[sleuthkit-announce] TSK 4.0.2 release
Brought to you by:
carrier
Menu
▾
▴
[sleuthkit-announce] TSK 4.0.2 release
|
From: Brian C. <ca...@sl...> - 2013-02-04 18:27:53
|
Sleuth Kit 4.0.2 is now available.
http://www.sleuthkit.org/sleuthkit/
We're working on 4.1.0, which will have the submitted patches for YAFFS2 and Ext4, our support for Linux/OS X support of the framework, hash database support in SQLite databases and more.
brian
New Features in Core:
• fiwalk is now included.
Bug Fixes in Core:
• Fixed fcat to work on NTFS files (still doesn't support ADS though).
• Fixed HFS+ support in tsk_loaddb / SQLite -- root directory was not added.
• NTFS code now looks at all MFT entries when listing directory contents. It used to only look at unallocated entries for orphan files. This fixes an image that had allocated files missing from the directory b-tree.
• NTFS code uses sequence number when searching MFT entries for all files.
• Libewf detection code change to support v2 API more reliably (ID: 3596212).
• NTFS $SII code could crash in rare cases if $SDS was multiple of block size.
Framework:
• Added new API to TskImgDB that returns the base name of an image.
• Numerous performance improvements to framework.
• Removed requirement in framework to specify module extension in pipeline configuration file.
• Added blackboard artifacts to represent both operating system and network service user accounts.
Java Bindings
• More methods to query files
• Methods to get current directory when being added to DB.
• Modified class structure a bit
• More lazy loading for children / parents.
• Better exception throwing from C++
|
