|The Coroner's Toolkit (TCT) is a collection of tools that are either oriented towards gathering or analyzing forensic data on a Unix system.|
Frequently Asked Questions
A bit of help if you've just been broken into
A bit of help recovering a deleted file under Unix
|Solaris 2.4, 2.5.1, 2.6, 7.0, 8||FreeBSD 2.2.1, 3.4, 4.0||RedHat 5.2, 6.1|
|BSD/OS 2.1, 4.1||OpenBSD 2.5||SunOS 4.1.3_U1, 4.1.4|
TCT requires Perl 5.004 or later, although Perl 5.000 is possibly sufficient if you only use the data collection software, and do the analysis on a different machine.
TCT patches for various levels may be found here
TCT has inspired people to implement additional functionality. In order to have your software listed here, send mail to the tct-users mailing list (see below).
Since our resources are limited we are usually unable to take over the maintenance of contributed code.
We've created a mailing list firstname.lastname@example.org to discuss the toolkit and methods used to forensically analyze Unix systems.