diff --git a/app-forensics/sleuthkit/Manifest b/app-forensics/sleuthkit/Manifest
new file mode 100644
index 000000000..56134c77a
--- /dev/null
+++ b/app-forensics/sleuthkit/Manifest
@@ -0,0 +1,4 @@
+DIST SparseBitSet-1.1.jar 23706 BLAKE2B 8623a723f11f97386a108c775fefddd324997b68bea7f7ade0581ec5800bfa8d32f699ab903ad66c631b7b5c69ba1ef377243653f5044f39234dac07543eb129 SHA512 cf75431c5f705961800ce5cbca2acb9b2459eaf98ec37b5ee21c5a90d204ffb466fa25457b0560fbb024489777efbea0276201024c7b1b2853124930ac490983
+DIST libewf-20130128.tar.gz 1978794 BLAKE2B e5d2bd8f4a8b878e13536b89b032d8cee6982272065b2bf325f8a811dff258264118a79496912377337ceb9ad630138b6bedb89e3c3be89a5f6a6fea85ab586b SHA512 94cdd0c3f0d8f535f3462c5adba266302f9b129abacda077ed429fa38af6862fca5a90ba2e606b78607b509769305cc6134c483c7033c20e226596cca2d42b90
+DIST sleuthkit-4.6.5.tar.gz 8658866 BLAKE2B 29b75c96a14c5d42522e7116a80cc368c8097fa43af27c0e958215142d6ee61131c7b154fb876fa3ea9c727e8100de9bd703dfd8cef9ccce1f6602222c8470fa SHA512 ba21be166da1a7bdd197946722a1e0947f90bbb2c27d635cdfbcbc870aa42937fe6b42f432482f70a5e686942c8891d0367b5ce28615315d8905661e73aefe32
+DIST sqlite-jdbc-3.8.11.jar 5131732 BLAKE2B 1a04fa9e9cb97fdddc19af2de9efa7b54c0b527642e6e325e31054e4e294e3bc6af00ea291087ed9dd26668d48dae356035fc85212c0eb81656550d552103ed0 SHA512 5f4705101992e8916e29742c560aef0d01eba9dc0d2d984b75a77e56be3c9fd20b284390fe8f9bb54bf9d1f8528c3413922684c446212ca8961ac731543fb179
diff --git a/app-forensics/sleuthkit/files/sleuthkit-4.1.0-tools-shared-libs.patch b/app-forensics/sleuthkit/files/sleuthkit-4.1.0-tools-shared-libs.patch
new file mode 100644
index 000000000..efa335068
--- /dev/null
+++ b/app-forensics/sleuthkit/files/sleuthkit-4.1.0-tools-shared-libs.patch
@@ -0,0 +1,55 @@
+--- sleuthkit-4.1.0/tools/autotools/Makefile.am
++++ sleuthkit-4.1.0/tools/autotools/Makefile.am
+@@ -1,6 +1,5 @@
+ AM_CPPFLAGS = -I../.. -I$(srcdir)/../.. -Wall
+ LDADD = ../../tsk/libtsk.la
+-LDFLAGS += -static
+ EXTRA_DIST = .indent.pro
+ 
+ bin_PROGRAMS = tsk_recover tsk_loaddb tsk_comparedir tsk_gettimes
+--- sleuthkit-4.1.0/tools/fstools/Makefile.am
++++ sleuthkit-4.1.0/tools/fstools/Makefile.am
+@@ -1,6 +1,5 @@
+ AM_CPPFLAGS = -I../.. -I$(srcdir)/../.. -Wall 
+ LDADD = ../../tsk/libtsk.la
+-LDFLAGS += -static
+ EXTRA_DIST = .indent.pro fscheck.cpp
+ 
+ bin_PROGRAMS = blkcalc blkcat blkls blkstat ffind fls fcat fsstat icat ifind ils \
+--- sleuthkit-4.1.0/tools/hashtools/Makefile.am
++++ sleuthkit-4.1.0/tools/hashtools/Makefile.am
+@@ -1,6 +1,5 @@
+ AM_CPPFLAGS = -I../.. -I$(srcdir)/../.. -Wall 
+ LDADD = ../../tsk/libtsk.la
+-LDFLAGS += -static
+ EXTRA_DIST = .indent.pro md5.c sha1.c
+ 
+ bin_PROGRAMS = hfind
+--- sleuthkit-4.1.0/tools/imgtools/Makefile.am
++++ sleuthkit-4.1.0/tools/imgtools/Makefile.am
+@@ -1,6 +1,5 @@
+ AM_CPPFLAGS = -I../.. -I$(srcdir)/../.. -Wall
+ LDADD = ../../tsk/libtsk.la
+-LDFLAGS += -static
+ EXTRA_DIST = .indent.pro
+ 
+ bin_PROGRAMS = img_cat img_stat
+--- sleuthkit-4.1.0/tools/srchtools/Makefile.am
++++ sleuthkit-4.1.0/tools/srchtools/Makefile.am
+@@ -6,7 +6,6 @@
+ 
+ sigfind_SOURCES = sigfind.cpp 
+ sigfind_LDADD = ../../tsk/libtsk.la
+-sigfind_LDFLAGS = -static
+ 
+ indent:
+ 	indent *.c *.cpp
+--- sleuthkit-4.1.0/tools/vstools/Makefile.am
++++ sleuthkit-4.1.0/tools/vstools/Makefile.am
+@@ -1,6 +1,5 @@
+ AM_CPPFLAGS = -I../.. -I$(srcdir)/../.. -Wall 
+ LDADD = ../../tsk/libtsk.la
+-LDFLAGS += -static
+ EXTRA_DIST = .indent.pro
+ 
+ bin_PROGRAMS = mmls mmstat mmcat
diff --git a/app-forensics/sleuthkit/files/sleuthkit-4.6.4-default-jar-location-fix.patch b/app-forensics/sleuthkit/files/sleuthkit-4.6.4-default-jar-location-fix.patch
new file mode 100644
index 000000000..126fce904
--- /dev/null
+++ b/app-forensics/sleuthkit/files/sleuthkit-4.6.4-default-jar-location-fix.patch
@@ -0,0 +1,58 @@
+From f8c1cada7f01826b15a82b20600b8df7562fa2ed Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?G=C3=B6kt=C3=BCrk=20Y=C3=BCksek?= <gokturk@gentoo.org>
+Date: Wed, 28 Nov 2018 21:33:46 -0500
+Subject: [PATCH v1] Allow --enable-offline to accept a directory argument for
+ jar libs
+
+Allow the hardcoded default_jar_location in build.xml to
+/usr/share/java to be changed using the argument provided to
+--enable-offline. Note that this changes the behavior of the switch
+from "anything other than yes or no is incorrect" to "anything other
+than no implies offline mode".
+---
+ bindings/java/Makefile.am |  4 ++++
+ configure.ac              | 10 +++++++++-
+ 2 files changed, 13 insertions(+), 1 deletion(-)
+
+diff --git a/bindings/java/Makefile.am b/bindings/java/Makefile.am
+index ad27526e..f0bb9f68 100644
+--- a/bindings/java/Makefile.am
++++ b/bindings/java/Makefile.am
+@@ -7,6 +7,10 @@ jar_DATA = $(tsk_jar)
+ 
+ if OFFLINE
+  ant_args=-Doffline=true
++if CUSTOM_DEFAULT_JAR_LOCATION
++  ant_args+= -Ddefault-jar-location="@DEFAULT_JAR_LOCATION@"
++else
++endif
+ else
+ 
+ endif
+diff --git a/configure.ac b/configure.ac
+index dc9026ed..d3d41646 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -221,10 +221,18 @@ AC_ARG_ENABLE([offline],
+     [case "${enableval}" in
+ 	yes) offline=true ;;
+ 	no) offline=false ;;
+-	*) AC_MSG_ERROR([bad value ${enableval} for --enable-online]) ;;
++	*)
++	    offline=true
++	    default_jar_location="${enableval}"
++	    ;;
+      esac],[offline=false])
+ 
+ AM_CONDITIONAL([OFFLINE], [test "x$offline" = xtrue])
++AM_CONDITIONAL([CUSTOM_DEFAULT_JAR_LOCATION], [test "x$default_jar_location" != "x"])
++AM_COND_IF([CUSTOM_DEFAULT_JAR_LOCATION],
++    [AC_SUBST([DEFAULT_JAR_LOCATION], [$default_jar_location])]
++)
++
+ 
+ 
+ dnl Check if we should link libewf.
+-- 
+2.19.1
+
diff --git a/app-forensics/sleuthkit/metadata.xml b/app-forensics/sleuthkit/metadata.xml
new file mode 100644
index 000000000..72bb13265
--- /dev/null
+++ b/app-forensics/sleuthkit/metadata.xml
@@ -0,0 +1,19 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+  <maintainer type="person">
+    <email>gokturk@gentoo.org</email>
+    <name>Göktürk Yüksek</name>
+  </maintainer>
+  <use>
+    <flag name="aff">Enable extra aff formats</flag>
+    <flag name="ewf">Enable libewf support</flag>
+  </use>
+  <slots>
+    <subslots>Reflect ABI compatibility for libtsk.so</subslots>
+  </slots>
+  <upstream>
+    <remote-id type="sourceforge">sleuthkit</remote-id>
+    <remote-id type="github">sleuthkit/sleuthkit</remote-id>
+  </upstream>
+</pkgmetadata>
diff --git a/app-forensics/sleuthkit/sleuthkit-4.6.5-r1.ebuild b/app-forensics/sleuthkit/sleuthkit-4.6.5-r1.ebuild
new file mode 100644
index 000000000..daf357f8c
--- /dev/null
+++ b/app-forensics/sleuthkit/sleuthkit-4.6.5-r1.ebuild
@@ -0,0 +1,269 @@
+# Copyright 1999-2019 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=6
+
+JAVA_PKG_BSFIX_NAME="build.xml build-unix.xml"
+inherit autotools java-pkg-opt-2 java-ant-2
+
+DESCRIPTION="A collection of file system and media management forensic analysis tools"
+HOMEPAGE="https://www.sleuthkit.org/sleuthkit/"
+# TODO: sqlite-jdbc does not exist in the tree, we bundle it for now
+# TODO: Upstream uses a very specific version of libewf which is not in
+#       the tree anymore. So we statically compile and link to sleuthkit.
+#       Hopefully upstream will figure something out in the future.
+SRC_URI="https://github.com/${PN}/${PN}/releases/download/${P}/${P}.tar.gz
+	java? (
+		http://repo1.maven.org/maven2/org/xerial/sqlite-jdbc/3.8.11/sqlite-jdbc-3.8.11.jar
+		http://repo1.maven.org/maven2/com/zaxxer/SparseBitSet/1.1/SparseBitSet-1.1.jar
+	)
+	ewf? ( https://dev.gentoo.org/~gokturk/distfiles/app-forensics/libewf/libewf-20130128.tar.gz )"
+
+LICENSE="BSD CPL-1.0 GPL-2+ IBM java? ( Apache-2.0 )"
+SLOT="0/13" # subslot = major soname version
+KEYWORDS="~amd64 ~hppa ~ppc ~x86"
+IUSE="aff doc ewf java postgres static-libs test +threads zlib"
+
+# Note: It is not possible to move the dep on dev-java/jdbc-postgresql
+# inside a conditional postgres? block because java sources import
+# org.postgres unconditionally as of writing this (version 4.6.4). The
+# postgres USE flag will be used for the TSK postgresql support however.
+DEPEND="
+	dev-db/sqlite:3
+	dev-lang/perl:*
+	aff? ( app-forensics/afflib )
+	ewf? ( sys-libs/zlib )
+	java? (
+		>=virtual/jdk-1.8:*
+		>=dev-java/c3p0-0.9.5:0
+		>=dev-java/jdbc-postgresql-9.4:0
+	)
+	postgres? ( dev-db/postgresql:= )
+	zlib? ( sys-libs/zlib )
+"
+# TODO: add support for not-in-tree libraries libvhdi and libvmdk
+# libvhdi: https://github.com/libyal/libvhdi
+# libvmdk: https://github.com/libyal/libvmdk
+# DEPEND="${DEPEND}
+# 	vhdi? ( dev-libs/libvhdi )
+# 	vmdk? ( dev-libs/libvmdk )
+# "
+
+RDEPEND="${DEPEND}
+	java? ( >=virtual/jre-1.8:= )
+"
+DEPEND="${DEPEND}
+	doc? ( app-doc/doxygen )
+	test? ( >=dev-util/cppunit-1.2.1 )
+"
+
+PATCHES=(
+	"${FILESDIR}"/${PN}-4.1.0-tools-shared-libs.patch
+	"${FILESDIR}"/${PN}-4.6.4-default-jar-location-fix.patch
+)
+
+src_unpack() {
+	local f
+
+	unpack ${P}.tar.gz
+
+	# Ick, the upstream is stuck at libewf-20130128 which is
+	# not even in the tree anymore. So we have to bundle it.
+	if use ewf; then
+		pushd "${T}" &>/dev/null || die
+		unpack libewf-20130128.tar.gz
+		export TSK_LIBEWF_SRCDIR="${T}"/libewf-20130128
+		popd &>/dev/null || die
+	fi
+
+	# Copy the jar files that don't exist in the tree yet
+	if use java; then
+		TSK_JAR_DIR="${T}/lib"
+		mkdir "${TSK_JAR_DIR}" || die
+		for f in ${A}; do
+			if [[ ${f} =~ .jar$ ]]; then
+				cp "${DISTDIR}"/"${f}" "${TSK_JAR_DIR}" || die
+			fi
+		done
+		export TSK_JAR_DIR
+	fi
+}
+
+tsk_prepare_libewf() {
+	# Yeah, libewf-20130128 obviously doesn't just nicely compile
+	sed -e 's/LIBUNA_INLINE inline/LIBUNA_INLINE/' \
+		-i "${TSK_LIBEWF_SRCDIR}"/libuna/libuna_inline.h || die
+}
+
+src_prepare() {
+	use ewf && tsk_prepare_libewf
+
+	if use java; then
+		pushd "${S}"/bindings/java &>/dev/null || die
+
+		# Prevent "make install" from installing
+		# jar files under /usr/share/java
+		# We'll use the java eclasses for this
+		sed -e '/^jar_DATA/ d;' -i Makefile.am || die
+
+		java-pkg-opt-2_src_prepare
+
+		popd &>/dev/null || die
+	fi
+
+	# Override the doxygen output directories
+	if use doc; then
+		sed -e "/^OUTPUT_DIRECTORY/ s|=.*$|= ${T}/doc|" \
+			-i tsk/docs/Doxyfile \
+			-i bindings/java/doxygen/Doxyfile || die
+	fi
+
+	# It's safe to call this even after java-pkg-opt-2_src_prepare
+	# because future calls to eapply_user do nothing and return 0
+	default
+
+	eautoreconf
+}
+
+tsk_compile_libewf() {
+	local myeconfargs=(
+		--prefix=/
+		--libdir=/lib
+		--enable-static
+		--disable-shared
+		--disable-winapi
+		--without-libbfio
+		--with-zlib
+		--without-bzip2
+		--without-libhmac
+		--without-openssl
+		--without-libuuid
+		--without-libfuse
+
+		--with-libcstring=no
+		--with-libcerror=no
+		--with-libcdata=no
+		--with-libclocale=no
+		--with-libcnotify=no
+		--with-libcsplit=no
+		--with-libuna=no
+		--with-libcfile=no
+		--with-libcpath=no
+		--with-libbfio=no
+		--with-libfcache=no
+		--with-libfvalue=no
+
+	)
+	# We want to contain our build flags
+	local CFLAGS="${CFLAGS}"
+	local LDFLAGS="${LDFLAGS}"
+
+	pushd "${TSK_LIBEWF_SRCDIR}" &>/dev/null || die
+
+	# Produce relocatable code
+	CFLAGS+=" -fPIC"
+	LDFLAGS+=" -fPIC"
+	econf "${myeconfargs[@]}"
+
+	# Do not waste CPU cycles on building ewftools
+	sed -e '/ewftools/ d' -i Makefile || die
+	emake
+
+	# Only install the headers and the library
+	emake -C libewf DESTDIR="${T}"/image install
+	emake -C include DESTDIR="${T}"/image install
+	find "${T}"/image -name '*.la' -delete || die
+
+	popd &>/dev/null || die
+}
+
+src_configure() {
+	local myeconfargs=(
+		--enable-offline="${TSK_JAR_DIR}"
+		$(use_enable java)
+		$(use_enable static-libs static)
+		$(use_enable threads multithreading)
+		$(use_with aff afflib)
+		$(use_with zlib)
+	)
+	# Workaround the automagic detection of postgresql
+	local -x ac_cv_lib_pq_PQlibVersion="$(usex postgres)"
+	# TODO: add support for non-existing libraries libvhdi and libvmdk
+	# myeconfargs+=(
+	# 	$(use_with vhdi libvhdi)
+	# 	$(use_with vmdk libvmdk)
+	# )
+	myeconfargs+=(
+		--without-libvhdi
+		--without-libvmdk
+	)
+
+	use ewf && tsk_compile_libewf
+	myeconfargs+=( $(use_with ewf libewf "${T}"/image) )
+
+	if use java; then
+		pushd "${S}"/bindings/java &>/dev/null || die
+		java-ant-2_src_configure
+		popd &>/dev/null || die
+	fi
+
+	econf "${myeconfargs[@]}"
+}
+
+src_compile() {
+	# Give it an existing bogus ivy home #672220
+	local -x IVY_HOME="${T}"
+
+	# Create symlinks of jars for the required dependencies
+	if use java; then
+		pushd "${S}"/bindings/java &>/dev/null || die
+
+		java-pkg_jar-from --into "${TSK_JAR_DIR}" c3p0
+		java-pkg_jar-from --into "${TSK_JAR_DIR}" jdbc-postgresql
+
+		popd &>/dev/null || die
+	fi
+
+	# Create the doc output dirs if requested
+	if use doc; then
+		mkdir -p "${T}"/doc/{api-docs,jni-docs} || die
+	fi
+
+	emake all $(usex doc api-docs "")
+}
+
+src_install() {
+	local f
+
+	if use java; then
+		pushd "${S}"/bindings/java &>/dev/null || die
+
+		java-pkg_newjar "dist/${P}.jar" "${PN}.jar"
+
+		# Install the bundled jar files
+		pushd "${TSK_JAR_DIR}" &>/dev/null || die
+		for f in *; do
+			# Skip the symlinks java-pkg_jar-from created
+			[[ -f ${f} ]] || continue
+
+			# Strip the version numbers as per eclass recommendation
+			[[ ${f} =~ -([0-9]+\.)+jar$ ]] || continue
+
+			java-pkg_newjar "${f}" "${f/${BASH_REMATCH[0]}/.jar}"
+		done
+		popd &>/dev/null || die
+
+		popd &>/dev/null || die
+	fi
+
+	default
+
+	# It unconditionally builds both api and jni docs
+	# We install conditionally based on the provided use flags
+	if use doc; then
+		dodoc -r "${T}"/doc/api-docs
+		use java && dodoc -r "${T}"/doc/jni-docs
+	fi
+
+	find "${D}" -name '*.la' -delete || die
+}