sleuthkit - The Sleuth Kit (TSK)

Property Value
Distribution CentOS 6
Repository CERT Forensics Tools x86_64
Package filename sleuthkit-4.6.7-1.1.el6.x86_64.rpm
Package name sleuthkit
Package version 4.6.7
Package release 1.1.el6
Package architecture x86_64
Package type rpm
Category Applications/System
License CPL and IBM and GPLv2+
Maintainer -
Download size 4.88 MB
Installed size 13.16 MB
The Sleuth Kit (TSK) is a collection of UNIX-based command line tools that
allow you to investigate a computer. The current focus of the tools is the
file and volume systems and TSK supports FAT, Ext2/3, NTFS, UFS,
and ISO 9660 file systems


Package Version Architecture Repository
sleuthkit-4.6.7-1.1.el6.i686.rpm 4.6.7 i686 CERT Forensics Tools
sleuthkit - - -


Name Value
/usr/bin/perl -
file -
jpackage-utils - - - - - - - - - - - - - - - - - - - -
mac-robber -
perl(POSIX) -
perl(integer) -
perl(strict) -
rtld(GNU_HASH) -
sleuthkit-libs = 4.6.7-1.1.el6


Name Value
sleuthkit = 4.6.7-1.1.el6
sleuthkit(x86-64) = 4.6.7-1.1.el6


Type URL
Binary Package sleuthkit-4.6.7-1.1.el6.x86_64.rpm
Source Package sleuthkit-4.6.7-1.1.el6.src.rpm

Install Howto

  1. Add EPEL and RPMForge repositories
  2. Download cert-forensics-tools-release-el6 rpm:
  3. Install cert-forensics-tools-release-el6 rpm:
    # rpm -Uvh cert-forensics-tools-release*rpm
  4. Install sleuthkit rpm package:
    # yum --enablerepo=forensics install sleuthkit




2019-08-07 - Lawrence R. Rogers < 4.6.7-1.1
- Release 4.6.7-1.1
Update Release because Fedora now contains 4.6.7.
2019-06-09 - Lawrence R. Rogers < 4.6.6-1.1
- Release 4.6.6-1.1
Update Release because Fedora now contains 4.6.6.
2019-04-26 - Lawrence R. Rogers < 4.6.6-1
- Release 4.6.6-1
C/C++ Code:
Acquisition deteails are set in DB for E01 files
Fix NTFS decompression issue (from Joe Sylve)
Image reading fix when cache fails (Joe Sylve)
Fix HFS+ issue with large catalog files (Joe Sylve) 
Fix free memory issue in srch_strings (Derrick Karpo)
Fix so that local files can be relative
More Blackboard artifacts and attributes for web data
Added methods to CaseDbManager to enable checking for and modifying tables.
APIs to get and set acquisition details
Added methods to add volume and file systems to database
Added method to add LayoutFile for allocated files
Changed handling of JNI handles to better support multiple cases
2019-01-15 - Lawrence R. Rogers < 4.6.5-1
- Release 4.6.5-1
C/C++ Code:
HFS boundary check fix
Java Code:
New artifacts and attributes defined
Fixed bug in SleuthkitCase.getContentById() for data sources
Fixed bug in that could allow reading past end of file
Case Database Schema:
New fields for hash values and acquisition details in case database
Store "created schema version" in case database
2018-11-09 - Lawrence R. Rogers < 4.6.4-1
- Release 4.6.4-1
Java Code:
Increase max statements in database to prevent errors under load
Have a max timeout for SQLite retries
2018-10-14 - Lawrence R. Rogers < 4.6.3-1
- Release 4.6.3-1
C/C++ Code:
Hashdb bug fixes for corrupt indexes and 0 hashes
New code for testing power of number in ExtX code
Java Code:
New class that allows generic database access
New methods that check for duplicate artifacts
Added caches for frequently used content
Database Schema:
Added Examiner table
Tags are now associated with Examiners
Changed parent_path for logical files to be consistent with FS files.
2018-10-03 - Lawrence R. Rogers < 4.6.2-2
- Release 4.6.2-2
Built with Java support. Release number is greater than the release for Fedora 28 and 27.
2018-08-08 - Lawrence R. Rogers < 4.6.2-1
- Release 4.6.2-1
C/C++ Code:
- Various compiler warning fixes
- Added small delay into image writer to not starve other threads
- Added more locking to ensure that handles were not closed while other threads were using them. 
- Added APIs to support more queries by data source
- Added memory-based caching when detecting if an object has children or not.
2018-05-16 - Lawrence R. Rogers < 4.6.1-1
- Release 4.6.1-1
Lots of bounds checking fixes from Google's fuzzing tests. Thanks Goole.
Cleanup and fixes from uckelman-sf and others
PostgreSQL, libvhdi, & libvmdk are supported for Linux / OS X
Fixed display of NTFS GUID in istat - report from Eric Zimmerman.
NTFS istat shows details about all FILE_NAME attributes, not just the first. report from Eric Zimmerman.
2018-03-28 - Lawrence R. Rogers < 4.6.0-3
- Release 4.6.0-3
Moved sleuthkit-4.6.0.jar from sleuthkit-devel package to sleuthkit package.

See Also

Package Description
sleuthkit-devel-4.6.7-1.1.el6.x86_64.rpm Development files for sleuthkit
sleuthkit-libs-4.6.7-1.1.el6.x86_64.rpm Library for sleuthkit
snarf-0.2.4-2.el6.x86_64.rpm snarf - Structured Network Alert Reporting Framework
snarf-devel-0.2.4-2.el6.x86_64.rpm Static libraries and C header files for libsnarf
snarf-python-0.2.4-2.el6.x86_64.rpm Python interface to snarf
snort- An open source Network Intrusion Detection System (NIDS)
snort-openappid- An open source Network Intrusion Detection System (NIDS) with open AppId support
snort-sample-rules- Sample rules for snort
socat- Relay for bidirectional data transfer between 2 channels
sqlite-3.7.17-4.el6.x86_64.rpm Library that implements an embeddable SQL database engine
sqlite-devel-3.7.17-4.el6.x86_64.rpm Development tools for the sqlite3 embeddable SQL database engine
sqlite-doc-3.7.17-4.el6.noarch.rpm Documentation for sqlite
sqlite-tcl-3.7.17-4.el6.x86_64.rpm Tcl module for the sqlite3 embeddable SQL database engine
ssdeep-2.14.1-1.el6.x86_64.rpm Computes a checksum based on context triggered piecewise hashes
stegdetect-0.6-2.el6.x86_64.rpm Detect and extract steganography messages inside JPEG