sleuthkit-announce Mailing List for The Sleuth Kit
Brought to you by:
carrier
Menu
▾
▴
sleuthkit-announce — Low-volume list for announcements of new versions and features.
You can subscribe to this list here.
| 2002 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
(1) |
Oct
(1) |
Nov
|
Dec
|
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2003 |
Jan
(1) |
Feb
|
Mar
|
Apr
(1) |
May
|
Jun
(2) |
Jul
|
Aug
(3) |
Sep
|
Oct
|
Nov
(1) |
Dec
|
| 2004 |
Jan
(1) |
Feb
|
Mar
(2) |
Apr
(1) |
May
|
Jun
(1) |
Jul
(1) |
Aug
|
Sep
(1) |
Oct
|
Nov
(1) |
Dec
|
| 2005 |
Jan
|
Feb
|
Mar
(1) |
Apr
(1) |
May
|
Jun
|
Jul
(1) |
Aug
|
Sep
|
Oct
(1) |
Nov
|
Dec
|
| 2006 |
Jan
|
Feb
|
Mar
|
Apr
|
May
(1) |
Jun
|
Jul
(1) |
Aug
|
Sep
(2) |
Oct
|
Nov
|
Dec
(1) |
| 2007 |
Jan
|
Feb
|
Mar
|
Apr
(1) |
May
|
Jun
(1) |
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
(1) |
| 2008 |
Jan
(1) |
Feb
(1) |
Mar
|
Apr
(1) |
May
|
Jun
|
Jul
|
Aug
|
Sep
(1) |
Oct
(1) |
Nov
|
Dec
|
| 2009 |
Jan
|
Feb
(1) |
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
| 2010 |
Jan
(1) |
Feb
(1) |
Mar
|
Apr
(1) |
May
(1) |
Jun
|
Jul
(1) |
Aug
|
Sep
(2) |
Oct
(1) |
Nov
|
Dec
|
| 2011 |
Jan
|
Feb
|
Mar
(2) |
Apr
|
May
|
Jun
(1) |
Jul
|
Aug
(1) |
Sep
|
Oct
(1) |
Nov
(1) |
Dec
|
| 2012 |
Jan
|
Feb
|
Mar
|
Apr
|
May
(1) |
Jun
(2) |
Jul
(1) |
Aug
|
Sep
(1) |
Oct
(2) |
Nov
(2) |
Dec
(1) |
| 2013 |
Jan
(2) |
Feb
(1) |
Mar
(1) |
Apr
|
May
|
Jun
(2) |
Jul
|
Aug
|
Sep
(4) |
Oct
(1) |
Nov
|
Dec
|
| 2014 |
Jan
(1) |
Feb
(1) |
Mar
|
Apr
|
May
|
Jun
|
Jul
(2) |
Aug
(1) |
Sep
|
Oct
|
Nov
(1) |
Dec
|
| 2015 |
Jan
|
Feb
|
Mar
(1) |
Apr
|
May
|
Jun
(1) |
Jul
|
Aug
|
Sep
(1) |
Oct
|
Nov
(1) |
Dec
|
| 2016 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
(3) |
Aug
(1) |
Sep
|
Oct
|
Nov
|
Dec
|
| 2017 |
Jan
|
Feb
|
Mar
|
Apr
|
May
(2) |
Jun
|
Jul
|
Aug
(1) |
Sep
|
Oct
(1) |
Nov
|
Dec
|
| 2018 |
Jan
|
Feb
|
Mar
(3) |
Apr
|
May
(1) |
Jun
|
Jul
|
Aug
(1) |
Sep
|
Oct
|
Nov
(1) |
Dec
|
|
From: Brian C. <ca...@sl...> - 2018-11-16 19:13:02
|
I just realized that I did not do a very good job at announcing the past two releases via email. The Autopsy 4.9.1 release was focused on a fairly serious Image Gallery bug fix (that could cause the entire application to hang). Autopsy 4.9.0 had the bulk of the new features. Autopsy Download: http://www.sleuthkit.org/autopsy/download.php The Sleuth Kit Download: http://www.sleuthkit.org/sleuthkit/download.php Autopsy Highlights: - Added ability to find common items (files, emails, etc.) between current case and past cases using the Central Repository. - Added ability to ignore common items that exist in a large number of cases by using Central Repository data. - Allow users to specify that an ad-hoc keyword search should not be saved to database - New “Annotations” content viewer that shows all tags and comments associated with an item - Added 2 icons to the table to show the item’s score (if it is notable or suspicious) and if it has a comment. - Added column to the table to show previous number of occurrences. - Tags are now associated with the user (in a multi-user environment) and you can hide other people’s tags - Hash sets can be copied into the user’s config folder (AppData), which makes it easier to run Autopsy from a Live Triage USB and not care about what drive letter it gets. - Image Gallery works better in multi-user setups and reloads the database when other nodes add data sources. The Sleuth Kit Highlights: - Mostly all changes to support Autopsy features. |
|
From: Brian C. <ca...@sl...> - 2018-08-13 21:15:56
|
There are new releases up on github. Autopsy 4.8.0 major themes: - Tree can be grouped by data source and searches can be restricted to a data source. - New feature to find common files within a case - Tagging and keyword search enhancements - Full list of changes is here: http://sleuthkit.org/autopsy/history.php Download from: http://www.sleuthkit.org/autopsy/download.php The Sleuth Kit 4.6.2: - Minor fixes Download from: http://www.sleuthkit.org/sleuthkit/download.php |
|
From: Brian C. <ca...@sl...> - 2018-05-16 03:29:18
|
Autopsy 4.7.0 and The Sleuth Kit 4.6.1 are available for download. *Autopsy 4.7.0 *Lots of new features, including: - A graph visualization was added to the Communications tool to make it easier to find messages and relationships. - New SQLite and binary PList viewers - L01 files can be imported as data sources. - Ingest filters can now use date range conditions for triage. - Passwords to open password protected archive files can be entered (by right clicking on the file). - New data source processor in Experimental module that runs Volatility, adds the outputs as files, and parses the reports to provide INTERESTING_FILE artifacts. - Improved support for Linux and OS X. - .... [full list of new things is here <http://sleuthkit.org/autopsy/history.php>] More details on the key features can be found from the blog <https://www.autopsy.com/autopsy-4-7-includes-link-analysis-database-viewers-triage-and-more/>. You can download Autopsy from here <http://sleuthkit.org/autopsy/download.php>. *The Sleuth Kit 4.6.1* Bug fixes, Linux enhancements for Autopsy, and other Autopsy-based changes: - Lots of bounds checking fixes from Google's fuzzing tests. Thanks Goole. - Cleanup and fixes from uckelman-sf and others - PostgreSQL, libvhdi, & libvmdk are supported for Linux / OS X - Fixed display of NTFS GUID in istat - report from Eric Zimmerman. - NTFS istat shows details about all FILE_NAME attributes, not just the first. report from Eric Zimmerman. You can download from here <http://sleuthkit.org/sleuthkit/download.php>. |
|
From: Brian C. <ca...@sl...> - 2018-03-15 21:05:01
|
Yea, the sleuthkit-java ".deb" file that we produced included the .so file because the version that publicly exists as a Debian package did not have everything we needed. My concern with blindly overwriting it is that we could impact other applications that use it. The TSK tools are usually static and do not rely on the library. But, other tools are not. I need to refresh my memory on the ".so" versioning to know if it is OK for us to overwrite a ".13" file. On Thu, Mar 15, 2018 at 3:47 PM, Danilo Marques <da...@gm...> wrote: > Hi Angus, > > I don't think so. The sleuthkit-java_4.6.0-1_amd64.deb package provides > the lib /usr/lib/x86_64-linux-gnu/libtsk.so.13 and that one conflicts > with the package libtsk13 4.2.0-3. With regards to the TSK in Caine9, it > remains working because of it was built from source, and it is installed in > /usr/local tree. > > 2018-03-15 15:38 GMT-03:00 Angus Marshall <an...@n-...>: > >> Sounds like it could be similar to a minor problem I had when creating >> CAINE-YE using Caine 9 and Autopsy 4.5 The solution was to make sure the >> TSK_HOME variable pointed to the correct version of TSK for Autopsy 4.5 or >> 2, depending on which one the user wanted to run. >> >> > On 15 Mar 2018, at 13:45, Danilo Marques <da...@gm...> wrote: >> > >> > Hi to everyone, >> > >> > Dr. Nanni, I have tested it out in Caine 9 also, and I had the same >> issue. The cause was a conflict with a libtsk13 package, so removing it >> fixed and it was possible to install and to run Autopsy properly. >> > >> > In this way, I think that the problem isn't the >> sleuthkit-java_4.6.0-1_amd64.deb package, but the "stock" installation >> in Caine9, which has a package that conflicts with a lib provided by the >> sleuthkit-java_4.6.0-1_amd64.deb. >> > >> > Regards, >> > >> > Danilo >> > >> > >> > >> > >> > Em Qui, 15 de mar de 2018 05:13, Nanni Bassetti <dig...@gm...> >> escreveu: >> > It works in CAINE (Ubuntu 16.04) and it works on local disks! >> > >> > I installed following your procedure, but when I tried to install >> sleuthkit-java_4.6.0-1_amd64.deb I got an error. If I try to launch >> Autopsy sh ./autopsy I got an error, it cannot find the sluethkit-4.6.0.jar >> fiel: ERROR: /usr/share/java/sleuthkit-4.6.0.jar not found, please >> install the sleuthkit-java.deb file >> > So I used Engrampa Archive Manager and I extract the file inside the >> sleuthkit-java.deb into the matching directories of my system (e.g. >> /usr/share/java, etc.) then when I ran ./autopsy it worked! >> > For working on local disk, you can simply run sudo ./autopsy >> > That's all. >> > Finally the problem is only with the sleuthkit-java_4.6.0-1_amd64.deb >> > PS: Autopsy for Linux seems faster than for Windows ;-) >> > >> > -- >> > Dott. Nanni Bassetti >> > http://www.nannibassetti.com >> > CAINE project manager - http://www.caine-live.net >> > >> > ------------------------------------------------------------ >> ------------------ >> > Check out the vibrant tech community on one of the world's most >> > engaging tech sites, Slashdot.org! http://sdm.link/slashdot______ >> _________________________________________ >> > sleuthkit-users mailing list >> > https://lists.sourceforge.net/lists/listinfo/sleuthkit-users >> > http://www.sleuthkit.org >> > ------------------------------------------------------------ >> ------------------ >> > Check out the vibrant tech community on one of the world's most >> > engaging tech sites, Slashdot.org! http://sdm.link/slashdot______ >> _________________________________________ >> > sleuthkit-users mailing list >> > https://lists.sourceforge.net/lists/listinfo/sleuthkit-users >> > http://www.sleuthkit.org >> >> > > > -- > --- > Danilo Caio Marcucci Marques > Computer Forensic Investigator - ICCE-DGPTC/PCERJ/Brazil > Linux user #419162 > [image: MyFreeCopyright.com Registered & Protected] > <http://www.myfreecopyright.com/registered_mcn/CEM82_BNX21_KQM8A> > |
|
From: Brian C. <ca...@sl...> - 2018-03-14 20:25:14
|
We've made our first Autopsy release for Linux!
There are still some things to work out, but we want to do this on an
iterative process to find out what is not working on other people's
systems.
The release and docs are here:
https://github.com/sleuthkit/autopsy/releases/tag/autopsy-4.6.0-linux1
We've been working with the latest Debian. Not sure how it will work on
other platforms.
Thanks to all of the folks who have been pursing this and Rishwanth at
Basis Tech.
Please file github issues with any problems so that we can track them.
brian
|
|
From: Brian C. <ca...@sl...> - 2018-03-07 13:59:38
|
There are new (as of 2 weeks ago...) releases to Autopsy and TSK! *Autopsy 4.6.0* has a bunch of things, including: - New viewer for email messages and showing communications - Central repository can store Hash data bases - Run Autopsy from a USB drive for triage - Memory improvements from upgrading Tika - Encryption / True Crypt detection module - lots more <http://sleuthkit.org/autopsy/history.php> You can read about some of the new features in the blog <https://www.autopsy.com/autopsy-4-6-includes-new-communications-viewers-encryption-detection-and-more/> and you can download from here: http://sleuthkit.org/autopsy/download.php We will be shortly also releasing a Debian Linux build for Autopsy. Probably by end of week. *The Sleuth Kit 4.6.0* was also released with: - New Communications related Java classes and database tables. - Java build updates for Autopsy Linux build - Increased cache sizes. - Lots of bounds checking fixes from Google's fuzzing tests. Thanks Google! - HFS fix from uckelman-sf. You can download it from here: http://sleuthkit.org/sleuthkit/download.php |
|
From: Brian C. <ca...@sl...> - 2017-10-24 20:36:55
|
In the craziness before OSDFCon, I often forget to send out emails about releases. But, many of you already found them via the github release notifications. *Autopsy 4.5.0:* - New Central Repository / Correlation Engine features (I'll do a blog post on this) that allows you to see when a file or phone number was previously seen. - Improved memory usage on large cases (still working on some other areas though) - Attachments are now the children of the message and not of the source file. - Reduced credit card false positives. - Lots more http://www.sleuthkit.org/autopsy/download.php *The Sleuth Kit 4.5.0* - Support for LZVN compressed HFS files (from Joel Uckelman) - Use sector size from E01 (helps with 4k sector sizes) - Faster resolving of HFS hard links - Many fixes from Google Fuzzing efforts http://www.sleuthkit.org/sleuthkit/download.php |
|
From: Brian C. <ca...@sl...> - 2017-08-17 00:54:43
|
I forgot to announce last week that new releases are up. Autopsy 4.4.1 includes: - Beta version of new central repository feature for correlating artifacts across cases; results are displayed using an Interesting Artifacts branch of the Interesting Items tree and an Other Data Sources content viewer. I'll post a blog post about using this later next week. - Results viewer (top right area of desktop application) sorts are persistent and can be applied to either the table viewer or the thumbnail viewer. - Assorted performance improvements, enhancements, and bug fixes. Download here: http://sleuthkit.org/autopsy/download.php The Sleuth Kit 4.4.2 includes: - usnjls tool for NTFS USN log (from noxdafox) - Added index to mime type column in DB - Use local SQLite3 if it exists (from uckelman-sf) - Blackboard Artifacts have a shortDescription metho - Fix for highest HFS+ inum lookup (from uckelman-sf) - Fix ISO9660 crash - various performance fixes and added thread safety checks Download here: http://sleuthkit.org/sleuthkit/download.php thanks, brian |
|
From: Brian C. <ca...@sl...> - 2017-05-30 18:56:30
|
We missed our goal of a quarterly release, but we managed to get Autopsy 4.4.0 and TSK 4.4.1 out. *Autopsy 4.4.0:* - Has a bunch of keyword search improvements, including better regular expression searching with spaces, better hit highlighting, and ability to edit keyword lists. - New triage features, such as: -- You can make a sparse VHD file when analyzing a local drive (USB) so that you don't need to acquire first. When your analysis is over, you'll have a VHD image of the drive! -- Ingest filters allow you to run the ingest modules only a subset of files during triage -- Ingest profiles allow you to pick an ingest filter and set of ingest modules to make it eaiser to preprogram for triage - Lots of other changes and improvements to existing features. More changes can be found on the history <http://sleuthkit.org/autopsy/history.php> page. You can download it from the download <http://sleuthkit.org/autopsy/download.php> page (Note that we are now using github for releases). *The Sleuth Kit 4.4.1:* - Mostly bug fixes, including memory leaks, unicode cleanup, missing NTFS files (in rare cases), really long folder structures and database inserts. - The code to make the VHD sparse image is in TSK, but not exposed via any of the command line tools. You can download it from the download <http://www.sleuthkit.org/sleuthkit/download.php> page. Thanks to the community members who contributed to the TSK fixes this release and the Basis team for the new features and fixes. Next release is scheduled for July 1ish so that we get back on our quarterly schedule. brian |
|
From: Brian C. <ca...@sl...> - 2017-05-05 14:14:06
|
*Autopsy training is 1-month away (June 13) in Herndon, VA. We'll also be doing a 2-day event after OSDFCon (Oct 18-19). Registration links are available at: http://www.autopsy.com/training/ <http://www.autopsy.com/training/>The 1-day Autopsy course is $499 and provides an overview of using and configuring Autopsy. It combines lecture sessions with hands on exercises. All sessions are worth 6 CPE credits and students receive certificates of completion for attendance. At the end of the class, you’ll know about how all of the modules work and how to efficiently use the tool.More details can be found here: http://www.autopsy.com/training/ <http://www.autopsy.com/training/>We’re looking to add more events to the schedule. If you’d like training closer to you, then let us know where. * |
|
From: Brian C. <ca...@sl...> - 2016-08-22 18:27:03
|
Autopsy 4.1.1 was released with a single bug fix for Python modules. The 4.1.0 release included some extra files that caused some Python modules to not work. 4.1.1 fixes that. http://sleuthkit.org/autopsy/download.php thanks, brian |
|
From: Brian C. <ca...@sl...> - 2016-07-21 01:05:53
|
Another long awaited release has also come today, Autopsy 4.1.0. It’s new features include:
• New list view in Timeline tool
• VMWare virtual machine files (vmdk) and Microsoft Virtual Hard Drives (vhd) can be added as data sources.
• New ingest module detects vmdk and vhd files embedded in other data sources and adds them as data sources.
• Text associated with blackboard artifacts is indexed and searched for keywords.
• Custom (user-defined) blackboard artifact and attribute types are displayed in the UI and included in reports.
• File size and MIME type conditions can be specified for interesting files set membership rules.
• Assorted bug fixes and minor enhancements.
You can download it here:
http://sleuthkit.org/autopsy/download.php
Thanks for the public contributions and work by the Basis team.
brian
|
|
From: Brian C. <ca...@sl...> - 2016-07-21 00:52:23
|
All that should be required is some autoconf/automake magic to get libvmdk and libvhdi working with TSK on Linux / OS X. We just haven’t had the cycles. I’ll be honest that it is my intent to get PostgreSQL, virtual machine formats, etc. in to the auto* build process when start on these efforts, but other things come up and we’ve been slow enough with getting releases out that I don’t want to hold them up even more. So, if someone can update configure.ac, etc. to look for the libraries and test them, we’d love a pull request! > On Jul 20, 2016, at 10:20 AM, RB <ao...@gm...> wrote: > > On Wed, Jul 20, 2016 at 7:42 AM, Brian Carrier <ca...@sl...> wrote: >> >> Thanks to the public contributions and the Basis developers for this work. >> > > Thanks to all indeed for the continued work! > > While I know much of the work is predicated on what both analysts and > developers are familiar with, I must confess my trepidation at seeing > yet more Windows-only features creeping in. We've already seen this > happen with Autopsy, to the point that the tools' origin platform is > now a third-class citizen. With that same process now happening to > the core tool, I start to worry that the process will complete and we > who practice the art in, say, non-mainstream environments, will be > left in the cold. > > How, exactly, is the libvmdk and libvhdi (both primarily developed on > Linux) support Windows-only? Their APIs aren't platform-sensitive, so > is there at least a configure-time option to enable their use on other > platforms? > > ------------------------------------------------------------------------------ > What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic > patterns at an interface-level. Reveals which users, apps, and protocols are > consuming the most bandwidth. Provides multi-vendor support for NetFlow, > J-Flow, sFlow and other flows. Make informed decisions using capacity planning > reports.http://sdm.link/zohodev2dev > _______________________________________________ > sleuthkit-users mailing list > https://lists.sourceforge.net/lists/listinfo/sleuthkit-users > http://www.sleuthkit.org |
|
From: Brian C. <ca...@sl...> - 2016-07-20 13:42:56
|
We’ve finally gotten a new Sleuth Kit release out. The new release, version 4.3.0, has features from the Autopsy release last year (like PostgreSQL support) that never got out and this release marks the start of a new effort to have a TSK release for every Autopsy release (which should be out later today) and we are shooting for releases every 2 months because this current span has been way too long.
4.3.0 adds:
• PostgreSQL support (Windows only)
• Support for virtual machine formats via libvmdk and libvhdi (Windows only)
• Schema updates (data sources table, mime type, attributes store type)
• tsk_img_open can take externally created TSK_IMG_INFO
• New Release_ NoLibs Visual Studio target
• Various bug fixes
I’m doing a test too and the downloads are now coming off of github instead of source forge. Let me know if you have any problems.
http://sleuthkit.org/sleuthkit/download.php
Thanks to the public contributions and the Basis developers for this work.
thanks,
brian
|
|
From: Brian C. <ca...@sl...> - 2015-11-02 22:35:39
|
Autopsy 4.0.0 adds support for multi-user cases. This allows you to have multiple examiners with the same case open at the same time and you can see their updates and results in real-time. It also has minor bug fixes and enhancements.
You can download it from here:
http://www.sleuthkit.org/autopsy/download.php
If you are curious about setting up a multi-user environment, check out the installation instructions here:
http://www.sleuthkit.org/autopsy/docs/user-docs/4.0/install_multiuser_page.html
thanks,
brian
|
|
From: Brian C. <ca...@sl...> - 2015-09-17 04:10:11
|
The 4.2.0 release is finally out. It’s been well over 1.5 years since there was an independent TSK release. There is a lot more in there than what we have listed in the NEWS.txt file because we didn’t keep it up to date with all of the little fixes and changes. But here are the big items:
- ExFAT support added
- New database schema
- New Sqlite hash database
- Added secondary hash database index
- Various bug fixes
- NTFS pays more attention to sequence and loads metadata only
if it matches.
Source code tar ball and windows binaries are here:
http://www.sleuthkit.org/sleuthkit/
brian
|
|
From: Brian C. <ca...@sl...> - 2015-06-29 13:54:57
|
Autopsy 3.1.3 has been released. You can download it from:
http://www.sleuthkit.org/autopsy/download.php
It includes:
• New Embedded File Extractor module that incorporates ZIP file module and extracts images from Office documents
• Updates to python scripting for Python 2.7, scripts are reloaded each time ingest is run, and errors are better shown.
• Views area counts updates when ZIP files and such are found
• Updated right click actions to be consistent across all file types
• Changed logic of Interesting Files module to look for substrings of parent path.
• Lots of minor fixes and enhancements
There is also a new NSRL index that you can download for their 2.48 update:
http://sourceforge.net/projects/autopsy/files/NSRL/
|
|
From: Brian C. <ca...@sl...> - 2015-03-05 04:35:04
|
Autopsy 3.1.2 is on the website. Details of what is in it are below. The most requested feature that is part of this release is carving using PhotoRec.
http://sleuthkit.org/autopsy/
Also a reminder that we'll be using this version in the next training course, which is on March 18 and available both in person in Herndon, VA and online:
http://www.basistech.com/digital-forensics/autopsy/training/
What's New in 3.1.2:
• New PhotoRec carving ingest module
• Metadata tab in lower right now also shows istat (TSK) output for more metadata details
• Regripper output is available as a report instead of TOOL_OUTPUT artifact
• Updated version of RegRipper
• New STIX/Cybox report module (manually run after image has been analyzed)
• File type module supports user defined file types and can alert when they are found
• More artifacts are extracted from registry
• User docs were moved online (http://sleuthkit.org/autopsy/docs/user-docs/3.1/)
|
|
From: Brian C. <ca...@sl...> - 2014-11-03 22:32:06
|
Right in time for OSDFCon on Wed, the 1/2 day workshop tomorrow, and the 2-day training on Thu & Fri! http://www.sleuthkit.org/autopsy/ Main highlights: - Python bindings - Timeline viewer - Interesting files module (flags files by name and extension) - And more Hopefully we'll see a bunch of you at OSDFCon. There is still time to sign up (free for govn't) if you haven't yet. http://www.osdfcon.org brian |
|
From: Brian C. <ca...@sl...> - 2014-08-21 13:21:12
|
We're done with beta releases and the full 3.1.0 release is available!
http://www.sleuthkit.org/autopsy/
It has minor changes from beta 2.
As a reminder, here are the big changes since 3.0.10:
• Multi-threaded pipelines
• File type ingest module
• File extension mismatch ingest module
• Android ingest module
• KML report module
• Tags can be deleted
• Hash databases can be created and maintained
As has been reported on the list, 3rd party modules that were developed for 3.0 will not work in 3.1. Basis will be sending out info on our new modules.
brian
|
|
From: Brian C. <ca...@sl...> - 2014-07-30 21:31:24
|
As previously mentioned, the UI was less responsive with the 3.1.0 beta versus previous 3.0 releases. Richard found the problem and a new beta is available. Full disclosure: It was my fault. When I was fixing something in one area, I introduced the slowness in another area. Sorry. New beta is available here: http://sourceforge.net/projects/autopsy/files/autopsy/3.1.0%20Beta%202/ Nothing else major is in the release. brian |
|
From: Brian C. <ca...@sl...> - 2014-07-14 14:48:46
|
The long-awaited 3.1.0 beta is available. It has been a long time coming and has several new things, including:
- Multi-threaded pipelines
- File type ingest module
- File extension mismatch ingest module
- Android ingest module
- KML report module
- Tags can be deleted
- Hash databases can be created and maintained
- ExFAT support
- .....
The official website is not fully updated yet, but you can get the windows installers from source forge:
http://sourceforge.net/projects/autopsy/files/autopsy/3.1.0%20Beta%201/
brian
|
|
From: Brian C. <ca...@sl...> - 2014-02-04 15:31:05
|
Has lots of minor cleanup things and a few new features. List is below.
http://sleuthkit.org/autopsy/download.php
Other things to note:
- Next Autopsy training class is Mar 19-20 in Herndon, VA. Early bird price ends Feb 19 (http://www.basistech.com/digital-forensics/training/).
- We're shooting for a 3.1 release in March.
- The Student Autopsy Module Development challenge is open (http://www.basistech.com/digital-forensics/autopsy-student-development-contest/).
Changes in 3.0.9:
• New "EnCase-style" report that lists files and metadata in tab delimited file
• Removed xdock definitions -> some claim this helps with memory problems
• Regular expression keyword search works on file names.
• Fixed thunderbird parser for subject and dates
• Fixed errors in hex viewer
• HTML text is better formatted
• More lazy loading to help performance with big folders and sets of files
• Times can be displayed in local time or GMT
• Changed report wizard to make one report at a time
• Enhanced reporting on keyword search module errors
|
|
From: Brian C. <ca...@sl...> - 2014-01-27 04:32:44
|
4.1.3 is on the website. Bug fixes and minor feature enhancements. Autopsy release should be out tomorrow or Tuesday.
http://sleuthkit.org/sleuthkit/download.php
We're shooting for a 4.2 release in Feb/Mar with ExFAT, new hash database support, and new database schema. It's on the 'develop' branch on github if you want to play with it.
thanks,
brian
Updates in 4.1.3:
- fixed bug that could crash UFS/ExtX in inode_lookup.
- More bounds checking in ISO9660 code
- Image layer bounds checking
- Update version of SQLITE-JDBC
- changed how java loads navite libraries
- Config file for YAFFS2 spare area
- New method in image layer to return names
- Yaffs2 cleanup.
- Escape all strings in SQLite database
- SQlite code uses NTTFS sequence number to match parent IDs
|
|
From: Brian C. <ca...@sl...> - 2013-10-16 20:11:09
|
Autopsy 3.0.8 is available and fixes the installer issue that some of you saw whereby Keyword Search was not working. It has only this fix. If you aren't having problems, then you don't need to upgrade. http://sleuthkit.org/autopsy/download.php brian |
