I have a doubt about thesleuthkit, if I use it in windows, where can I find the list of commands to run the individual tools?
Are the commands and syntax the same whether you are using thesleuthkit from windows or linux?
They’re basically the same. On Windows the executables have .exe extensions, so you probably need to run “mmls.exe image.dd” instead of “mmls image.dd”, but the parameters won’t change.
I tried on windows and I transferred the image file to be analyzed into the folder where the thesleuthkit executables are contained, then I opened a terminal as administrator and moved to the folder where there are the executables and the image and from there tried some command, it seems to work.
In this way there was no need to run the command.exe, are there any reasons that do not recommend using this method?
As long as it runs you’re fine. In a windows command prompt you don’t need the .exe. If you’re running cygwin you do.
I honestly don’t know if I’m using Cygwin, how can I know?
Cygwin is a shell program https://www.cygwin.com/ that can be downloaded and installed, it is to my knowledge not included by default in windows distributions. It has an icon like this with a C with a green line in the middle of it.
