Difference between revisions of "TCT"
m (<replacetext_editsummary>) |
(New version. * Successor is 'Sleuthkit') |
||
Line 1: | Line 1: | ||
{{Entry | {{Entry | ||
− | |Name= | + | |Name=Sleuthkit |
|Short description=Tools for analyzing a system after a break-in | |Short description=Tools for analyzing a system after a break-in | ||
− | |Full description='TCT' is a collection of programs for a post-mortem analysis of a *NIX system after break-in. It is meant to create areconstruction of the past - determining as much as possible what happened with a static snapshot of a system. 'TCT' was designed primarily for people in the trenches - systems administrators, security response teams, security investigators, etc. There are currently four major parts to TCT: | + | |Full description=* " Note: consider using Brian Carrier's Sleuthkit. It is the official successor, based on parts from TCT. Development of the Coroner's Toolkit was stopped years ago. It is updated only for for bugfixes which are very rare, and after Wietse discovers that the programs no longer work on a new machine. " |
+ | |||
+ | 'TCT' is a collection of programs for a post-mortem analysis of a *NIX system after break-in. It is meant to create areconstruction of the past - determining as much as possible what happened with a static snapshot of a system. 'TCT' was designed primarily for people in the trenches - systems administrators, security response teams, security investigators, etc. There are currently four major parts to TCT: | ||
<br /> | <br /> | ||
* grave-robber (data capturing tool) | * grave-robber (data capturing tool) | ||
Line 8: | Line 10: | ||
* unrm & lazarus (collection & analysis of data on a file) | * unrm & lazarus (collection & analysis of data on a file) | ||
* mactime (analyzes the mtime file) | * mactime (analyzes the mtime file) | ||
+ | |Homepage URL=http://www.sleuthkit.org/sleuthkit/ | ||
|User level=none | |User level=none | ||
− | |||
|Component programs=graverobber,unrm,lazarus,mactime,ils,icat,pcat,file | |Component programs=graverobber,unrm,lazarus,mactime,ils,icat,pcat,file | ||
− | |||
− | |||
|Computer languages=C | |Computer languages=C | ||
|Documentation note=User README and man pages included | |Documentation note=User README and man pages included | ||
− | |||
− | |||
− | |||
− | |||
− | |||
|Keywords=analysis,system,crack,break-in,exploit,forensics,post-mortem | |Keywords=analysis,system,crack,break-in,exploit,forensics,post-mortem | ||
− | | | + | |Version identifier=4.3.0 |
− | |Last review by= | + | |Version date=2016/07/19 |
− | |Last review date= | + | |Version status=beta |
+ | |Version download=https://github.com/sleuthkit/sleuthkit/releases/download/sleuthkit-4.3.0/sleuthkit-4.3.0.tar.gz | ||
+ | |Version comment=4.3.0 beta released 2016-07-19 | ||
+ | |Last review by=Alejandroindependiente | ||
+ | |Last review date=2017/01/11 | ||
|Submitted by=Database conversion | |Submitted by=Database conversion | ||
|Submitted date=2011-04-01 | |Submitted date=2011-04-01 | ||
− | | | + | |Status= |
− | | | + | |Is GNU=No |
− | | | + | |License verified date=2004-08-05 |
− | | | + | }} |
+ | {{Project license | ||
+ | |License=IBM Public License 1.0 | ||
+ | |License verified by=Janet Casey | ||
|License verified date=2004-08-05 | |License verified date=2004-08-05 | ||
− | |||
}} | }} | ||
{{Person | {{Person | ||
+ | |Real name=Dan Farmer | ||
|Role=Maintainer | |Role=Maintainer | ||
− | |||
− | |||
|Resource URL= | |Resource URL= | ||
}} | }} | ||
{{Person | {{Person | ||
+ | |Real name=Wietse Venema | ||
|Role=Maintainer | |Role=Maintainer | ||
− | |||
|Email=wietse@porcupine.org | |Email=wietse@porcupine.org | ||
|Resource URL= | |Resource URL= | ||
Line 57: | Line 57: | ||
{{Software category | {{Software category | ||
|Interface=command-line | |Interface=command-line | ||
− | |||
− | |||
− | |||
− | |||
− | |||
}} | }} | ||
{{Software prerequisite | {{Software prerequisite | ||
Line 67: | Line 62: | ||
|Prerequisite description=Perl 5.004 or later | |Prerequisite description=Perl 5.004 or later | ||
}} | }} | ||
+ | {{Featured}} |
Latest revision as of 08:23, 11 January 2017
Sleuthkit
http://www.sleuthkit.org/sleuthkit/
Tools for analyzing a system after a break-in
- " Note: consider using Brian Carrier's Sleuthkit. It is the official successor, based on parts from TCT. Development of the Coroner's Toolkit was stopped years ago. It is updated only for for bugfixes which are very rare, and after Wietse discovers that the programs no longer work on a new machine. "
'TCT' is a collection of programs for a post-mortem analysis of a *NIX system after break-in. It is meant to create areconstruction of the past - determining as much as possible what happened with a static snapshot of a system. 'TCT' was designed primarily for people in the trenches - systems administrators, security response teams, security investigators, etc. There are currently four major parts to TCT:
- grave-robber (data capturing tool)
- the C tools (ils, icat, pcat, file, etc.)
- unrm & lazarus (collection & analysis of data on a file)
- mactime (analyzes the mtime file)
Download
https://github.com/sleuthkit/sleuthkit/releases/download/sleuthkit-4.3.0/sleuthkit-4.3.0.tar.gz
Categories
Licensing
License
Verified by
Verified on
Notes
Leaders and contributors
Contact(s) | Role |
---|---|
Wietse Venema | Maintainer |
Dan Farmer | Maintainer |
Resources and communication
Audience | Resource type | URI |
---|---|---|
Bug Tracking,Developer,Support | mailto:tct-users@porcupine.org | |
Bug Tracking,Developer,Support | Newsgroup | comp.security.unix |
Software prerequisites
Kind | Description |
---|---|
Required to use | Perl 5.004 or later |
Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.3 or any later version published by the Free Software Foundation; with no Invariant Sections, no Front-Cover Texts, and no Back-Cover Texts. A copy of the license is included in the page “GNU Free Documentation License”.
The copyright and license notices on this page only apply to the text on this page. Any software or copyright-licenses or other similar notices described in this text has its own copyright notice and license, which can usually be found in the distribution or license text itself.