sleuthkit-announce Mailing List for The Sleuth Kit (Page 3)
Brought to you by:
carrier
Menu
▾
▴
sleuthkit-announce — Low-volume list for announcements of new versions and features.
You can subscribe to this list here.
| 2002 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
(1) |
Oct
(1) |
Nov
|
Dec
|
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2003 |
Jan
(1) |
Feb
|
Mar
|
Apr
(1) |
May
|
Jun
(2) |
Jul
|
Aug
(3) |
Sep
|
Oct
|
Nov
(1) |
Dec
|
| 2004 |
Jan
(1) |
Feb
|
Mar
(2) |
Apr
(1) |
May
|
Jun
(1) |
Jul
(1) |
Aug
|
Sep
(1) |
Oct
|
Nov
(1) |
Dec
|
| 2005 |
Jan
|
Feb
|
Mar
(1) |
Apr
(1) |
May
|
Jun
|
Jul
(1) |
Aug
|
Sep
|
Oct
(1) |
Nov
|
Dec
|
| 2006 |
Jan
|
Feb
|
Mar
|
Apr
|
May
(1) |
Jun
|
Jul
(1) |
Aug
|
Sep
(2) |
Oct
|
Nov
|
Dec
(1) |
| 2007 |
Jan
|
Feb
|
Mar
|
Apr
(1) |
May
|
Jun
(1) |
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
(1) |
| 2008 |
Jan
(1) |
Feb
(1) |
Mar
|
Apr
(1) |
May
|
Jun
|
Jul
|
Aug
|
Sep
(1) |
Oct
(1) |
Nov
|
Dec
|
| 2009 |
Jan
|
Feb
(1) |
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
| 2010 |
Jan
(1) |
Feb
(1) |
Mar
|
Apr
(1) |
May
(1) |
Jun
|
Jul
(1) |
Aug
|
Sep
(2) |
Oct
(1) |
Nov
|
Dec
|
| 2011 |
Jan
|
Feb
|
Mar
(2) |
Apr
|
May
|
Jun
(1) |
Jul
|
Aug
(1) |
Sep
|
Oct
(1) |
Nov
(1) |
Dec
|
| 2012 |
Jan
|
Feb
|
Mar
|
Apr
|
May
(1) |
Jun
(2) |
Jul
(1) |
Aug
|
Sep
(1) |
Oct
(2) |
Nov
(2) |
Dec
(1) |
| 2013 |
Jan
(2) |
Feb
(1) |
Mar
(1) |
Apr
|
May
|
Jun
(2) |
Jul
|
Aug
|
Sep
(4) |
Oct
(1) |
Nov
|
Dec
|
| 2014 |
Jan
(1) |
Feb
(1) |
Mar
|
Apr
|
May
|
Jun
|
Jul
(2) |
Aug
(1) |
Sep
|
Oct
|
Nov
(1) |
Dec
|
| 2015 |
Jan
|
Feb
|
Mar
(1) |
Apr
|
May
|
Jun
(1) |
Jul
|
Aug
|
Sep
(1) |
Oct
|
Nov
(1) |
Dec
|
| 2016 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
(3) |
Aug
(1) |
Sep
|
Oct
|
Nov
|
Dec
|
| 2017 |
Jan
|
Feb
|
Mar
|
Apr
|
May
(2) |
Jun
|
Jul
|
Aug
(1) |
Sep
|
Oct
(1) |
Nov
|
Dec
|
| 2018 |
Jan
|
Feb
|
Mar
(3) |
Apr
|
May
(1) |
Jun
|
Jul
|
Aug
(1) |
Sep
|
Oct
|
Nov
(1) |
Dec
|
|
From: Brian C. <ca...@sl...> - 2011-03-01 03:44:06
|
Version 3.2.1 is on the website: http://sleuthkit.org/sleuthkit/download.php It has some minor bug fixes and a few minor feature additions. thanks, brian Bug Fixes - 3108272: fls arguments for -d and -u - 3105539: compile error issues because of SQlite and pthreads - 3173095: missing FAT files because of invalid dates. - 3184419: mingew compile errors. - 3191391: surround file name in quotes in mactime -d csv output New Features: - A single dummy entry is added to the SQlite DB if no volume exists so that all programs can assume that there will be at least one volume in the table. - 3184455: allow srcdir != builddir |
|
From: Brian C. <ca...@sl...> - 2010-10-29 04:24:18
|
3.2.0 is available for download. Lots of new features and a few bug fixes.Thanks to Anthony Lawrence for help with the new features.
http://www.sleuthkit.org/sleuthkit/
New features include:
• New tsk_recover tool that extracts files from an image to a local directory.
• New tsk_loaddb tool that dumps file system metadata to SQLite database.
• New tsk_getimes tool that collects MAC time data on all file systems (equivalent to fls -m on a series of volumes)
• New tsk_comparedir tool that compares a directory to an image to detect rootkits.
• New C++ TskAuto class that makes it easier to create automated tools that analyze all files.
• Name cleanup out of libraries and into tools.
• img_cat -e and -s flags.
• Changed how default NTFS $Data attribute is named.
• HFS+ Case sensitive flag in fsstat.
Bug fixes include:
• FAT performance
• Crash fix for corrupt NTFS file
• Adding attribute runs on fragmented files with multiple attributes of the same type.
|
|
From: Brian C. <ca...@sl...> - 2010-09-25 03:07:37
|
New betas are available in:
http://www.sleuthkit.org/betas/
No new major features since the last beta. Just some minor changes:
- Fixed the default behavior of tsk_recover
- Added new arguments to new tools
brian
|
|
From: Brian C. <ca...@sl...> - 2010-09-19 01:05:49
|
A 3.2.0 beta release is available at: http://sleuthkit.org/betas/ This has some bug fixes and new features. The big group of new features is centered around a new automation class. It makes it much easier to write applications that can go through a disk image and look at all of the files. There are three new tools with the new class: - tsk_loaddb: Analyzes a disk image and loads all of the details into a SQLite database for later analysis. - tsk_comparedir: Compares a local directory structure to a disk image or raw device. This can be used for either looking for rootkits (by comparing a local directory with the corresponding raw device) or testing TSK. - tsk_recover: Recovers the deleted files in a image and extracts them to a local directory hierarchy. This has been a common request over the years. I still need to work on some man / wiki pages for all of these tools, but they all have a usage statement for you to start with. brian |
|
From: Brian C. <ca...@sl...> - 2010-07-02 20:18:45
|
The 3.1.3 release of TSK is available. It has a few bug fixes, specifically the FAT performance fix that was in the 3.1.3 beta.
http://www.sleuthkit.org/sleuthkit/
Also, the slides from the TSK and Open Source Digital Forensics Conference are online:
http://www.basistech.com/conference/2010/digital-forensics-agenda.html
thanks,
brian
|
|
From: Brian C. <ca...@sl...> - 2010-05-23 04:32:23
|
TSK 3.1.2 is available for download. This is a bug fix release. It contains bug fixes for the FAT performance problems and some reading errors. http://www.sleuthkit.org/ I'm working on some new features for a 3.2 release. They will be announced at the "Sleuth Kit and Open Source Forensics Conference" on June 9! thanks, brian |
|
From: Brian C. <ca...@sl...> - 2010-04-01 03:12:12
|
TSK 3.1.1. fixes some ISO9660, sorter, and other minor bugs. Autopsy 2.24 fixes the HFS directory link issue. Both are available from the website: http://www.sleuthkit.org/sleuthkit http://www.sleuthkit.org/autopsy brian |
|
From: Brian C. <ca...@sl...> - 2010-02-18 22:07:04
|
A new version of Autopsy is available that fixes 3 bugs (2 sorter bugs and 1 dealing with showing the previous search history). Changes: http://svn.sleuthkit.org/repos/autopsy/tags/autopsy-2.23/CHANGES.txt Download: http://www.sleuthkit.org/autopsy/download.php thanks, brian |
|
From: Brian C. <ca...@sl...> - 2010-01-13 20:40:55
|
New releases are way overdue and there is a lot of new stuff in TSK 3.1.0. New features include: • HFS+ support • Supports sectors that are not 512-bytes each (adds '-b' to each of the command line tools) • NTFS SID data is now available • mactime is distributed with windows executables • Better detection of GPT partitions and DOS safety partitions • More AFFLIB formats and better support for encrypted files • Sigfind can process non-raw files • Better support for indirect blocks (adds back features that were lost in 3.0.0) • Many bug fixes. See http://svn.sleuthkit.org/repos/sleuthkit/tags/sleuthkit-3.1.0/NEWS.txt for full details. TSK is available from http://sleuthkit.org/sleuthkit/download.php. Autopsy is available from http://sleuthkit.org/autopsy/download.php. Going forward, my goal is to have at least quarterly releases to get bug fixes out faster. brian |
|
From: Brian C. <ca...@sl...> - 2009-02-03 05:09:24
|
New versions of TSK and Autopsy are available from: http://www.sleuthkit.org/ Both releases have bug fixes from the 3.0.0 changes. brian |
|
From: Brian C. <ca...@sl...> - 2008-10-19 22:57:28
|
This major release of TSK contains many new library and tool features.
* Orphan files (deleted files that have a metadata structure,
but do not have a parent directory that can be reached from the root
directory) are now shown in the $OrphanFiles directory.
* The FAT file system MBR and File Allocation Tables are now
accessible as files in the root directory.
* More deleted files are shown in each directory when using
'fls' (and the corresponding library API). This used to require
running 'ifind -p' for each directory and it is now done automatically.
* New mmcat tool to output contents of a single volume.
* New mmls flags to list only specific volumes.
* Backup FAT MBRs are used, if the primary is corrupt.
* d* tools (dls, dcat, etc.) are now named blk* (blkls, blkcat,
etc.)
* New '-b' option in sorter to specify minimum file size.
* Added mingw support for cross compiling
* New library APIs and docs that do not require a callback design
* Minor bug fixes.
The Autopsy release contains updates to handle the new TSK features
and has some minor bug fixes.
http://www.sleuthkit.org/
brian
|
|
From: Brian C. <ca...@sl...> - 2008-09-16 07:11:30
|
There is a new beta up on sleuthkit.org. The list of changes is at the end of this e-mail. I think this will be the final beta. Major changes for users are that there is an image layer cache, libewf is enabled in win32 executables, and sorter has a '-b' flag to specify the minimum file size, and the d* tools are not blk*. Library users now have a consistent way to access attributes. There is an updated Autopsy to reflect the TSK name changes. http://www.sleuthkit.org/betas/ I have started to re-examine the TSK and Autopsy documents and rearranged the wiki and website a bit to make more clear sections for tool users, library users, and developers (and starting to make the project more open for developers). Please add to the areas of the wiki that could use more documentation. http://wiki.sleuthkit.org/index.php?title=Main_Page Finally, I created an RSS feed for sleuthkit.org to announce site and tool updates. You can subscribe to it here: http://www.sleuthkit.org/rss.xml brian 8/20/08: Bug Fix: Look for Windows objects when opening files in Cygwin, not just Win32. Reported by Par Osterberg Medina. 8/21/08: Update: Renamed library and install header files to have a '3' in them to allow parallel installations of v2 and v3. Suggested by Simson Garfinkel. 8/22/08: Update: Added -b option to sorter to specify minimum file size to process. Suggested by Jeff Kell. 8/22/08: Update: Added libewf as a requirement to build win32 so that E01 files are supported. 8/29/08: Update: Added initial mingw patches for cross compiling and Windows. Patches by Michael Cohen. 9/X/08: Update: Added ability to access attibutes 9/6/08: Update: Added image layer cache. 9/12/08: Bug Fix: Fixed crash from incorrectly cleared value in FS_DIR structure. Reported and patched by Jason Miller. 9/13/08: Update: Changed d* tool names to blk*. |
|
From: Brian C. <ca...@sl...> - 2008-04-10 18:31:54
|
This release has bug fixes dealing with FAT deleted directory sizes, deleted extX/ufs directories, and AFFLIB integration. It also supports the latest version of libewf. http://www.sleuthkit.org/sleuthkit/download.php brian |
|
From: Brian C. <ca...@sl...> - 2008-02-10 20:15:15
|
A new TSK release is out that has some build system fixes for Linux systems that need special flags for large files. It also fixes some compile problems on older Linux systems that do not have all of the needed ATA structures for disk_stat and disk_sreset. http://www.sleuthkit.org/sleuthkit/download.php brian |
|
From: Brian C. <ca...@sl...> - 2008-01-30 05:34:40
|
New versions of both TSK and Autopsy are out. There are no new major tool functions, but TSK now uses the autoconf/automake install system and it no longer comes with libewf, afflib, or file. You must install those independently. There were also some small library API changes. Thanks to Dave Collett and Michael Cohen for their help with the automake/autoconf process. http://www.sleuthkit.org/sleuthkit/download.php http://www.sleuthkit.org/autopsy/download.php brian |
|
From: Brian C. <ca...@sl...> - 2007-12-12 22:28:43
|
Version 2.10 of TSK is now available. http://www.sleuthkit.org/sleuthkit/download.php There are no major bug fixes or new features in this release. Just a lot of little stuff that had been sitting around for too long. I did a review of the ISO9660 code and made quite a few changes. The HFS + code is easier to enable if you want to play with it and there are a few bug fixes in it (by Rob Joyce). Change Log: http://sourceforge.net/project/shownotes.php? release_id=561209&group_id=55685 brian |
|
From: Brian C. <ca...@sl...> - 2007-06-14 02:33:59
|
Version 2.09 is now available. This release fixes some bugs for large files and hash databases on Windows, some stability bugs with corrupt file systems, some 'ils' flag bugs, and some updates to internal libraries. All users should apply this update. http://www.sleuthkit.org/sleuthkit/download.php Also, to decrease the number of times that I am the bottle neck for publishing things, I created the SleuthKitWiki (http:// wiki.sleuthkit.org). I've moved some basic things over from www.sleuthkit.org, but feel free to add more help documents, case studies, etc. brian |
|
From: Brian C. <ca...@sl...> - 2007-04-06 00:09:16
|
The 2.08 release of TSK is out. It contains several minor bug fixes and many internal updates. This version will cleanly compile on Cygwin and hfind is now available on Win32. http://www.sleuthkit.org/sleuthkit/download.php brian |
|
From: Brian C. <ca...@sl...> - 2006-12-15 19:55:37
|
Version 2.07 of TSK is now available in source and Win32 executable form: www.sleuthkit.org/sleuthkit/ There are a lot of updates and bug fixes. The summarized list is below. The executive summary is that there are new flags for ils to find orphan files and new flags for dls to specify allocation status. There were a lot of internal updates as well. There were a few NTFS bug fixes as well and a sorter fix for Cygwin. brian MD5 (sleuthkit-2.07.tar.gz) = 8165ef1c657e7ebca7a61542f784a04b MD5 (sleuthkit-win32-2.07.zip) = fc723f5f22ac750b89b96fbefa5f9b75 Updates: - Added '-p' flag to ils to find orphan files - added '-a' and '-A' flags to dls to specify allocation status - Detect and prevent infinite loops in corrupt directories and FAT files. - Updated AFFLIB, libewf, and file - improved FAT dentry detection (check size) - new internal fs_read_file() - Windows visual studio files included with source code - cleaned up error reporting code - added caching to FAT code. - Added a NULL check to fs_inode_free (Michael Cohen) - Improved ifind_path code so that allocated names are given priority (Dave Collett) Bug Fixes: - NTFS compression bug with corrupt data - sanity check to dcat_lib in case the requested number of blocks was too big. - fs_data lookup bug fixes by Dave Collett. - sorter does not clear path so it can run under Cygwin - Memory leak fixes in FAT and NTFS. |
|
From: Brian C. <ca...@sl...> - 2006-09-09 21:09:40
|
The Windows executables that were released last week did not run on everyones systems. A second release is out that uses different compile options. http://www.sleuthkit.org/sleuthkit/download.php brian |
|
From: Brian C. <ca...@sl...> - 2006-09-01 18:36:39
|
New versions are up. http://www.sleuthkit.org/ Major improvements for TSK are fixes for segfaults that were discussed on the mailing list, new versions of libewf and afflib that add support for the SMART format and that fix some compile bugs (respectively), and ... a first pass at a Windows version. The Windows port is not 100% complete. Support for EWF and AFF do not exist and "globbing" is not supported on the command line. But, it's a start. There is a zip file with the executables on the website. Autopsy will not work on Windows though (outside of Cygwin). The new Autopsy version includes the update that will check if it is running on Cygwin and will then set the path to '/bin;/usr/bin;/usr/local/bin' (so that the dlls can be found). brian |
|
From: Brian C. <ca...@sl...> - 2006-07-28 21:59:17
|
Version 2.05 of The Sleuth Kit is out. It contains minor bug fixes
and new features.
* Bug Fixes
o Upgraded versions of AFFLIB and libewf to fix compile bugs.
o Extra warning messages are no longer printed when
deleted FAT files cannot be recovered.
* Updates
o NTFS compressed file support (initial patch by
I.D.E.A.L. Technology).
o Added more templates to sigfind.
o Added more DOS partition sanity checks.
o Changed method for displaying supported format types
(kenshin).
o Modified library design and compile process.
http://www.sleuthkit.org/sleuthkit/download.php
MD5: 01cb88a7ebbd1ebb34159605dbaeef6b
brian
|
|
From: Brian C. <ca...@sl...> - 2006-05-11 20:09:30
|
New versions of TSK and Autopsy are now available (after the longest duration of no releases in the history of the tools). There are several new features including Expert Witness (EnCase) images, AFF images, and ISO 9660 file systems, which were primarily developed by people other than myself (see below). There are also new features that are listed below. http://www.sleuthkit.org TSK Bug Fixes o Verbose statement in img_open could cause a crash (Wyatt Banks). o NTFS sanity check improvements (Wyatt Banks) o Indirect blocks for Ext2 and UFS were not found (reported by Bernhard Reiter) o File names in UFS and Ext may not be shown if first entry is unallocated (reported by John Langezaal) Updates o Expert Witness (EnCase) image file support using libewf (Joachim Metz and Robert Jan Mora). o Advanced File Format image file support using AFFLIB (Simson Garfinkel). o ISO 9660 file system support (Wyatt Banks, Crucial Security) o mmls now displays the unpartitioned space at end of disk (suggested by Wyatt Banks). o New img_cat tool to output the raw contents of an image file. o Improved internal error handling for library usage. o New internal flag FS_FLAG_DATA_RES to show resident data during a file walk. o The file system byte offset is now passed to the file system code instead of imgtools, this allows for better library usage. Autopsy Bug Fixes: o incorrect variable name fix . Updates o Support for Expert Witness and AFF file formats o Support for ISO9660 file systems o Hex view for file analysis TSK 2.04 MD5: abb1511e2ec53c6d34d745a348c94b33 Autopsy 2.07 MD5: c7dab20ab26fd04404ccd199e1c05c7a |
|
From: Brian C. <ca...@sl...> - 2005-10-13 19:41:07
|
It's been a while, but TSK 2.03 and Autopsy 2.06 are now available. They are mostly feature upgrades (there is 1 important bug fix in TSK for AMD64 users though!). The biggest new feature is Unicode support (which was kindly funded by I.D.E.A.L. Technology) for all file systems. Autopsy also now supports Unicode and has new a new CSS HTML design. All AMD64 users should upgrade because the previous versions of MD5 and SHA1 produced incorrect values. http://www.sleuthkit.org/sleuthkit/ MD5: 79821dedfcefba9f0e9e873edcb8aaa5 http://www.sleuthkit.org/autopsy/ MD5: 4acb0b5854939748d9c5f58bd28ac2a5 Also, there is now a sleuth kit store on cafepress so that you can have the latest in forensic-ware fashion! http://www.cafepress.com/sleuthkit/ brian |
|
From: Brian C. <ca...@sl...> - 2005-07-08 22:48:51
|
Version 2.02 of The Sleuth Kit is now available: http://www.sleuthkit.org/sleuthkit/ * Bug Fixes o fls could crash if FAT short name did not exist o Linux header file problem with some distros. o Missing UFS / Ext2/3 file names (if deleted file claimed it used that data). o Missing FAT directory entries with ils (if initial entries in cluster were invalid). o Missing NTFS file if no $DATA or $IDX_* attributes existed (which meant the file had no content). * Updates o Support for OS X Tiger. o Internal design improvements and memory leak fix. o 'ils -o' was readded as 'ils -O'. o 'mactime -m' was added so that month is printed as number instead of name. MD5: d8f53a69069369ee20a4ce623eb640b5 brian |