NTFS - Video 5 (30 minutes)

Sleuthkit

 

Lecture Overview:

 

• Install Sleuthkit and use it to forensically analyze an image of a file system:

 

• Install SleuthKit under Mint - (0:40)
• fsstat - (3:36, 14:42)
• fls - (4:11, 19:00)
• SleuthKit Overview - (5:02)
• NTFS & SleuthKit - (7:17)
• Conceptual Model of SleuthKit - (9:32)
• Command line utilities - (10:41)
• ils - (11:54, 18:05)
• example usage - (13:42)
• File Types - (19:59)
• Find Inodes of Deleted Files - (20:28)
• istat - (20:54)
• Recover a file - (23:14)
• icat - (23:54)
• commands on an NTFS file system - (25:03) 

 

 

Download:

 

• (Right click this link and use "Save As...") The Sleuth Kit

 

Additional Resources:

 

• Sleuth Kit Documents

 

 

All Course Lectures  

 

 

You now
Someone else 1 hr ago
Someone else 1 hr ago
Someone else 1 hr ago
Someone else 1 hr ago
Someone else 2 hrs ago
Someone else 2 hrs ago
Someone else 3 hrs ago
Someone else 5 hrs ago
Someone else 5 hrs ago