sleuthkit  4.10.2
About: The Sleuth Kit is a forensic toolkit for analyzing Microsoft and UNIX file systems and disks.
  Fossies Dox: sleuthkit-4.10.2.tar.gz  ("unofficial" and yet experimental doxygen-generated source code documentation)  

The Sleuth Kit (TSK) Library User's Guide and API Reference
Brian Carrier


This document was designed to help integrate the Sleuth Kit (TSK) C/C++ library into an application that needs to analyze data from a disk image. Note that this document does not contain information about using the command line tools in TSK. The command line tools use the functionality of this library, but this document is for programmers who want to use the C/C++ library. If you want to integrate into Java, then refer to the Java Bindings document.

There are two main sections to this document. One is the User's Guide that describes the organization of TSK, the APIs, and how to use them together. The other is a list of the API functions and a description of their arguments and return values.

User's Guide

The User's Guide describes the various components of TSK and how to use them. It refers to specific functions and data structures with links to the details in the API Reference.

API Reference

The API Reference lists the public C and C++ API functions with their arguments and return values. The Users's Guide should be read first so that the interaction and use of the functions are understood. These pages can also be found in the Modules section.


If you have questions, refer to the addresses and sites on the support page.