The Sleuth Kit and Autopsy are designed for computer forensics, but they also provide a great suite of tools for helping you recover lost data.

Most people know forensics—the application of domain knowledge to legal questions—best from television shows like Quincy (for old people and TV Land fans) or CSI (for younger people). Computer Forensics, a science that's growing for a variety of reasons, tries to answer questions like "what the heck happened to my system?" "who hacked in here and what did they change?" and "how did my accountant get all my corporate funds into his Swiss bank account without my noticing?" Even if you don't have one of these specific problems, it's a downright interesting field. What self-respecting computer geek wouldn't like the opportunity to legally burst in somewhere, seize or clone disk drives, do his best to hack in and examine them, and get paid for it, too?

All fun aside, forensic analysis of computer data can save your company's data or bacon (or perhaps both) in court, as well as helping law enforcement officials track down the crackers and thieves who give real hackers a bad name. This hack provides an overview of The Sleuth Kit, the best-known open source software package for computer forensics, and Autopsy, which provides a web-based, graphical frontend to The Sleuth Kit and integrated support for other security and consistency-checking software. The Sleuth Kit (TSK) is based on an earlier ...