sleuthkit - The Sleuth Kit (TSK)

Property Value
Distribution Fedora 25
Repository CERT Forensics Tools i386
Package name sleuthkit
Package version 4.6.0
Package release 3.fc25
Package architecture i686
Package type rpm
Installed size 15.03 MB
Download size 1.65 MB
Official Mirror
The Sleuth Kit (TSK) is a collection of UNIX-based command line tools that
allow you to investigate a computer. The current focus of the tools is the
file and volume systems and TSK supports FAT, Ext2/3, NTFS, UFS,
and ISO 9660 file systems


Package Version Architecture Repository
sleuthkit-4.6.0-3.fc25.x86_64.rpm 4.6.0 x86_64 CERT Forensics Tools
sleuthkit-4.6.0-2.fc25.i686.rpm 4.6.0 i686 CERT Forensics Tools
sleuthkit-4.6.0-1.fc25.i686.rpm 4.6.0 i686 CERT Forensics Tools
sleuthkit-4.6.0-1.fc25.x86_64.rpm 4.6.0 x86_64 CERT Forensics Tools
sleuthkit-4.5.0-1.fc25.i686.rpm 4.5.0 i686 CERT Forensics Tools
sleuthkit-4.5.0-1.fc25.x86_64.rpm 4.5.0 x86_64 CERT Forensics Tools
sleuthkit-4.4.2-1.fc25.i686.rpm 4.4.2 i686 CERT Forensics Tools
sleuthkit-4.4.2-1.fc25.x86_64.rpm 4.4.2 x86_64 CERT Forensics Tools
sleuthkit-4.4.1-1.fc25.i686.rpm 4.4.1 i686 CERT Forensics Tools
sleuthkit-4.4.1-1.fc25.x86_64.rpm 4.4.1 x86_64 CERT Forensics Tools
sleuthkit-4.4.0-1.fc25.i686.rpm 4.4.0 i686 CERT Forensics Tools
sleuthkit-4.4.0-1.fc25.x86_64.rpm 4.4.0 x86_64 CERT Forensics Tools
sleuthkit-4.3.0-1.fc25.i686.rpm 4.3.0 i686 Fedora
sleuthkit-4.3.0-1.fc25.x86_64.rpm 4.3.0 x86_64 Fedora
sleuthkit-4.3.0-1.fc25.i686.rpm 4.3.0 i686 CERT Forensics Tools
sleuthkit-4.3.0-1.fc25.x86_64.rpm 4.3.0 x86_64 CERT Forensics Tools
sleuthkit - - -


Name Value
/usr/bin/perl -
file -
java >= 1.6.0
jpackage-utils - - - - - - - - - - - - - - - - - - - - - - -
mac-robber -
rtld(GNU_HASH) -
sleuthkit-libs = 4.6.0-3.fc25


Name Value
sleuthkit = 4.6.0-3.fc25
sleuthkit(x86-32) = 4.6.0-3.fc25


Type URL
Binary Package sleuthkit-4.6.0-3.fc25.i686.rpm
Source Package sleuthkit-4.6.0-3.fc25.src.rpm

Install Howto

  1. Download cert-forensics-tools-release-25 rpm:
  2. Install cert-forensics-tools-release-25 rpm:
    # rpm -Uvh cert-forensics-tools-release*rpm
  3. Install sleuthkit rpm package:
    # dnf --enablerepo=forensics install sleuthkit




2018-03-28 - Lawrence R. Rogers < 4.6.0-3
- Release 4.6.0-3
Moved sleuthkit-4.6.0.jar from sleuthkit-devel package to sleuthkit package.
2018-02-28 - Lawrence R. Rogers < 4.6.0-2
- Release 4.6.0-2
Removed patches from PyTSK.
2018-02-21 - Lawrence R. Rogers < 4.6.0-1
- Release 4.6.0-1
- New Features
- New Communications related Java classes and database tables.
- Java build updates for Autopsy Linux build
- Blackboard artifacts are now Content objects in Java and part of tsk_objects table in database.
- Increased cache sizes.
- Lots of bounds checking fixes from Google's fuzzing tests.  Thanks Google.
- HFS fix from uckelman-sf.
2017-10-15 - Lawrence R. Rogers < 4.5.0-1
- Release 4.5.0-1
- New Features:
- Support for LZVN compressed HFS files (from Joel Uckelman)
- Use sector size from E01 (helps with 4k sector sizes)
- More specific version number of DB schema
- New Local Directory type in DB to differentiate with Virtual Directories
- All blackboard artifacts in DB are now 'content'. Attachments can now be children of their parent message.
- Added extension as a column in tsk_files table.
- Bug Fixes:
- Faster resolving of HFS hard links
- Lots of fixes from Google Fuzzing efforts.
2017-08-07 - Lawrence R. Rogers < 4.4.2-1
- Release 4.4.2-1
- New Features:
- usnjls tool for NTFS USN log (from noxdafox)
- Added index to mime type column in DB
- Use local SQLite3 if it exists (from uckelman-sf)
- Blackboard Artifacts have a shortDescription metho
- Bug Fixes:
- Fix for highest HFS+ inum lookup (from uckelman-sf)
- Fix ISO9660 crash
- various performance fixes and added thread safety checks
2017-05-30 - Lawrence R. Rogers < 4.4.1-1
- Release 4.4.1-1
- New Features:
-- Can create a sparse VHD file when reading a local drive with new
IMAGE_WRITER structure. Currently being used by Autopsy, but no TSK
command line tools.
- Bug fixes:
-- Lots of cleanup and fixes. Including:
-- memory leaks
-- UTF8 and UTF16 cleanup 
-- Missing NTFS files (in fairly rare cases)
-- Really long folder structures and database inserts
2017-01-17 - Lawrence R. Rogers < 4.4.0-1
- Release 4.4.0-1
Compiling in Windows now uses Visual Studio 2015
tsk_loaddb now adds new files for slack space and JNI was upgraded accordingly.
NTFS works on 4k sectors
Added support in Java to store local files in encoded form (XORed)
Added Java Account object into datamodel
Added notion of a review status to blackboard artifacts
Upgraded version of PostgreSQL
Various minor bug fixes
2016-07-19 - Lawrence R. Rogers < 4.3.0-1
- Release 4.3.0-1
Release 4.3.0.
2016-07-18 - Lawrence R. Rogers < 4.2.0-6
- Release 4.2.0-6
Rebuilt to use libewf-20160718, release 20140608.1.
Also patched to 20160718.
2016-06-23 - Lawrence R. Rogers < 4.2.0-5
- Release 4.2.0-5
Patch 6 - bring up to 2016-06-23 version from github.

See Also

Package Description
sleuthkit-devel-4.3.0-1.fc25.i686.rpm Development files for sleuthkit
sleuthkit-devel-4.4.0-1.fc25.i686.rpm Development files for sleuthkit
sleuthkit-devel-4.4.1-1.fc25.i686.rpm Development files for sleuthkit
sleuthkit-devel-4.4.2-1.fc25.i686.rpm Development files for sleuthkit
sleuthkit-devel-4.5.0-1.fc25.i686.rpm Development files for sleuthkit
sleuthkit-devel-4.6.0-1.fc25.i686.rpm Development files for sleuthkit
sleuthkit-devel-4.6.0-2.fc25.i686.rpm Development files for sleuthkit
sleuthkit-devel-4.6.0-3.fc25.i686.rpm Development files for sleuthkit
sleuthkit-libs-4.3.0-1.fc25.i686.rpm Library for sleuthkit
sleuthkit-libs-4.4.0-1.fc25.i686.rpm Library for sleuthkit
sleuthkit-libs-4.4.1-1.fc25.i686.rpm Library for sleuthkit
sleuthkit-libs-4.4.2-1.fc25.i686.rpm Library for sleuthkit
sleuthkit-libs-4.5.0-1.fc25.i686.rpm Library for sleuthkit
sleuthkit-libs-4.6.0-1.fc25.i686.rpm Library for sleuthkit
sleuthkit-libs-4.6.0-2.fc25.i686.rpm Library for sleuthkit