sleuthkit - The Sleuth Kit (TSK)

Property Value
Distribution Fedora 28
Repository CERT Forensics Tools x86_64
Package filename sleuthkit-4.6.4-1.fc28.x86_64.rpm
Package name sleuthkit
Package version 4.6.4
Package release 1.fc28
Package architecture x86_64
Package type rpm
Category Applications/System
License CPL and IBM and GPLv2+
Maintainer -
Download size 1.62 MB
Installed size 12.96 MB
The Sleuth Kit (TSK) is a collection of UNIX-based command line tools that
allow you to investigate a computer. The current focus of the tools is the
file and volume systems and TSK supports FAT, Ext2/3, NTFS, UFS,
and ISO 9660 file systems


Package Version Architecture Repository
sleuthkit-4.6.5-1.fc28.i686.rpm 4.6.5 i686 CERT Forensics Tools
sleuthkit-4.6.5-1.fc28.x86_64.rpm 4.6.5 x86_64 CERT Forensics Tools
sleuthkit-4.6.4-1.fc28.i686.rpm 4.6.4 i686 CERT Forensics Tools
sleuthkit-4.6.3-1.fc28.i686.rpm 4.6.3 i686 CERT Forensics Tools
sleuthkit-4.6.3-1.fc28.x86_64.rpm 4.6.3 x86_64 CERT Forensics Tools
sleuthkit-4.6.2-2.fc28.i686.rpm 4.6.2 i686 CERT Forensics Tools
sleuthkit-4.6.2-2.fc28.x86_64.rpm 4.6.2 x86_64 CERT Forensics Tools
sleuthkit-4.6.2-1.fc28.i686.rpm 4.6.2 i686 Fedora Updates
sleuthkit-4.6.2-1.fc28.x86_64.rpm 4.6.2 x86_64 Fedora Updates
sleuthkit-4.6.0-3.fc28.x86_64.rpm 4.6.0 x86_64 CERT Forensics Tools
sleuthkit-4.5.0-2.fc28.i686.rpm 4.5.0 i686 Fedora
sleuthkit-4.5.0-2.fc28.x86_64.rpm 4.5.0 x86_64 Fedora
sleuthkit - - -


Name Value
/usr/bin/perl -
file -
java >= 1.6.0
jpackage-utils - - - - - - - - - - - - - - - - - - - - - - - -
mac-robber -
perl(POSIX) -
perl(integer) -
perl(strict) -
rtld(GNU_HASH) -
sleuthkit-libs = 4.6.4-1.fc28


Name Value
sleuthkit = 4.6.4-1.fc28
sleuthkit(x86-64) = 4.6.4-1.fc28


Type URL
Binary Package sleuthkit-4.6.4-1.fc28.x86_64.rpm
Source Package sleuthkit-4.6.4-1.fc28.src.rpm

Install Howto

  1. Download cert-forensics-tools-release-28 rpm:
  2. Install cert-forensics-tools-release-28 rpm:
    # rpm -Uvh cert-forensics-tools-release*rpm
  3. Install sleuthkit rpm package:
    # dnf --enablerepo=forensics install sleuthkit




2018-11-09 - Lawrence R. Rogers < 4.6.4-1
- Release 4.6.4-1
Java Code:
Increase max statements in database to prevent errors under load
Have a max timeout for SQLite retries
2018-10-14 - Lawrence R. Rogers < 4.6.3-1
- Release 4.6.3-1
C/C++ Code:
Hashdb bug fixes for corrupt indexes and 0 hashes
New code for testing power of number in ExtX code
Java Code:
New class that allows generic database access
New methods that check for duplicate artifacts
Added caches for frequently used content
Database Schema:
Added Examiner table
Tags are now associated with Examiners
Changed parent_path for logical files to be consistent with FS files.
2018-10-03 - Lawrence R. Rogers < 4.6.2-2
- Release 4.6.2-2
Built with Java support. Release number is greater than the release for Fedora 28 and 27.
2018-08-08 - Lawrence R. Rogers < 4.6.2-1
- Release 4.6.2-1
C/C++ Code:
- Various compiler warning fixes
- Added small delay into image writer to not starve other threads
- Added more locking to ensure that handles were not closed while other threads were using them. 
- Added APIs to support more queries by data source
- Added memory-based caching when detecting if an object has children or not.
2018-05-16 - Lawrence R. Rogers < 4.6.1-1
- Release 4.6.1-1
Lots of bounds checking fixes from Google's fuzzing tests. Thanks Goole.
Cleanup and fixes from uckelman-sf and others
PostgreSQL, libvhdi, & libvmdk are supported for Linux / OS X
Fixed display of NTFS GUID in istat - report from Eric Zimmerman.
NTFS istat shows details about all FILE_NAME attributes, not just the first. report from Eric Zimmerman.
2018-03-28 - Lawrence R. Rogers < 4.6.0-3
- Release 4.6.0-3
Moved sleuthkit-4.6.0.jar from sleuthkit-devel package to sleuthkit package.
2018-02-28 - Lawrence R. Rogers < 4.6.0-2
- Release 4.6.0-2
Removed patches from PyTSK.
2018-02-21 - Lawrence R. Rogers < 4.6.0-1
- Release 4.6.0-1
- New Features
- New Communications related Java classes and database tables.
- Java build updates for Autopsy Linux build
- Blackboard artifacts are now Content objects in Java and part of tsk_objects table in database.
- Increased cache sizes.
- Lots of bounds checking fixes from Google's fuzzing tests.  Thanks Google.
- HFS fix from uckelman-sf.
2017-10-15 - Lawrence R. Rogers < 4.5.0-1
- Release 4.5.0-1
- New Features:
- Support for LZVN compressed HFS files (from Joel Uckelman)
- Use sector size from E01 (helps with 4k sector sizes)
- More specific version number of DB schema
- New Local Directory type in DB to differentiate with Virtual Directories
- All blackboard artifacts in DB are now 'content'. Attachments can now be children of their parent message.
- Added extension as a column in tsk_files table.
- Bug Fixes:
- Faster resolving of HFS hard links
- Lots of fixes from Google Fuzzing efforts.
2017-08-07 - Lawrence R. Rogers < 4.4.2-1
- Release 4.4.2-1
- New Features:
- usnjls tool for NTFS USN log (from noxdafox)
- Added index to mime type column in DB
- Use local SQLite3 if it exists (from uckelman-sf)
- Blackboard Artifacts have a shortDescription metho
- Bug Fixes:
- Fix for highest HFS+ inum lookup (from uckelman-sf)
- Fix ISO9660 crash
- various performance fixes and added thread safety checks

See Also

Package Description
sleuthkit-devel-4.6.0-3.fc28.x86_64.rpm Development files for sleuthkit
sleuthkit-devel-4.6.2-2.fc28.x86_64.rpm Development files for sleuthkit
sleuthkit-devel-4.6.3-1.fc28.x86_64.rpm Development files for sleuthkit
sleuthkit-devel-4.6.4-1.fc28.x86_64.rpm Development files for sleuthkit
sleuthkit-devel-4.6.5-1.fc28.x86_64.rpm Development files for sleuthkit
sleuthkit-libs-4.6.0-3.fc28.x86_64.rpm Library for sleuthkit
sleuthkit-libs-4.6.2-2.fc28.x86_64.rpm Library for sleuthkit
sleuthkit-libs-4.6.3-1.fc28.x86_64.rpm Library for sleuthkit
sleuthkit-libs-4.6.4-1.fc28.x86_64.rpm Library for sleuthkit
sleuthkit-libs-4.6.5-1.fc28.x86_64.rpm Library for sleuthkit
snarf-0.3.0-3.fc28.x86_64.rpm snarf - Structured Network Alert Reporting Framework
snarf-devel-0.3.0-3.fc28.x86_64.rpm Static libraries and C header files for libsnarf
snarf-python-0.3.0-3.fc28.x86_64.rpm Python interface to snarf
snort- An open source Network Intrusion Detection System (NIDS)
snort-2.9.12-1.fc28.x86_64.rpm An open source Network Intrusion Detection System (NIDS)