sleuthkit-users — List to discuss Autopsy and The Sleuth Kit.

[sleuthkit-users] Recent Releases

[Brian C. <ca...@sl...>]

I just realized that I did not do a very good job at announcing the past
two releases via email.  The Autopsy 4.9.1 release was focused on a fairly
serious Image Gallery bug fix (that could cause the entire application to
hang).  Autopsy 4.9.0 had the bulk of the new features.

Autopsy Download: http://www.sleuthkit.org/autopsy/download.php
The Sleuth Kit Download: http://www.sleuthkit.org/sleuthkit/download.php

Autopsy Highlights:

   - Added ability to find common items (files, emails, etc.) between
   current case and past cases using the Central Repository.
   - Added ability to ignore common items that exist in a large number of
   cases by using Central Repository data.
   - Allow users to specify that an ad-hoc keyword search should not be
   saved to database
   - New “Annotations” content viewer that shows all tags and comments
   associated with an item
   - Added 2 icons to the table to show the item’s score (if it is notable
   or suspicious) and if it has a comment.
   - Added column to the table to show previous number of occurrences.
   - Tags are now associated with the user (in a multi-user environment)
   and you can hide other people’s tags
   - Hash sets can be copied into the user’s config folder (AppData), which
   makes it easier to run Autopsy from a Live Triage USB and not care about
   what drive letter it gets.
   - Image Gallery works better in multi-user setups and reloads the
   database when other nodes add data sources.

The Sleuth Kit Highlights:

   - Mostly all changes to support Autopsy features.

[sleuthkit-users] CAINE 10 "Infinity" released with Autopsy 4.9 onboard!

[Nanni B. <dig...@gm...>]

CAINE 10.0 "Infinity" is out!
https://www.caine-live.net/index.html

-- 
Dott. Nanni Bassetti
http://www.nannibassetti.com
CAINE project manager - http://www.caine-live.net



<https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail>
Mail
priva di virus. www.avast.com
<https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail>
<#DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2>

Re: [sleuthkit-users] Installation of autopsy 4.6.0 on Debian 9. Post-Install Problems

[Jeremy A. <je...@ar...>]

Further to my report. I now see in the plugin installer section that
when activating Autopsy-Core there is an error:

Activation failed: StandardModule:org.sleuthkit.autopsy.core jarFile: /home/jeremy/FAST/autopsy-4.6.0-linux1/autopsy/modules/org-sleuthkit-autopsy-core.jar: java.lang.UnsatisfiedLinkError: /tmp/libtsk_jni.so: /tmp/libtsk_jni.so: undefined symbol: _ZN7TskAuto19errorRecordToStringB5cxx11ERNS_12error_recordE

I assume there is some disparity between my environment and the
environment used to compile the package.

I tried to compile from sources but there is a netbeans issue (server
related?)

INFO: The file at http://updates.netbeans.org/netbeans/updates/8.2/uc/final/distribution/catalog.xml.gz, corresponding to the catalog at http://updates.netbeans.org/netbeans/updates/8.2/uc/final/distribution/catalog.xml.gz, does not look like the gzip file, trying to parse it as the pure xml



On 08/11/18 11:21, Jeremy Ardley wrote:
> Hi,
>
> I've installed autopsy-4.6.0-linux1 and sleuthkit-java_4.6.0-1_amd64.deb
> on a Debian 9 host running Java 8
>
> My config includes
>
>   Product Version         = Autopsy 4.6.0
>
>   Operating System        = Linux version 3.16.0-5-amd64 running on amd64
>
>   Java; VM; Vendor        = 1.8.0_191; Java HotSpot(TM) 64-Bit Server VM 25.191-b12; Oracle Corporation
>
>   Runtime                 = Java(TM) SE Runtime Environment 1.8.0_191-b12
>
>   Java Home               = /usr/lib/jvm/java-8-oracle/jre
>
>   System Locale; Encoding = en_AU (autopsy); UTF-8
>
>   Home Directory          = /home/jeremy
>
>   Current Directory       = /home/jeremy/FAST/autopsy-4.6.0-linux1/bin
>
>   User Directory          = /home/jeremy/.autopsy/dev
>
>   Cache Directory         = /home/jeremy/.autopsy/dev/var/cache
>
>   Installation            = /home/jeremy/FAST/autopsy-4.6.0-linux1/autopsy
>
>                             /home/jeremy/FAST/autopsy-4.6.0-linux1/harness
>
>                             /home/jeremy/FAST/autopsy-4.6.0-linux1/java
>
>                             /home/jeremy/FAST/autopsy-4.6.0-linux1/platform
>
>
> My problem is the application starts up but there is no way to create a
> new case. The usual pop-up window is missing and the relevant buttons
> are disabled.  I use autopsy and sleuthkit on Windows but for
> operational reasons I need to run this application on a specific Linux host.
>
> One odd thing I noticed was this message
>
> WARNING [org.netbeans.modules.autoupdate.ui.actions.AutoupdateSettings]: The property "netbeans.default_userdir_root" was not set!
>
> Where should I look to resolve the problems?
>
> As a secondary issue, I'd like to move all the working directories onto
> an NVME drive (mapped as FAST). Is there some configuration file that
> sets these?
>
>
> Thanks
>
>
>
>

[sleuthkit-users] Installation of autopsy 4.6.0 on Debian 9. Post-Install Problems

[Jeremy A. <je...@ar...>]

Hi,

I've installed autopsy-4.6.0-linux1 and sleuthkit-java_4.6.0-1_amd64.deb
on a Debian 9 host running Java 8

My config includes

  Product Version         = Autopsy 4.6.0

  Operating System        = Linux version 3.16.0-5-amd64 running on amd64

  Java; VM; Vendor        = 1.8.0_191; Java HotSpot(TM) 64-Bit Server VM 25.191-b12; Oracle Corporation

  Runtime                 = Java(TM) SE Runtime Environment 1.8.0_191-b12

  Java Home               = /usr/lib/jvm/java-8-oracle/jre

  System Locale; Encoding = en_AU (autopsy); UTF-8

  Home Directory          = /home/jeremy

  Current Directory       = /home/jeremy/FAST/autopsy-4.6.0-linux1/bin

  User Directory          = /home/jeremy/.autopsy/dev

  Cache Directory         = /home/jeremy/.autopsy/dev/var/cache

  Installation            = /home/jeremy/FAST/autopsy-4.6.0-linux1/autopsy

                            /home/jeremy/FAST/autopsy-4.6.0-linux1/harness

                            /home/jeremy/FAST/autopsy-4.6.0-linux1/java

                            /home/jeremy/FAST/autopsy-4.6.0-linux1/platform


My problem is the application starts up but there is no way to create a
new case. The usual pop-up window is missing and the relevant buttons
are disabled.  I use autopsy and sleuthkit on Windows but for
operational reasons I need to run this application on a specific Linux host.

One odd thing I noticed was this message

WARNING [org.netbeans.modules.autoupdate.ui.actions.AutoupdateSettings]: The property "netbeans.default_userdir_root" was not set!

Where should I look to resolve the problems?

As a secondary issue, I'd like to move all the working directories onto
an NVME drive (mapped as FAST). Is there some configuration file that
sets these?


Thanks

[sleuthkit-users] Autopsy Module Competition Ends

[Brian C. <ca...@sl...>]

Friendly reminder that monday is the deadline for the OSDFCon Autopsy
module competition.

    https://www.osdfcon.org/2018-event/2018-module-development-contest/

Modules can be Python or Java.

thanks,
brian

[sleuthkit-users] Generate report with more data attributes for each file

[Hoel S. <hoe...@gm...>]

Hello,

It is my first message on the sleuthkit-users mailing list, I am also new
to Autopsy / sleuthkit environment in general (I don't even know if I
should post here for what I want). Also I intend to use Autopsy only for
personal purpose on my own data so not really for forensics reasons.

Also, english is not my native language (I am french), so pardon my
mistakes if you find some ;)

I am using Autopsy 4.8.0 on Windows (7 and 10).

So I would like to know if it is possible to generate reports (in Excel or
text format) for entire NTFS volumes with all the 4 NTFS timestamps (created,
modified, MFT modified and accessed), for the core files but also for the
corresponding filenames (hardlink). Because each different file name
(hardlink) of an NTFS file has its own set of 4 timestamps and they do not
reflect exactly the core 4 timestamps of the file. Also I would like to
have the possibility to report the MFT entries (ref), parent folders ref,
record sizes, number of hardlinks, etc. Actually these are the informations
that are displayed in the "File Metadata" of the result tab for each file.

I didn't find a way to do that in the regular Autopsy interface, for
exemple there are only 3 timestamps reportable (Last Accessed, File
Created, Last Modified). If not possible in regular report I think it might
be possible by doing some custom report module, but I don't know how to do
that also.

I ask this because in my NTFS volumes I classify many files with multiple
hardlinks (per file), and I need to create reports of the folders/files
structures with the maximum of informations about the files themselves and
their individual hardlinks (file names) and the relations between them.

So do you think what I ask is possible and how ? If we must create a report
module for that, can someone help me to do one ?

Thanks in advance,

Regards

Hoel

Re: [sleuthkit-users] sleuthkit-users Digest, Vol 144, Issue 1

[blizzard78 <kwi...@gm...>]

> Do people fill in examiner phone & email when making a case?   Or, could it
> go away and no one would care?
>
>
I do not use those fields, so I would not be affected if they go away.
I can also assure you that recording details about my login or analysis
machine will not reveal my name.
Since I tend do perform analytic tasks across a number of platforms and
machines, using my login would result in inconsistent analyst information
once output from different platforms and tools were compiled into my
forensic report.

Kristi

[sleuthkit-users] Examiner Phone/Email in Autopsy Cases?

[Brian C. <ca...@sl...>]

Do people fill in examiner phone & email when making a case?   Or, could it
go away and no one would care?

Background to Question:

Currently, when you make a case in Autopsy, the wizard will allow you to
enter optional information about examiner name, phone, email address, etc.

To better support some features in a multi-user environment, we are
starting to automatically record what user made tags, used Image Gallery,
etc. based on the OS login.   We are going to start recording this info in
the DB.

This led us to question the examiner-related metadata info in the Case
Wizard that gets stored outside of the DB. It's obviously easy for us to
pre-populate the examiner  name based on the OS login so that it is
consistent.  But, it made me question the value of the other fields (phone
& email).

There are three options:
- Change nothing and force everyone to enter the info each time (which is
not very efficient)
- Start to store the phone & email so that it gets pre-populated for each
case (which is not hard, but it is a waste of engineering time if no one
actually cares)
- Stop recording it since its value is questionable in a multi-user case.

Opinions?

[sleuthkit-users] TSK Live Mac OS X Image Parsing

[Michael H <mf...@gm...>]

Hey all,

Hopefully asking this in the right place...

Can TSK parse live disk images on Mac OS X?  I am getting a "Resource Busy"
error (because the drive/partition with the HFS filesystem is mounted at
"/").  Hoping there is a way around that.  For obvious reasons I cannot
unmount the drive to parse it.

Thanks,
Mike

[sleuthkit-users] New Autopsy and TSK Releases

[Brian C. <ca...@sl...>]

There are new releases up on github.

Autopsy 4.8.0 major themes:
- Tree can be grouped by data source and searches can be restricted to a
data source.
- New feature to find common files within a case
- Tagging and keyword search enhancements
- Full list of changes is here: http://sleuthkit.org/autopsy/history.php

Download from: http://www.sleuthkit.org/autopsy/download.php


The Sleuth Kit 4.6.2:
- Minor fixes

Download from: http://www.sleuthkit.org/sleuthkit/download.php

[sleuthkit-users] OSDFCon Voting

[Brian C. <ca...@sl...>]

Crowd Sourcing has begun for OSDFCon. Vote on what digital forensics talks
you think are most interesting and want to see.  Topics include memory,
cloud, and of course Autopsy.

    https://www.surveymonkey.com/r/osdfconvote2018

Voting ends July 11.

thanks,
brian

Re: [sleuthkit-users] Fwd: How to generate a CSV file with MAC times and MD5 from opensource??

[Brian C. <ca...@sl...>]

You can also use 'fls -m / -h' . '-m' for the mactime/body format and '-h'
to calculate hashes.



On Sun, Jun 24, 2018 at 9:46 AM, Greg Freemyer <gre...@gm...>
wrote:

> Thank you very much.
>
> fiwalk is exactly what I wanted.
>
> I've used it in the past, but I forgot about it.
>
> It would be good to get it added to:
> https://wiki.sleuthkit.org/index.php?title=TSK_Tool_Overview
>
> [assuming that page is supposed to be maintained. Otherwise killing
> the page might be good.]
>
> Thanks again,
> Greg
> --
> Greg Freemyer
> Advances are made by answering questions. Discoveries are made by
> questioning answers.
> — Bernard Haisch
>
>
> On Sat, Jun 23, 2018 at 9:23 PM, Barry Grundy <bg...@gm...> wrote:
> > Hi Greg,
> >
> > Is it possible that fiwalk (included with TSK) provides what you're
> looking
> > for?
> >
> > In simple terms:  fiwalk -Mm <image>
> >
> > Barry
> >
> >
> > On Sat, Jun 23, 2018 at 7:34 PM Greg Freemyer <gre...@gm...>
> > wrote:
> >>
> >> All,
> >>
> >> My X-Ways dongle is locked away at a customer site and I need to
> >> create a standard file inventory on a different matter.
> >>
> >> fls from sleuthkit can generate the path and MAC times in a parse-able
> >> format, but not the MD5 as far as I know.
> >>
> >> What can give me a combined output / CSV file?
> >>
> >> fyi: if a standard linux tool can do this, I can use ewfmount and a
> >> loopback mount to make the filesystem available for them.  I just also
> >> don't know of a standard linux tool that can do that.  Maybe some
> >> variation of find?
> >>
> >> Thanks
> >> Greg
> >> --
> >> Greg Freemyer
> >> Advances are made by answering questions. Discoveries are made by
> >> questioning answers.
> >> — Bernard Haisch
> >>
> >>
> >> ------------------------------------------------------------
> ------------------
> >> Check out the vibrant tech community on one of the world's most
> >> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
> >> _______________________________________________
> >> sleuthkit-users mailing list
> >> https://lists.sourceforge.net/lists/listinfo/sleuthkit-users
> >> http://www.sleuthkit.org
> >
> >
> >
> > --
> > ----
> > Barry Grundy
> > bg...@gm...
> > bg...@li...
>
> ------------------------------------------------------------
> ------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
> _______________________________________________
> sleuthkit-users mailing list
> https://lists.sourceforge.net/lists/listinfo/sleuthkit-users
> http://www.sleuthkit.org
>

Re: [sleuthkit-users] Fwd: How to generate a CSV file with MAC times and MD5 from opensource??

[Greg F. <gre...@gm...>]

Thank you very much.

fiwalk is exactly what I wanted.

I've used it in the past, but I forgot about it.

It would be good to get it added to:
https://wiki.sleuthkit.org/index.php?title=TSK_Tool_Overview

[assuming that page is supposed to be maintained. Otherwise killing
the page might be good.]

Thanks again,
Greg
--
Greg Freemyer
Advances are made by answering questions. Discoveries are made by
questioning answers.
— Bernard Haisch


On Sat, Jun 23, 2018 at 9:23 PM, Barry Grundy <bg...@gm...> wrote:
> Hi Greg,
>
> Is it possible that fiwalk (included with TSK) provides what you're looking
> for?
>
> In simple terms:  fiwalk -Mm <image>
>
> Barry
>
>
> On Sat, Jun 23, 2018 at 7:34 PM Greg Freemyer <gre...@gm...>
> wrote:
>>
>> All,
>>
>> My X-Ways dongle is locked away at a customer site and I need to
>> create a standard file inventory on a different matter.
>>
>> fls from sleuthkit can generate the path and MAC times in a parse-able
>> format, but not the MD5 as far as I know.
>>
>> What can give me a combined output / CSV file?
>>
>> fyi: if a standard linux tool can do this, I can use ewfmount and a
>> loopback mount to make the filesystem available for them.  I just also
>> don't know of a standard linux tool that can do that.  Maybe some
>> variation of find?
>>
>> Thanks
>> Greg
>> --
>> Greg Freemyer
>> Advances are made by answering questions. Discoveries are made by
>> questioning answers.
>> — Bernard Haisch
>>
>>
>> ------------------------------------------------------------------------------
>> Check out the vibrant tech community on one of the world's most
>> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
>> _______________________________________________
>> sleuthkit-users mailing list
>> https://lists.sourceforge.net/lists/listinfo/sleuthkit-users
>> http://www.sleuthkit.org
>
>
>
> --
> ----
> Barry Grundy
> bg...@gm...
> bg...@li...

Re: [sleuthkit-users] Fwd: How to generate a CSV file with MAC times and MD5 from opensource??

[Barry G. <bg...@gm...>]

Hi Greg,

Is it possible that fiwalk (included with TSK) provides what you're looking
for?

In simple terms:  fiwalk -Mm <image>

Barry


On Sat, Jun 23, 2018 at 7:34 PM Greg Freemyer <gre...@gm...>
wrote:

> All,
>
> My X-Ways dongle is locked away at a customer site and I need to
> create a standard file inventory on a different matter.
>
> fls from sleuthkit can generate the path and MAC times in a parse-able
> format, but not the MD5 as far as I know.
>
> What can give me a combined output / CSV file?
>
> fyi: if a standard linux tool can do this, I can use ewfmount and a
> loopback mount to make the filesystem available for them.  I just also
> don't know of a standard linux tool that can do that.  Maybe some
> variation of find?
>
> Thanks
> Greg
> --
> Greg Freemyer
> Advances are made by answering questions. Discoveries are made by
> questioning answers.
> — Bernard Haisch
>
>
> ------------------------------------------------------------------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
> _______________________________________________
> sleuthkit-users mailing list
> https://lists.sourceforge.net/lists/listinfo/sleuthkit-users
> http://www.sleuthkit.org
>


-- 
----
Barry Grundy
bg...@gm...
bg...@li...

[sleuthkit-users] Fwd: How to generate a CSV file with MAC times and MD5 from opensource??

[Greg F. <gre...@gm...>]

All,

My X-Ways dongle is locked away at a customer site and I need to
create a standard file inventory on a different matter.

fls from sleuthkit can generate the path and MAC times in a parse-able
format, but not the MD5 as far as I know.

What can give me a combined output / CSV file?

fyi: if a standard linux tool can do this, I can use ewfmount and a
loopback mount to make the filesystem available for them.  I just also
don't know of a standard linux tool that can do that.  Maybe some
variation of find?

Thanks
Greg
--
Greg Freemyer
Advances are made by answering questions. Discoveries are made by
questioning answers.
— Bernard Haisch

Re: [sleuthkit-users] New Autopsy and The Sleuth Kit Releases

[Pasquale R. <pjr...@gm...>]

<html><head></head><body lang="en-US" link="blue" vlink="purple" style="background-color: rgb(255, 255, 255); line-height: initial;">                                                                                      <div style="width: 100%; font-size: initial; font-family: Calibri, 'Slate Pro', sans-serif, sans-serif; color: rgb(31, 73, 125); text-align: initial; background-color: rgb(255, 255, 255);">‎I am interested in and waiting for aff4 integration to use it.</div>                                                                                                                                     <div style="width: 100%; font-size: initial; font-family: Calibri, 'Slate Pro', sans-serif, sans-serif; color: rgb(31, 73, 125); text-align: initial; background-color: rgb(255, 255, 255);"><br></div>                                                                                                                                                                                                   <div style="font-size: initial; font-family: Calibri, 'Slate Pro', sans-serif, sans-serif; color: rgb(31, 73, 125); text-align: initial; background-color: rgb(255, 255, 255);"></div>                                                                                                                                                                                  <table width="100%" style="background-color:white;border-spacing:0px;"> <tbody><tr><td colspan="2" style="font-size: initial; text-align: initial; background-color: rgb(255, 255, 255);">                           <div style="border-style: solid none none; border-top-color: rgb(181, 196, 223); border-top-width: 1pt; padding: 3pt 0in 0in; font-family: Tahoma, 'BB Alpha Sans', 'Slate Pro'; font-size: 10pt;">  <div><b>From: </b>Suman Beros</div><div><b>Sent: </b>Monday, May 28, 2018 9:38 PM</div><div><b>To: </b>'Adam Witt'; 'sleuthkit-users'</div><div><b>Subject: </b>Re: [sleuthkit-users] New Autopsy and The Sleuth Kit Releases</div></div></td></tr></tbody></table><div style="border-style: solid none none; border-top-color: rgb(186, 188, 209); border-top-width: 1pt; font-size: initial; text-align: initial; background-color: rgb(255, 255, 255);"></div><br><div id="_originalContent" style=""><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><meta name="Generator" content="Microsoft Word 14 (filtered medium)"><style><!--
/* Font Definitions */
@font-face
	{font-family:Calibri;
	panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
	{font-family:Tahoma;
	panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
	{margin:0in;
	margin-bottom:.0001pt;
	font-size:12.0pt;
	font-family:"Times New Roman","serif";}
a:link, span.MsoHyperlink
	{mso-style-priority:99;
	color:blue;
	text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
	{mso-style-priority:99;
	color:purple;
	text-decoration:underline;}
span.hoenzb
	{mso-style-name:hoenzb;}
span.EmailStyle18
	{mso-style-type:personal-reply;
	font-family:"Arial","sans-serif";
	color:#0070C0;}
.MsoChpDefault
	{mso-style-type:export-only;
	font-family:"Calibri","sans-serif";}
@page WordSection1
	{size:8.5in 11.0in;
	margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
	{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]--><div class="WordSection1"><p class="MsoNormal"><span style="font-family:&quot;Arial&quot;,&quot;sans-serif&quot;;color:#0070C0">For me, Autopsy/AFF4 integration would be a significant additional reason to use Autopsy.<o:p></o:p></span></p><p class="MsoNormal"><span style="font-family:&quot;Arial&quot;,&quot;sans-serif&quot;;color:#0070C0"><o:p>&nbsp;</o:p></span></p><p class="MsoNormal"><span style="font-family:&quot;Arial&quot;,&quot;sans-serif&quot;;color:#0070C0">Best regards,<o:p></o:p></span></p><p class="MsoNormal"><span style="font-family:&quot;Arial&quot;,&quot;sans-serif&quot;;color:#0070C0">Suman<o:p></o:p></span></p><p class="MsoNormal"><span style="font-family:&quot;Arial&quot;,&quot;sans-serif&quot;;color:#0070C0"><o:p>&nbsp;</o:p></span></p><p class="MsoNormal"><span style="font-size:10.0pt;font-family:&quot;Arial&quot;,&quot;sans-serif&quot;;color:#1F497D">--<o:p></o:p></span></p><p class="MsoNormal"><span style="font-size:10.0pt;font-family:&quot;Arial&quot;,&quot;sans-serif&quot;;color:#1F497D">Suman Beros<o:p></o:p></span></p><p class="MsoNormal"><span style="font-size:10.0pt;font-family:&quot;Arial&quot;,&quot;sans-serif&quot;;color:#1F497D">sb...@be...<o:p></o:p></span></p><p class="MsoNormal"><span style="font-family:&quot;Arial&quot;,&quot;sans-serif&quot;;color:#0070C0"><o:p>&nbsp;</o:p></span></p><p class="MsoNormal"><span style="font-family:&quot;Arial&quot;,&quot;sans-serif&quot;;color:#0070C0"><o:p>&nbsp;</o:p></span></p><p class="MsoNormal"><b><span style="font-size:10.0pt;font-family:&quot;Tahoma&quot;,&quot;sans-serif&quot;">From:</span></b><span style="font-size:10.0pt;font-family:&quot;Tahoma&quot;,&quot;sans-serif&quot;"> Adam Witt [mailto:acc...@gm...] <br><b>Sent:</b> Friday, April 20, 2018 10:41<br><b>To:</b> sleuthkit-users<br><b>Subject:</b> Re: [sleuthkit-users] New Autopsy and The Sleuth Kit Releases<o:p></o:p></span></p><p class="MsoNormal"><o:p>&nbsp;</o:p></p><div><p class="MsoNormal">+1 I use AFF4 and would like to see it integrated into the project.<o:p></o:p></p><div><p class="MsoNormal"><o:p>&nbsp;</o:p></p></div><div><p class="MsoNormal">--<o:p></o:p></p></div><div><p class="MsoNormal">Adam<o:p></o:p></p></div></div><div><p class="MsoNormal"><o:p>&nbsp;</o:p></p><div><p class="MsoNormal">On Mon, Sep 25, 2017 at 7:16 PM, Brian Carrier &lt;<a href="mailto:ca...@sl..." target="_blank">ca...@sl...</a>&gt; wrote:<o:p></o:p></p><div><div><div><div><p class="MsoNormal" style="margin-bottom:12.0pt">Hi Hoyt,<o:p></o:p></p></div><p class="MsoNormal" style="margin-bottom:12.0pt">It is not scheduled to include it.&nbsp; We didn't get a chance to look at the code.&nbsp; We prioritize things based on user interest and we haven't received requests for it. <o:p></o:p></p></div><p class="MsoNormal" style="margin-bottom:12.0pt">Who here is using AFF4 or is waiting to use AFF4 until Autopsy/TSK incorporate it?<o:p></o:p></p></div><p class="MsoNormal" style="margin-bottom:12.0pt"><span class="hoenzb"><span style="color:#888888">brian</span></span><o:p></o:p></p></div><div><div><div><p class="MsoNormal"><o:p>&nbsp;</o:p></p><div><p class="MsoNormal">On Mon, Sep 25, 2017 at 11:34 AM, Hoyt Harness &lt;<a href="mailto:hoy...@gm..." target="_blank">hoy...@gm...</a>&gt; wrote:<o:p></o:p></p><div><p class="MsoNormal">I may have missed it, but will the upcoming Sleuth Kit release include the AFF4 patches? If not, is there any idea when we might see this? I apologize if I have indeed missed it.<o:p></o:p></p><div><p class="MsoNormal"><o:p>&nbsp;</o:p></p></div><div><p class="MsoNormal">Hoyt<o:p></o:p></p></div><div><p class="MsoNormal"><o:p>&nbsp;</o:p></p></div></div><div><div><div><p class="MsoNormal"><o:p>&nbsp;</o:p></p><div><p class="MsoNormal">On Fri, Sep 15, 2017 at 12:18 PM, Richard Cordovano &lt;<a href="mailto:rco...@ba..." target="_blank">rco...@ba...</a>&gt; wrote:<o:p></o:p></p><div><p class="MsoNormal">Scratch that, we have indeed decided to do a 4.5.0 release in early October.<o:p></o:p></p></div><div><div><div><p class="MsoNormal"><o:p>&nbsp;</o:p></p><div><p class="MsoNormal">On Fri, Sep 15, 2017 at 6:42 AM, &lt;<a href="mailto:rco...@ba..." target="_blank">rco...@ba...</a>&gt; wrote:<o:p></o:p></p><div><div><p class="MsoNormal">Slight clarification: SleuthKit 4.4.3 and Autopsy 4.5.0 in early October.<br><br>Sent from my iPhone<o:p></o:p></p></div><div><div><div><p class="MsoNormal" style="margin-bottom:12.0pt"><br>On Sep 14, 2017, at 11:06 PM, Brian Carrier &lt;<a href="mailto:ca...@sl..." target="_blank">ca...@sl...</a>&gt; wrote:<o:p></o:p></p></div><blockquote style="margin-top:5.0pt;margin-bottom:5.0pt"><div><div><p class="MsoNormal">We're looking to do a 4.5.0 release in early October (along with an Autopsy release). <o:p></o:p></p></div><div><p class="MsoNormal"><o:p>&nbsp;</o:p></p><div><p class="MsoNormal">On Thu, Sep 14, 2017 at 7:54 PM, Greg Freemyer &lt;<a href="mailto:gre...@gm..." target="_blank">gre...@gm...</a>&gt; wrote:<o:p></o:p></p><p class="MsoNormal">Brian,<br><br>As you know some CVE's came out after 4.4.2.&nbsp; Looking at the bug<br>tracker looks like you have them fixed.<br><br>Are you going to do a 4.4.3 soon, or as the openSUSE sleuthkit<br>maintainer, should I create appropriate patches to 4.4.2?&nbsp; Or do you<br>know if Redhat, Ubuntu, Mint has already done it?<br><br>Thanks<br>Greg<br>--<br>Greg Freemyer<br>Advances are made by answering questions. Discoveries are made by<br>questioning answers.<br>— Bernard Haisch<o:p></o:p></p><div><div><p class="MsoNormal"><br><br>On Wed, Aug 16, 2017 at 8:31 PM, Brian Carrier &lt;<a href="mailto:ca...@sl..." target="_blank">ca...@sl...</a>&gt; wrote:<br>&gt; I forgot to announce last week that new releases are up.<br>&gt;<br>&gt; Autopsy 4.4.1 includes:<br>&gt;<br>&gt; Beta version of new central repository feature for correlating artifacts<br>&gt; across cases; results are displayed using an Interesting Artifacts branch of<br>&gt; the Interesting Items tree and an Other Data Sources content viewer. I'll<br>&gt; post a blog post about using this later next week.<br>&gt; Results viewer (top right area of desktop application) sorts are persistent<br>&gt; and can be applied to either the table viewer or the thumbnail viewer.<br>&gt; Assorted performance improvements, enhancements, and bug fixes.<br>&gt;<br>&gt; Download here: <a href="http://sleuthkit.org/autopsy/download.php" target="_blank">http://sleuthkit.org/autopsy/download.php</a><br>&gt;<br>&gt; The Sleuth Kit 4.4.2 includes:<br>&gt;<br>&gt; usnjls tool for NTFS USN log (from noxdafox)<br>&gt; Added index to mime type column in DB<br>&gt; Use local SQLite3 if it exists (from uckelman-sf)<br>&gt; Blackboard Artifacts have a shortDescription metho<br>&gt; Fix for highest HFS+ inum lookup (from uckelman-sf)<br>&gt; Fix ISO9660 crash<br>&gt; various performance fixes and added thread safety checks<br>&gt;<br>&gt; Download here: <a href="http://sleuthkit.org/sleuthkit/download.php" target="_blank">http://sleuthkit.org/sleuthkit/download.php</a><br>&gt;<br>&gt; thanks,<br>&gt; brian<br>&gt;<br>&gt;<o:p></o:p></p></div></div><p class="MsoNormal">&gt; ------------------------------------------------------------------------------<br>&gt; Check out the vibrant tech community on one of the world's most<br>&gt; engaging tech sites, <a href="http://Slashdot.org" target="_blank">Slashdot.org</a>! <a href="http://sdm.link/slashdot" target="_blank">http://sdm.link/slashdot</a><br>&gt; _______________________________________________<br>&gt; sleuthkit-users mailing list<br>&gt; <a href="https://lists.sourceforge.net/lists/listinfo/sleuthkit-users" target="_blank">https://lists.sourceforge.net/lists/listinfo/sleuthkit-users</a><br>&gt; <a href="http://www.sleuthkit.org" target="_blank">http://www.sleuthkit.org</a><br>&gt;<o:p></o:p></p></div><p class="MsoNormal"><o:p>&nbsp;</o:p></p></div></div></blockquote><blockquote style="margin-top:5.0pt;margin-bottom:5.0pt"><div><p class="MsoNormal">------------------------------------------------------------------------------<br>Check out the vibrant tech community on one of the world's most<br>engaging tech sites, <a href="http://Slashdot.org" target="_blank">Slashdot.org</a>! <a href="http://sdm.link/slashdot" target="_blank">http://sdm.link/slashdot</a><o:p></o:p></p></div></blockquote><blockquote style="margin-top:5.0pt;margin-bottom:5.0pt"><div><p class="MsoNormal">_______________________________________________<br>sleuthkit-users mailing list<br><a href="https://lists.sourceforge.net/lists/listinfo/sleuthkit-users" target="_blank">https://lists.sourceforge.net/lists/listinfo/sleuthkit-users</a><br><a href="http://www.sleuthkit.org" target="_blank">http://www.sleuthkit.org</a><o:p></o:p></p></div></blockquote></div></div></div></div><p class="MsoNormal"><o:p>&nbsp;</o:p></p></div></div></div><p class="MsoNormal" style="margin-bottom:12.0pt"><br>------------------------------------------------------------------------------<br>Check out the vibrant tech community on one of the world's most<br>engaging tech sites, Slashdot.org! <a href="http://sdm.link/slashdot" target="_blank">http://sdm.link/slashdot</a><br>_______________________________________________<br>sleuthkit-users mailing list<br><a href="https://lists.sourceforge.net/lists/listinfo/sleuthkit-users" target="_blank">https://lists.sourceforge.net/lists/listinfo/sleuthkit-users</a><br><a href="http://www.sleuthkit.org" target="_blank">http://www.sleuthkit.org</a><o:p></o:p></p></div><p class="MsoNormal"><br><br clear="all"><o:p></o:p></p><div><p class="MsoNormal"><o:p>&nbsp;</o:p></p></div><p class="MsoNormal">-- <o:p></o:p></p></div></div><div><p class="MsoNormal">Hoyt<br>-----------------<br>There are 11 kinds of people - those who think binary jokes are funny, those who don't, ...and those who don't know binary.<o:p></o:p></p></div></div><p class="MsoNormal" style="margin-bottom:12.0pt"><br>------------------------------------------------------------------------------<br>Check out the vibrant tech community on one of the world's most<br>engaging tech sites, Slashdot.org! <a href="http://sdm.link/slashdot" target="_blank">http://sdm.link/slashdot</a><br>_______________________________________________<br>sleuthkit-users mailing list<br><a href="https://lists.sourceforge.net/lists/listinfo/sleuthkit-users" target="_blank">https://lists.sourceforge.net/lists/listinfo/sleuthkit-users</a><br><a href="http://www.sleuthkit.org" target="_blank">http://www.sleuthkit.org</a><o:p></o:p></p></div><p class="MsoNormal"><o:p>&nbsp;</o:p></p></div></div></div><p class="MsoNormal" style="margin-bottom:12.0pt"><br>------------------------------------------------------------------------------<br>Check out the vibrant tech community on one of the world's most<br>engaging tech sites, Slashdot.org! <a href="http://sdm.link/slashdot" target="_blank">http://sdm.link/slashdot</a><br>_______________________________________________<br>sleuthkit-users mailing list<br><a href="https://lists.sourceforge.net/lists/listinfo/sleuthkit-users" target="_blank">https://lists.sourceforge.net/lists/listinfo/sleuthkit-users</a><br><a href="http://www.sleuthkit.org" target="_blank">http://www.sleuthkit.org</a><o:p></o:p></p></div><p class="MsoNormal"><o:p>&nbsp;</o:p></p></div></div><br><!--end of _originalContent --></div></body></html>

Re: [sleuthkit-users] New Autopsy and The Sleuth Kit Releases

[Suman B. <sb...@be...>]

For me, Autopsy/AFF4 integration would be a significant additional reason to use Autopsy.

 

Best regards,

Suman

 

--

Suman Beros

sb...@be...

 

 

From: Adam Witt [mailto:acc...@gm...] 
Sent: Friday, April 20, 2018 10:41
To: sleuthkit-users
Subject: Re: [sleuthkit-users] New Autopsy and The Sleuth Kit Releases

 

+1 I use AFF4 and would like to see it integrated into the project.

 

--

Adam

 

On Mon, Sep 25, 2017 at 7:16 PM, Brian Carrier <ca...@sl...> wrote:

Hi Hoyt,

It is not scheduled to include it.  We didn't get a chance to look at the code.  We prioritize things based on user interest and we haven't received requests for it. 

Who here is using AFF4 or is waiting to use AFF4 until Autopsy/TSK incorporate it?

brian

 

On Mon, Sep 25, 2017 at 11:34 AM, Hoyt Harness <hoy...@gm...> wrote:

I may have missed it, but will the upcoming Sleuth Kit release include the AFF4 patches? If not, is there any idea when we might see this? I apologize if I have indeed missed it.

 

Hoyt

 

 

On Fri, Sep 15, 2017 at 12:18 PM, Richard Cordovano <rco...@ba...> wrote:

Scratch that, we have indeed decided to do a 4.5.0 release in early October.

 

On Fri, Sep 15, 2017 at 6:42 AM, <rco...@ba...> wrote:

Slight clarification: SleuthKit 4.4.3 and Autopsy 4.5.0 in early October.

Sent from my iPhone


On Sep 14, 2017, at 11:06 PM, Brian Carrier <ca...@sl...> wrote:

We're looking to do a 4.5.0 release in early October (along with an Autopsy release). 

 

On Thu, Sep 14, 2017 at 7:54 PM, Greg Freemyer <gre...@gm...> wrote:

Brian,

As you know some CVE's came out after 4.4.2.  Looking at the bug
tracker looks like you have them fixed.

Are you going to do a 4.4.3 soon, or as the openSUSE sleuthkit
maintainer, should I create appropriate patches to 4.4.2?  Or do you
know if Redhat, Ubuntu, Mint has already done it?

Thanks
Greg
--
Greg Freemyer
Advances are made by answering questions. Discoveries are made by
questioning answers.
— Bernard Haisch



On Wed, Aug 16, 2017 at 8:31 PM, Brian Carrier <ca...@sl...> wrote:
> I forgot to announce last week that new releases are up.
>
> Autopsy 4.4.1 includes:
>
> Beta version of new central repository feature for correlating artifacts
> across cases; results are displayed using an Interesting Artifacts branch of
> the Interesting Items tree and an Other Data Sources content viewer. I'll
> post a blog post about using this later next week.
> Results viewer (top right area of desktop application) sorts are persistent
> and can be applied to either the table viewer or the thumbnail viewer.
> Assorted performance improvements, enhancements, and bug fixes.
>
> Download here: http://sleuthkit.org/autopsy/download.php
>
> The Sleuth Kit 4.4.2 includes:
>
> usnjls tool for NTFS USN log (from noxdafox)
> Added index to mime type column in DB
> Use local SQLite3 if it exists (from uckelman-sf)
> Blackboard Artifacts have a shortDescription metho
> Fix for highest HFS+ inum lookup (from uckelman-sf)
> Fix ISO9660 crash
> various performance fixes and added thread safety checks
>
> Download here: http://sleuthkit.org/sleuthkit/download.php
>
> thanks,
> brian
>
>

> ------------------------------------------------------------------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
> _______________________________________________
> sleuthkit-users mailing list
> https://lists.sourceforge.net/lists/listinfo/sleuthkit-users
> http://www.sleuthkit.org
>

 

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot

_______________________________________________
sleuthkit-users mailing list
https://lists.sourceforge.net/lists/listinfo/sleuthkit-users
http://www.sleuthkit.org

 


------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
sleuthkit-users mailing list
https://lists.sourceforge.net/lists/listinfo/sleuthkit-users
http://www.sleuthkit.org





 

-- 

Hoyt
-----------------
There are 11 kinds of people - those who think binary jokes are funny, those who don't, ...and those who don't know binary.


------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
sleuthkit-users mailing list
https://lists.sourceforge.net/lists/listinfo/sleuthkit-users
http://www.sleuthkit.org

 


------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
sleuthkit-users mailing list
https://lists.sourceforge.net/lists/listinfo/sleuthkit-users
http://www.sleuthkit.org

 

[sleuthkit-users] Final Week of Forensic 4Cast Voting

[Brian C. <ca...@sl...>]

Help get Autopsy to win for the 3rd year in a row as the best open source
digital forensics software. Voting ends Friday.

https://forensic4cast.com/forensic-4cast-awards/

brian

Re: [sleuthkit-users] TSK Framework

[Kalin K. <me....@gm...>]

On Thu, May 17, 2018 at 7:22 PM, Brian Carrier <ca...@sl...> wrote:
> Is anyone using the TSK framework?  We no longer use it at Basis because we
> now have the framework in Autopsy. The TSK framework hasn't been maintained
> and I'd like to stop shipping it with each TSK tar ball.
>
Is this the Java binding? Or something else?

I wonder how can we tell if something is using it...
Is it a shared library (=>use ldd)?

> Would anyone miss it?
>
I guess not me personally, but let's see what used to depend on it historically.

Kalin.

[sleuthkit-users] TSK Framework

[Brian C. <ca...@sl...>]

Is anyone using the TSK framework
<http://sleuthkit.org/sleuthkit/framework.php>?  We no longer use it at
Basis because we now have the framework in Autopsy. The TSK framework
hasn't been maintained and I'd like to stop shipping it with each TSK tar
ball.

Would anyone miss it?

[sleuthkit-users] New Autopsy and TSK Releases

[Brian C. <ca...@sl...>]

Autopsy 4.7.0 and The Sleuth Kit 4.6.1 are available for download.


*Autopsy 4.7.0 *Lots of new features, including:

   - A graph visualization was added to the Communications tool to make it
   easier to find messages and relationships.
   - New SQLite and binary PList viewers
   - L01 files can be imported as data sources.
   - Ingest filters can now use date range conditions for triage.
   - Passwords to open password protected archive files can be entered (by
   right clicking on the file).
   - New data source processor in Experimental module that runs Volatility,
   adds the outputs as files, and parses the reports to provide
   INTERESTING_FILE artifacts.
   - Improved support for Linux and OS X.
   - .... [full list of new things is here
   <http://sleuthkit.org/autopsy/history.php>]

More details on the key features can be found from the blog
<https://www.autopsy.com/autopsy-4-7-includes-link-analysis-database-viewers-triage-and-more/>.


You can download Autopsy from here
<http://sleuthkit.org/autopsy/download.php>.


*The Sleuth Kit 4.6.1*
Bug fixes, Linux enhancements for Autopsy, and other Autopsy-based changes:

   - Lots of bounds checking fixes from Google's fuzzing tests.  Thanks
   Goole.
   - Cleanup and fixes from uckelman-sf and others
   - PostgreSQL, libvhdi, & libvmdk are supported for Linux / OS X
   - Fixed display of NTFS GUID in istat - report from Eric Zimmerman.
   - NTFS istat shows details about all FILE_NAME attributes, not just the
   first.  report from Eric Zimmerman.

You can download from here <http://sleuthkit.org/sleuthkit/download.php>.

Re: [sleuthkit-users] New Autopsy and The Sleuth Kit Releases

[Adam W. <acc...@gm...>]

+1 I use AFF4 and would like to see it integrated into the project.

--
Adam

On Mon, Sep 25, 2017 at 7:16 PM, Brian Carrier <ca...@sl...>
wrote:

> Hi Hoyt,
>
> It is not scheduled to include it.  We didn't get a chance to look at the
> code.  We prioritize things based on user interest and we haven't received
> requests for it.
>
> Who here is using AFF4 or is waiting to use AFF4 until Autopsy/TSK
> incorporate it?
>
> brian
>
>
> On Mon, Sep 25, 2017 at 11:34 AM, Hoyt Harness <hoy...@gm...>
> wrote:
>
>> I may have missed it, but will the upcoming Sleuth Kit release include
>> the AFF4 patches? If not, is there any idea when we might see this? I
>> apologize if I have indeed missed it.
>>
>> Hoyt
>>
>>
>> On Fri, Sep 15, 2017 at 12:18 PM, Richard Cordovano <
>> rco...@ba...> wrote:
>>
>>> Scratch that, we have indeed decided to do a 4.5.0 release in early
>>> October.
>>>
>>> On Fri, Sep 15, 2017 at 6:42 AM, <rco...@ba...> wrote:
>>>
>>>> Slight clarification: SleuthKit 4.4.3 and Autopsy 4.5.0 in early
>>>> October.
>>>>
>>>> Sent from my iPhone
>>>>
>>>> On Sep 14, 2017, at 11:06 PM, Brian Carrier <ca...@sl...>
>>>> wrote:
>>>>
>>>> We're looking to do a 4.5.0 release in early October (along with an
>>>> Autopsy release).
>>>>
>>>> On Thu, Sep 14, 2017 at 7:54 PM, Greg Freemyer <gre...@gm...
>>>> > wrote:
>>>>
>>>>> Brian,
>>>>>
>>>>> As you know some CVE's came out after 4.4.2.  Looking at the bug
>>>>> tracker looks like you have them fixed.
>>>>>
>>>>> Are you going to do a 4.4.3 soon, or as the openSUSE sleuthkit
>>>>> maintainer, should I create appropriate patches to 4.4.2?  Or do you
>>>>> know if Redhat, Ubuntu, Mint has already done it?
>>>>>
>>>>> Thanks
>>>>> Greg
>>>>> --
>>>>> Greg Freemyer
>>>>> Advances are made by answering questions. Discoveries are made by
>>>>> questioning answers.
>>>>> — Bernard Haisch
>>>>>
>>>>>
>>>>> On Wed, Aug 16, 2017 at 8:31 PM, Brian Carrier <ca...@sl...>
>>>>> wrote:
>>>>> > I forgot to announce last week that new releases are up.
>>>>> >
>>>>> > Autopsy 4.4.1 includes:
>>>>> >
>>>>> > Beta version of new central repository feature for correlating
>>>>> artifacts
>>>>> > across cases; results are displayed using an Interesting Artifacts
>>>>> branch of
>>>>> > the Interesting Items tree and an Other Data Sources content viewer.
>>>>> I'll
>>>>> > post a blog post about using this later next week.
>>>>> > Results viewer (top right area of desktop application) sorts are
>>>>> persistent
>>>>> > and can be applied to either the table viewer or the thumbnail
>>>>> viewer.
>>>>> > Assorted performance improvements, enhancements, and bug fixes.
>>>>> >
>>>>> > Download here: http://sleuthkit.org/autopsy/download.php
>>>>> >
>>>>> > The Sleuth Kit 4.4.2 includes:
>>>>> >
>>>>> > usnjls tool for NTFS USN log (from noxdafox)
>>>>> > Added index to mime type column in DB
>>>>> > Use local SQLite3 if it exists (from uckelman-sf)
>>>>> > Blackboard Artifacts have a shortDescription metho
>>>>> > Fix for highest HFS+ inum lookup (from uckelman-sf)
>>>>> > Fix ISO9660 crash
>>>>> > various performance fixes and added thread safety checks
>>>>> >
>>>>> > Download here: http://sleuthkit.org/sleuthkit/download.php
>>>>> >
>>>>> > thanks,
>>>>> > brian
>>>>> >
>>>>> >
>>>>> > ------------------------------------------------------------
>>>>> ------------------
>>>>> > Check out the vibrant tech community on one of the world's most
>>>>> > engaging tech sites, Slashdot.org! http://sdm.link/slashdot
>>>>> > _______________________________________________
>>>>> > sleuthkit-users mailing list
>>>>> > https://lists.sourceforge.net/lists/listinfo/sleuthkit-users
>>>>> > http://www.sleuthkit.org
>>>>> >
>>>>>
>>>>
>>>> ------------------------------------------------------------
>>>> ------------------
>>>> Check out the vibrant tech community on one of the world's most
>>>> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
>>>>
>>>> _______________________________________________
>>>> sleuthkit-users mailing list
>>>> https://lists.sourceforge.net/lists/listinfo/sleuthkit-users
>>>> http://www.sleuthkit.org
>>>>
>>>>
>>>
>>> ------------------------------------------------------------
>>> ------------------
>>> Check out the vibrant tech community on one of the world's most
>>> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
>>> _______________________________________________
>>> sleuthkit-users mailing list
>>> https://lists.sourceforge.net/lists/listinfo/sleuthkit-users
>>> http://www.sleuthkit.org
>>>
>>>
>>
>>
>> --
>> Hoyt
>> -----------------
>> There are 11 kinds of people - those who think binary jokes are funny,
>> those who don't, ...and those who don't know binary.
>>
>> ------------------------------------------------------------
>> ------------------
>> Check out the vibrant tech community on one of the world's most
>> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
>> _______________________________________________
>> sleuthkit-users mailing list
>> https://lists.sourceforge.net/lists/listinfo/sleuthkit-users
>> http://www.sleuthkit.org
>>
>>
>
> ------------------------------------------------------------
> ------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
> _______________________________________________
> sleuthkit-users mailing list
> https://lists.sourceforge.net/lists/listinfo/sleuthkit-users
> http://www.sleuthkit.org
>
>

[sleuthkit-users] OSDFCon CFP Due 6/1

[Brian C. <ca...@sl...>]

Submit your talk and workshop ideas to the 2018 OSDFCon to let everyone
know about your open source tools and experiences.   It's the biggest open
source DFIR conference and also probably the biggest one in Northern
Virginia / MD.

General Info:
- Submissions are due 6/1 and consist of abstract, bio, etc.
- We are allowing a limited number of remote talks (via Skype, Hangouts,
etc.)
- The conference is Oct 17 in Herndon, VA (near Dulles Airport)
- There will be workshops before the event.

CFP can be found here:
https://www.osdfcon.org/2018-event/2018-call-for-presentations/

You can sign up for updates here: https://www.osdfcon.org/get-updates/

Re: [sleuthkit-users] Report Module - progressPanel issue

[Richard C. <rco...@ba...>]

Christopher, I am the tech lead for Autopsy development at Basis
Technology.

I have looked at the code snippet you provided, and from what I can see it
looks correct. I have also looked at Autopsy developer Jonathan Millman's
observation that he believes there is a thread safety issue in
ReportProgressPanel. He is correct. Whether or not this could cause the
problem you are experiencing is not yet clear to me, but I will see to it
that the thread safety issue is fixed in Autopsy 4.7.0, which will be
released soon (the current target is the first week in April). In fact, if
you happen to be building from source, I will do the fix myself right now
and put it in the develop branch, so you could pull that down and rebuild
and see if the problem is fixed.

If you are running with the Autopsy source code, you could also step
through the code and try to figure out what is going on. I would start by
putting a breakpoint here:

    /**
     * Changes the status message label component of this panel to show a
given
     * processing status message. For example, updateStatusLabel("Now
processing
     * files...") sets the label text to "Now processing files..."
     *
     * @param statusMessage String to use as label text.
     */
    public void updateStatusLabel(String statusMessage) {
        EventQueue.invokeLater(() -> {
            if (status != ReportStatus.CANCELED) { // PUT BREAKPOINT ON
THIS LINE
                statusMessageLabel.setText(statusMessage);
            }
        });
    }

and checking the values of status and statusMessage. I suspect that
statusMessage is the empoty string, althpugh that would likely point to an
issue in your code, rather than the concurrency problem mentioned above.

Alternatively, if you are able and willing to send us your source code, I
or one of my developers would be willing to see if we can recreate and
debug the problem.

Sincerely,
Richard Cordovano
Director of Engineering - Cyber Forensics, Basis Technology

On Sat, Mar 17, 2018 at 9:04 AM, Christopher Wipat <ch...@cw...>
wrote:

> Hello,
>
> I'm currently creating a Report Module for Autopsy, which is nearly
> finished now, however for some reason I can't get the progressPanel to
> update a message which let's the user know what is happening, when it is
> happening.
>
> I have used the exact same method as shown in add hashes module:
>
> http://www.sleuthkit.org/autopsy/docs/api-docs/4.5.0/_
> add_tagged_hashes_to_hash_db_8java_source.html
>
> progressPanel.updateStatusLabel
> <http://www.sleuthkit.org/autopsy/docs/api-docs/4.5.0/classorg_1_1sleuthkit_1_1autopsy_1_1report_1_1_report_progress_panel.html#a2162ed8086014100811ef5b130fa13f8>
> ("Adding hashes...");
>
> However - their writing shows up on the progress panel page, where as mine
> does not.
>
> These are the sum of my progressPanel statements in my generateReport
> method:
>
> progressPanel.setIndeterminate(false);
> progressPanel.start();
> progressPanel.updateStatusLabel("Adding files...");
> if (progressPanel.getStatus() == ReportProgressPanel.ReportStatus.CANCELED)
> {
>     break;
> }
> progressPanel.setMaximumProgress(tags.size());
> progressPanel.updateStatusLabel("Adding \"" + tagName.getDisplayName() +
> "\" files to " + configPanel.getSelectedDocumentName() + "...");
> progressPanel.updateStatusLabel("Adding " + tag.getContent().getName() +
> " from \"" + tagName.getDisplayName() + "\" to " + configPanel.getSelectedDocumentName()
> + "...");
> // Increment the progressPanel every time a file is processed
> progressPanel.increment();
> progressPanel.complete(ReportProgressPanel.ReportStatus.COMPLETE);
>
> However not a single updateStatusLabel is showing when I generate a report.
>
> Note the bar itself is progressing as it should, everything compiles,
> runs, without errors, increments itself to completion after every file is
> processed, I have imported the reportProgressPanel
> from org.sleuthkit.autopsy.report.ReportProgressPanel - exactly the same
> as add tagged hashes to hash db report module.
>
> I have also tried compiling the module itself into a NBM, and then
> installing it through Autopsy - however still no updated status labels.
>
> Could I get your help?
>
> Cheers
>
> ------------------------------------------------------------
> ------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
> _______________________________________________
> sleuthkit-users mailing list
> https://lists.sourceforge.net/lists/listinfo/sleuthkit-users
> http://www.sleuthkit.org
>
>

Re: [sleuthkit-users] Minimum Java Version for The Sleuth Kit JAR

[Danilo M. <da...@gm...>]

Hi,

Here this changing won't break anything up.

2018-03-19 11:44 GMT-03:00 Brian Carrier <ca...@sl...>:

> We have tried to maintain the lowest possible Java level to enable the
> most widespread usage.  Currently, it is set to 1.6, but we would like to
> move to the more modern 1.8.
>
> If we change to 1.8 is this going to break anyone's Java projects that use
> the JAR?
>
> brian
>
>
> ------------------------------------------------------------
> ------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
> _______________________________________________
> sleuthkit-users mailing list
> https://lists.sourceforge.net/lists/listinfo/sleuthkit-users
> http://www.sleuthkit.org
>
>


-- 
---
Danilo Caio Marcucci Marques
Computer Forensic Investigator - ICCE-DGPTC/PCERJ/Brazil
Linux user #419162
[image: MyFreeCopyright.com Registered & Protected]
<http://www.myfreecopyright.com/registered_mcn/CEM82_BNX21_KQM8A>