sleuthkit')
 
Line 1: Line 1:
 
{{Entry
 
{{Entry
|Name=TCT
+
|Name=Sleuthkit
 
|Short description=Tools for analyzing a system after a break-in
 
|Short description=Tools for analyzing a system after a break-in
|Full description='TCT' is a collection of programs for a post-mortem analysis of a *NIX system after break-in. It is meant to create areconstruction of the past - determining as much as possible what happened with a static snapshot of a system. 'TCT' was designed primarily for people in the trenches - systems administrators, security response teams, security investigators, etc. There are currently four major parts to TCT:
+
|Full description=* " Note: consider using Brian Carrier's Sleuthkit. It is the official successor, based on parts from TCT. Development of the Coroner's Toolkit was stopped years ago. It is updated only for for bugfixes which are very rare, and after Wietse discovers that the programs no longer work on a new machine. "
 +
 
 +
'TCT' is a collection of programs for a post-mortem analysis of a *NIX system after break-in. It is meant to create areconstruction of the past - determining as much as possible what happened with a static snapshot of a system. 'TCT' was designed primarily for people in the trenches - systems administrators, security response teams, security investigators, etc. There are currently four major parts to TCT:
 
<br />
 
<br />
 
* grave-robber (data capturing tool)
 
* grave-robber (data capturing tool)
Line 8: Line 10:
 
* unrm &amp; lazarus (collection &amp; analysis of data on a file)
 
* unrm &amp; lazarus (collection &amp; analysis of data on a file)
 
* mactime (analyzes the mtime file)
 
* mactime (analyzes the mtime file)
 +
|Homepage URL=http://www.sleuthkit.org/sleuthkit/
 
|User level=none
 
|User level=none
|Status=Live
 
 
|Component programs=graverobber,unrm,lazarus,mactime,ils,icat,pcat,file
 
|Component programs=graverobber,unrm,lazarus,mactime,ils,icat,pcat,file
|Homepage URL=http://www.porcupine.org/forensics/tct.html
 
|VCS checkout command=
 
 
|Computer languages=C
 
|Computer languages=C
 
|Documentation note=User README and man pages included
 
|Documentation note=User README and man pages included
|Paid support=
 
|IRC help=
 
|IRC general=
 
|IRC development=
 
|Related projects=
 
 
|Keywords=analysis,system,crack,break-in,exploit,forensics,post-mortem
 
|Keywords=analysis,system,crack,break-in,exploit,forensics,post-mortem
|Is GNU=n
+
|Version identifier=4.3.0
|Last review by=Janet Casey
+
|Version date=2016/07/19
|Last review date=2004-08-05
+
|Version status=beta
 +
|Version download=https://github.com/sleuthkit/sleuthkit/releases/download/sleuthkit-4.3.0/sleuthkit-4.3.0.tar.gz
 +
|Version comment=4.3.0 beta released 2016-07-19
 +
|Last review by=Alejandroindependiente
 +
|Last review date=2017/01/11
 
|Submitted by=Database conversion
 
|Submitted by=Database conversion
 
|Submitted date=2011-04-01
 
|Submitted date=2011-04-01
|Version identifier=1.15
+
|Status=
|Version date=2004-01-06
+
|Is GNU=No
|Version status=beta
+
|License verified date=2004-08-05
|Version download=http://www.porcupine.org/forensics/tct-1.15.tar.gz
+
}}
 +
{{Project license
 +
|License=IBM Public License 1.0
 +
|License verified by=Janet Casey
 
|License verified date=2004-08-05
 
|License verified date=2004-08-05
|Version comment=1.15 beta released 2004-01-06
 
 
}}
 
}}
 
{{Person
 
{{Person
 +
|Real name=Dan Farmer
 
|Role=Maintainer
 
|Role=Maintainer
|Real name=Dan Farmer
 
|Email=
 
 
|Resource URL=
 
|Resource URL=
 
}}
 
}}
 
{{Person
 
{{Person
 +
|Real name=Wietse Venema
 
|Role=Maintainer
 
|Role=Maintainer
|Real name=Wietse Venema
 
 
|Email=wietse@porcupine.org
 
|Email=wietse@porcupine.org
 
|Resource URL=
 
|Resource URL=
Line 57: Line 57:
 
{{Software category
 
{{Software category
 
|Interface=command-line
 
|Interface=command-line
}}
 
{{Project license
 
|License=IBM Public License 1.0
 
|License verified by=Janet Casey
 
|License verified date=2004-08-05
 
 
}}
 
}}
 
{{Software prerequisite
 
{{Software prerequisite
Line 67: Line 62:
 
|Prerequisite description=Perl 5.004 or later
 
|Prerequisite description=Perl 5.004 or later
 
}}
 
}}
 +
{{Featured}}

Latest revision as of 08:23, 11 January 2017


[edit]

Sleuthkit

http://www.sleuthkit.org/sleuthkit/
Tools for analyzing a system after a break-in

  • " Note: consider using Brian Carrier's Sleuthkit. It is the official successor, based on parts from TCT. Development of the Coroner's Toolkit was stopped years ago. It is updated only for for bugfixes which are very rare, and after Wietse discovers that the programs no longer work on a new machine. "

'TCT' is a collection of programs for a post-mortem analysis of a *NIX system after break-in. It is meant to create areconstruction of the past - determining as much as possible what happened with a static snapshot of a system. 'TCT' was designed primarily for people in the trenches - systems administrators, security response teams, security investigators, etc. There are currently four major parts to TCT:

  • grave-robber (data capturing tool)
  • the C tools (ils, icat, pcat, file, etc.)
  • unrm & lazarus (collection & analysis of data on a file)
  • mactime (analyzes the mtime file)





Licensing

License

Verified by

Verified on

Notes

Verified by

Janet Casey

Verified on

5 August 2004




Leaders and contributors

Contact(s)Role
Wietse Venema Maintainer
Dan Farmer Maintainer


Resources and communication

AudienceResource typeURI
Bug Tracking,Developer,SupportE-mailmailto:tct-users@porcupine.org
Bug Tracking,Developer,SupportNewsgroupcomp.security.unix


Software prerequisites

KindDescription
Required to usePerl 5.004 or later




Entry

























Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.3 or any later version published by the Free Software Foundation; with no Invariant Sections, no Front-Cover Texts, and no Back-Cover Texts. A copy of the license is included in the page “GNU Free Documentation License”.

The copyright and license notices on this page only apply to the text on this page. Any software or copyright-licenses or other similar notices described in this text has its own copyright notice and license, which can usually be found in the distribution or license text itself.