Import of sleuthkit-1.62

--
The Sleuth Kit (previously known as TASK) is a collection of 
UNIX-based command line file system forensic tools that allow 
an investigator to examine NTFS, FAT, FFS, EXT2FS, and EXT3FS 
file systems of a suspect computer in a non-intrusive fashion. 
The tools have a layer-based design and can extract data from 
internal file system structures. Because the tools do not rely 
on the operating system to process the file systems, deleted 
and hidden content is shown.

This port replaces TASK, previously removed.

sysutils/sleuthkit/Makefile

@@ -0,0 +1,36 @@
+# $OpenBSD: Makefile,v 1.1.1.1 2003/05/12 13:16:02 margarida Exp $
+
+COMMENT=		"forensic toolkit based on TCT"
+
+VERSION=		1.61
+DISTNAME=		sleuthkit-${VERSION}
+CATEGORIES=		sysutils security
+
+HOMEPAGE=		http://www.sleuthkit.org/
+
+MASTER_SITES=		${MASTER_SITE_SOURCEFORGE:=sleuthkit/} \
+			${MASTER_SITE_PACKETSTORM:=UNIX/utilities/}
+
+MAINTAINER=		Margarida Sequeira <margarida@openbsd.org>
+
+# IBM & GPL
+PERMIT_PACKAGE_CDROM=	"commercial contributor must indemnify all others"
+PERMIT_PACKAGE_FTP=	Yes
+PERMIT_DISTFILES_CDROM=	"commercial contributor must indemnify all others"
+PERMIT_DISTFILES_FTP=	Yes
+
+MAKE_FLAGS=		CC="${CC}" OPT="${CFLAGS}" DEBUG=""
+
+NO_REGRESS=		Yes
+
+DOCS=			README docs/* tct.docs/*
+
+do-install:
+	${INSTALL_DATA_DIR} ${PREFIX}/share/doc/task
+	cd ${WRKSRC}/bin && ${INSTALL_SCRIPT} mactime sorter ${PREFIX}/bin
+	cd ${WRKSRC}/bin && ${INSTALL_PROGRAM} dcalc dcat dls dstat ffind \
+	  icat fls fsstat icat ifind ils istat hfind ${PREFIX}/bin
+	cd ${WRKSRC}/man/man1 && ${INSTALL_MAN} * ${PREFIX}/man/man1
+	cd ${WRKSRC} && ${INSTALL_DATA} ${DOCS} ${PREFIX}/share/doc/task
+	 
+.include <bsd.port.mk>

sysutils/sleuthkit/distinfo

@@ -0,0 +1,3 @@
+MD5 (sleuthkit-1.61.tar.gz) = cd6783f8d9a109ffe839912674e2f3cf
+RMD160 (sleuthkit-1.61.tar.gz) = 62453376639909a437a15f09ee4c76af9e9542c9
+SHA1 (sleuthkit-1.61.tar.gz) = 965e8895d0e6fa75714fe5271664481b836f5d30

sysutils/sleuthkit/pkg/DESCR

@@ -0,0 +1,29 @@
+The Sleuth Kit (previously known as TASK) is the only open  
+source forensic toolkit for a complete analysis of Microsoft
+and UNIX file systems.
+It enables investigators to identify and recover evidence from 
+images acquired during incident response or from live systems.
+
+Some of its features :
+
+* Analyzes images generated by the open source 'dd' utility,
+  found on all UNIX systems and available for Windows systems.
+
+* Supports the NTFS, FAT, FFS, and EXT2FS file systems. Images
+  of a different endian ordering than the analysis system can
+  be used.
+
+* The tools are organized in a layered approach, where the names
+  in each layer start with the same letter to help the user identify
+  the function of the tool. The layers include File System, File
+  Name (directory entries and NTFS index trees), Meta-Data (UNIX
+  inodes and NTFS MFT entries), and Content (blocks and clusters).
+
+* Identifies deleted files by name and location.
+
+* Identifies the status of content units (blocks and clusters)
+  and meta-data structures.
+
+* Maps the relationship of objects across different layers.
+
+WWW: ${HOMEPAGE}

sysutils/sleuthkit/pkg/PLIST

@@ -0,0 +1,42 @@
+@comment $OpenBSD: PLIST,v 1.1.1.1 2003/05/12 13:16:02 margarida Exp $
+bin/dcalc
+bin/dcat
+bin/dls
+bin/dstat
+bin/ffind
+bin/fls
+bin/fsstat
+bin/hfind
+bin/icat
+bin/ifind
+bin/ils
+bin/istat
+bin/mactime
+bin/sorter
+man/man1/dcalc.1
+man/man1/dcat.1
+man/man1/dls.1
+man/man1/dstat.1
+man/man1/ffind.1
+man/man1/fls.1
+man/man1/fsstat.1
+man/man1/hfind.1
+man/man1/icat.1
+man/man1/ifind.1
+man/man1/ils.1
+man/man1/istat.1
+man/man1/mactime.1
+man/man1/sorter.1
+share/doc/task/CHANGES.FROM.TCT
+share/doc/task/README
+share/doc/task/README.FIRST
+share/doc/task/additional-resources
+share/doc/task/bibliography
+share/doc/task/fat.README
+share/doc/task/filesystem.README
+share/doc/task/help-recovering-file
+share/doc/task/help-when-broken-into
+share/doc/task/ntfs.README
+share/doc/task/sorter.README
+share/doc/task/timeline.README
+@dirrm share/doc/task