The meeting of the “Indian Libre User Group” was successfully held on July 22nd 2012
Time: 2:00pm – 5.30pm
Venue: Internet Club, IInd Floor,
AMI Trust Building,Broadway Enclave,
2.30pm – 2.45pm
Customary Self Introduction.
People shared their experience with Free Software
2.45pm – 4.15pm – Session by G.Venkit Subramanian
The Sleuth Kit (TSK) is a library and collection of Unix and Windows based tools and utilities to allow for the forensic analysis of computer systems. It was written and maintained by digital investigator Brian Carrier. TSK can be used to perform investigations and data extraction from images of Windows, Linux and Unix computers. The Sleuth Kit is normally used in conjunction with its custom front-end application, Autopsy, to provide a user friendly interface. An alternative, newer interface is PTK Forensics. Several other tools also use TSK for file extraction.
The Sleuth Kit is a free, open source suite that provides a large number of specialized command-line based utilities. It is based on The Coroner’s Toolkit.
Some of the tools included in The Sleuth Kit include:
ils – lists all metadata entries, such as an Inode.
blkls – displays data blocks within a file system (formerly called dls).
fls – lists allocated and unallocated file names within a file system.
fsstat – displays file system statistical information about an image or storage medium.
ffind – searches for file names that point to a specified metadata entry.
mactime – creates a timeline of all files based upon their MAC times.
disk_stat – (currently Linux-only) discovers the existence of a Host Protected Area.
4.15pm – 4.30pm
People were requested to handle small technical discussions for the next meeting.
Thanks to all the attendees for coming and they are requested to put their feedback on the mailing list so that we can improve future meetings
The next user meet is on 26th August 2012