The Sleuth Kit® (TSK) is a library and collection of command line tools that allow you to investigate disk images. The core functionality of TSK allows you to analyze volume and file system data. The library can be incorporated into larger digital forensics tools and the command line tools can be directly used to find evidence (The Sleuth Kit, n.d.).

Linux File System

To use TSK more effectively, having knowledge about the Linux Directory Structure is important.

Quick Access

For a quick lookup on Sleuth Kit commands, you can refer to this page. This PDF document may also be useful.

Similar: TSK Tool Overview

More information can be found on their GitHubor wiki.

References