![compare autopsy to prodiscover basic compare autopsy to prodiscover basic](https://0.academia-photos.com/attachment_thumbnails/38735686/mini_magick20180818-27929-1l8inxa.png)
For example, dls can extract unallocated clusters, icat copies files specified by inodes, and mactime creates a timeline of file activity. Once built, the suite comprises about a dozen tools, which cover a wide range of disk- and file-related functions.
#COMPARE AUTOPSY TO PRODISCOVER BASIC CODE#
The Sleuthkit source code is barely 500Kb and required no additional libraries to compile, which it did quickly and easily.
#COMPARE AUTOPSY TO PRODISCOVER BASIC SOFTWARE#
Security specialist makes much of its software available in open source form, and until recently did so with TASK, before the project was amicably moved to an independent group and renamed. First up was Sleuthkit, the forensics project formerly known as TASK, the Tool Kit. We then moved on to forensics-specific open source products. We tested products on an Intel system running a base image of Red Hat Linux 9, which, like any distribution, ships with a comprehensive suite of these basic tools. There are also utilities for creating hash sets of files (md5 and sha1), comparing files (comp), searching for content (grep), and identifying specific kinds of files from signatures (file). The most fundamental is dd, which creates bit-for-bit copies of block devices, including disk drives and removable storage. To start with, Unix systems usually include, by default, a number of grass-roots tools - essential for forensics work. Not only are the tools available from the community, but several forensics-focused sites exist offering information, advice and even competitions. The result is a toolbox of disparate software products, which, with a little DIY assembly, can achieve results comparable to proprietary products in scope, with the implicit flexibility and extensiveness that only open source can offer. There is an energetic community for forensics open source, drawing from the resources of forensics professionals, security experts and traditional Unix skills. As an alternative to costly proprietary tools, we sourced a variety of open source software, with the goal of emulating as much of the feature-sets offered by closed source products, such as EnCase and ProDiscover.