Import of sleuthkit-1.62

--
The Sleuth Kit (previously known as TASK) is a collection of 
UNIX-based command line file system forensic tools that allow 
an investigator to examine NTFS, FAT, FFS, EXT2FS, and EXT3FS 
file systems of a suspect computer in a non-intrusive fashion. 
The tools have a layer-based design and can extract data from 
internal file system structures. Because the tools do not rely 
on the operating system to process the file systems, deleted 
and hidden content is shown.

This port replaces TASK, previously removed.
This commit is contained in:
margarida 2003-05-12 13:16:02 +00:00
parent e58e72ab0b
commit c778e25d62
4 changed files with 110 additions and 0 deletions

View File

@ -0,0 +1,36 @@
# $OpenBSD: Makefile,v 1.1.1.1 2003/05/12 13:16:02 margarida Exp $
COMMENT= "forensic toolkit based on TCT"
VERSION= 1.61
DISTNAME= sleuthkit-${VERSION}
CATEGORIES= sysutils security
HOMEPAGE= http://www.sleuthkit.org/
MASTER_SITES= ${MASTER_SITE_SOURCEFORGE:=sleuthkit/} \
${MASTER_SITE_PACKETSTORM:=UNIX/utilities/}
MAINTAINER= Margarida Sequeira <margarida@openbsd.org>
# IBM & GPL
PERMIT_PACKAGE_CDROM= "commercial contributor must indemnify all others"
PERMIT_PACKAGE_FTP= Yes
PERMIT_DISTFILES_CDROM= "commercial contributor must indemnify all others"
PERMIT_DISTFILES_FTP= Yes
MAKE_FLAGS= CC="${CC}" OPT="${CFLAGS}" DEBUG=""
NO_REGRESS= Yes
DOCS= README docs/* tct.docs/*
do-install:
${INSTALL_DATA_DIR} ${PREFIX}/share/doc/task
cd ${WRKSRC}/bin && ${INSTALL_SCRIPT} mactime sorter ${PREFIX}/bin
cd ${WRKSRC}/bin && ${INSTALL_PROGRAM} dcalc dcat dls dstat ffind \
icat fls fsstat icat ifind ils istat hfind ${PREFIX}/bin
cd ${WRKSRC}/man/man1 && ${INSTALL_MAN} * ${PREFIX}/man/man1
cd ${WRKSRC} && ${INSTALL_DATA} ${DOCS} ${PREFIX}/share/doc/task
.include <bsd.port.mk>

View File

@ -0,0 +1,3 @@
MD5 (sleuthkit-1.61.tar.gz) = cd6783f8d9a109ffe839912674e2f3cf
RMD160 (sleuthkit-1.61.tar.gz) = 62453376639909a437a15f09ee4c76af9e9542c9
SHA1 (sleuthkit-1.61.tar.gz) = 965e8895d0e6fa75714fe5271664481b836f5d30

View File

@ -0,0 +1,29 @@
The Sleuth Kit (previously known as TASK) is the only open
source forensic toolkit for a complete analysis of Microsoft
and UNIX file systems.
It enables investigators to identify and recover evidence from
images acquired during incident response or from live systems.
Some of its features :
* Analyzes images generated by the open source 'dd' utility,
found on all UNIX systems and available for Windows systems.
* Supports the NTFS, FAT, FFS, and EXT2FS file systems. Images
of a different endian ordering than the analysis system can
be used.
* The tools are organized in a layered approach, where the names
in each layer start with the same letter to help the user identify
the function of the tool. The layers include File System, File
Name (directory entries and NTFS index trees), Meta-Data (UNIX
inodes and NTFS MFT entries), and Content (blocks and clusters).
* Identifies deleted files by name and location.
* Identifies the status of content units (blocks and clusters)
and meta-data structures.
* Maps the relationship of objects across different layers.
WWW: ${HOMEPAGE}

View File

@ -0,0 +1,42 @@
@comment $OpenBSD: PLIST,v 1.1.1.1 2003/05/12 13:16:02 margarida Exp $
bin/dcalc
bin/dcat
bin/dls
bin/dstat
bin/ffind
bin/fls
bin/fsstat
bin/hfind
bin/icat
bin/ifind
bin/ils
bin/istat
bin/mactime
bin/sorter
man/man1/dcalc.1
man/man1/dcat.1
man/man1/dls.1
man/man1/dstat.1
man/man1/ffind.1
man/man1/fls.1
man/man1/fsstat.1
man/man1/hfind.1
man/man1/icat.1
man/man1/ifind.1
man/man1/ils.1
man/man1/istat.1
man/man1/mactime.1
man/man1/sorter.1
share/doc/task/CHANGES.FROM.TCT
share/doc/task/README
share/doc/task/README.FIRST
share/doc/task/additional-resources
share/doc/task/bibliography
share/doc/task/fat.README
share/doc/task/filesystem.README
share/doc/task/help-recovering-file
share/doc/task/help-when-broken-into
share/doc/task/ntfs.README
share/doc/task/sorter.README
share/doc/task/timeline.README
@dirrm share/doc/task