From: Brian Carrier <carrier@sl...> - 2013-06-17 21:57:41
Version 4.1.0 of The Sleuth Kit is finally available. It adds many commonly requested features:
- YAFFS2 and Ext4 support (from viaForensics and Kevin Fairbanks)
- Framework runs on Linux and OS X.
- Lots of other less minor things in comparison (see http://sleuthkit.org/sleuthkit/history.php for details)
A note on YAFFS2, though I'm sure I'll be responding to many questions like this in the future. The layout of the flash memory spare area is not defined in the YAFFS2 spec. The viaForensics patch had a format that they commonly saw and we (Basis Technology) updated it with some layouts that we also came across. Ideally, TSK would allow the caller to specify the layout, but that feature does not yet exist.
See some notes here on the topic:
I've cc:ed sleuthkit-developers on this because this version made some development environment changes. Previously, include paths were '/usr/local/include/tsk3'...' Well, it's no longer TSK3. The number was removed so that it does not need to be updated with major version changes. So, update your code to remove the '3'.