[sleuthkit-users] New Autopsy and TSK Releases!
Brought to you by:
carrier
Menu
▾
▴
[sleuthkit-users] New Autopsy and TSK Releases!
|
From: Brian C. <ca...@sl...> - 2017-05-30 18:51:05
|
We missed our goal of a quarterly release, but we managed to get Autopsy 4.4.0 and TSK 4.4.1 out. *Autopsy 4.4.0:* - Has a bunch of keyword search improvements, including better regular expression searching with spaces, better hit highlighting, and ability to edit keyword lists. - New triage features, such as: -- You can make a sparse VHD file when analyzing a local drive (USB) so that you don't need to acquire first. When your analysis is over, you'll have a VHD image of the drive! -- Ingest filters allow you to run the ingest modules only a subset of files during triage -- Ingest profiles allow you to pick an ingest filter and set of ingest modules to make it eaiser to preprogram for triage - Lots of other changes and improvements to existing features. More changes can be found on the history <http://sleuthkit.org/autopsy/history.php> page. You can download it from the download <http://sleuthkit.org/autopsy/download.php> page (Note that we are now using github for releases). *The Sleuth Kit 4.4.1:* - Mostly bug fixes, including memory leaks, unicode cleanup, missing NTFS files (in rare cases), really long folder structures and database inserts. - The code to make the VHD sparse image is in TSK, but not exposed via any of the command line tools. You can download it from the download <http://www.sleuthkit.org/sleuthkit/download.php> page. Thanks to the community members who contributed to the TSK fixes this release and the Basis team for the new features and fixes. Next release is scheduled for July 1ish so that we get back on our quarterly schedule. brian |
