TCT is a collection of programs by Dan Farmer and Wietse Venema for a post-mortem analysis of a UNIX system.
Notable TCT components are the grave-robber tool that captures information, the ils and mactime tools that display access patterns of files dead or alive, the unrm and lazarus tools that recover deleted files, and the findkey tool that recovers cryptographic keys from a running process or from files.
Different versions of TCT were tested with the following systems:
- Solaris 2.4, 2.5.1, 2.6, 7.0, 8
- FreeBSD 2.2.1, 3.4, 4.4
- RedHat 5.2, 6.1, 7.3
- BSD/OS 2.1, 4.1
- OpenBSD 2.5, 3.0, 3.1
- SunOS 4.1.3_U1, 4.1.4
TCT requires Perl 5.004 or later, although Perl 5.000 is probably sufficient if you only use the data collection software, and do the analysis on a different machine.