 Welcome back everyone. Today, I wanted to talk about how to install the SleuthKit command line utilities in Windows, okay? So the first thing we need to do is go to the SleuthKit or sorry www.sleuthkit.org and then you'll get this open source digital forensics page and there's two dog icons. One is for autopsy, which is an excellent piece of forensic software and then the SleuthKit itself, which are the command line utilities plus a library. So we want to click on the top, click on SleuthKit and then I encourage you to read all of this information, but right now we want to click on Download and then we are in Windows. I'm on Windows 10 right now, so I want to get the Windows binaries. So just click Windows, download for the Windows binaries and you'll start downloading it. So I already have it downloaded, so I'll check my downloads folder and I get this SleuthKit.4.6.0 win32.zip folder. So once you have SleuthKit downloaded, then double click on the zip folder and inside you'll see an uncompressed folder just SleuthKit.4.6.0 win32. So I'm going to drag this first to my desktop and then you'll notice that the file name of the folder that we're copying out is has the full version information. Now depending on the policies of your department or your forensic lab you might want to keep older copies or different versions of SleuthKit to rerun on past cases. So for example, if I used SleuthKit version 4.3 to process a case I might want to be able to go back to SleuthKit version 4.3 that way I can get exactly the same result because maybe there's been some changes in the SleuthKit utilities since 4.6. So I encourage you to keep past versions or keep some sort of versioning information if you can. So in this case what I'm going to do is actually just remove the win32. So in this case SleuthKit 4.6 and I'm going to move this to the program files folder. So if I click on C drive program files x86 and I'm going to drag the SleuthKit folder into program files folder. So now I have SleuthKit and I have the version information. So what I need to do now is go into the SleuthKit folder and then notice that there's no executables in the first folder. But if we check in the bin folder, the binary folder, then we can see a bunch of DLLs and if I scroll down then I can see all of the executables that I recognize. For example, hfind, FLS, FF find, all of the executables. So now what I need to do is copy the location of all of the executables that I want to run which is in my case C drive program files SleuthKit 4.6.0 slash bin. So I'm going to click copy or hit copy control C. And then we need to add the SleuthKit to our path. Right now I don't have the SleuthKit in my path. So for example if I try to run FLS, let me open up a command line. If I do FLS-V to look at the version information, FLS is not recognized as an internal or external command. Even though we've put it in the program files folder, Windows does not know where to look. So we have to tell Windows where to look. So I'm going to exit out of this. And then if I type into the start menu, if I type path P-A-T-H, then I can edit the system environment variables. So I want to click that. Then I'll get the system properties menu. And I want to click the bottom environment variables button. Okay. So from environment variables, I get the environment variables list. I want to double click on path. And if I double click, I will get the path edit environment variable. So edit environment variable, click new. And then it will give us a new blank line. And I can paste the full location of the binary folder for Sleuthkit into the path. Then click okay, okay, okay. And now, whenever we run the command line again, then I should be able to type FLS-V and hopefully it gives us the version number and it does. So now I can run just FLS and it will give me the help menu. I can run hfind and it will give me the menu. So now we can use all of the Sleuthkit command line utilities in windows, but we first have to set the path, install the binaries somewhere and then set the path. Once we do that, if you had a command prompt open, then make sure you close the command prompt and then reopen it. And the newly opened command prompt will be able to see the new path variable. Okay, so that's pretty much it for installing Sleuthkit in windows, especially if you want to retain the version information. Yeah, so in later videos we'll talk about actually how to use these utilities to do hopefully some interesting things. So that's it for today. Thank you very much.