Thread: [sleuthkit-users] New The Sleuth Kit Release!
Brought to you by:
carrier
Menu
▾
▴
sleuthkit-users
|
From: Brian C. <ca...@sl...> - 2015-09-17 04:10:11
|
The 4.2.0 release is finally out. It’s been well over 1.5 years since there was an independent TSK release. There is a lot more in there than what we have listed in the NEWS.txt file because we didn’t keep it up to date with all of the little fixes and changes. But here are the big items:
- ExFAT support added
- New database schema
- New Sqlite hash database
- Added secondary hash database index
- Various bug fixes
- NTFS pays more attention to sequence and loads metadata only
if it matches.
Source code tar ball and windows binaries are here:
http://www.sleuthkit.org/sleuthkit/
brian
|
|
From: Luís F. N. <lfc...@gm...> - 2015-09-17 12:22:21
|
Great news! Thank you sleuthkit team for the awesome work! Luis Nassif 2015-09-17 1:10 GMT-03:00 Brian Carrier <ca...@sl...>: > The 4.2.0 release is finally out. It’s been well over 1.5 years since > there was an independent TSK release. There is a lot more in there than > what we have listed in the NEWS.txt file because we didn’t keep it up to > date with all of the little fixes and changes. But here are the big items: > > - ExFAT support added > - New database schema > - New Sqlite hash database > - Added secondary hash database index > - Various bug fixes > - NTFS pays more attention to sequence and loads metadata only > if it matches. > > Source code tar ball and windows binaries are here: > > http://www.sleuthkit.org/sleuthkit/ > > brian > > ------------------------------------------------------------------------------ > Monitor Your Dynamic Infrastructure at Any Scale With Datadog! > Get real-time metrics from all of your servers, apps and tools > in one place. > SourceForge users - Click here to start your Free Trial of Datadog now! > http://pubads.g.doubleclick.net/gampad/clk?id=241902991&iu=/4140 > _______________________________________________ > sleuthkit-users mailing list > https://lists.sourceforge.net/lists/listinfo/sleuthkit-users > http://www.sleuthkit.org > |
|
From: Grundy B. J T. <Bar...@ti...> - 2015-09-17 12:46:11
|
I am literally weeping with joy over here... /******************************************* Barry J. Grundy Assistant Special Agent in Charge Digital Forensic Support Group Treasury Inspector General for Tax Administration (301) 210-8741 (desk) (202) 527-5778 (cell) Bar...@ti... ********************************************\ > -----Original Message----- > From: Brian Carrier [mailto:ca...@sl...] > Sent: Thursday, September 17, 2015 12:10 AM > To: sleuthkit-users; sle...@li... > Subject: [sleuthkit-users] New The Sleuth Kit Release! > > The 4.2.0 release is finally out. It’s been well over 1.5 years since there was > an independent TSK release. There is a lot more in there than what we have > listed in the NEWS.txt file because we didn’t keep it up to date with all of the > little fixes and changes. But here are the big items: > > - ExFAT support added > - New database schema > - New Sqlite hash database > - Added secondary hash database index > - Various bug fixes > - NTFS pays more attention to sequence and loads metadata only > if it matches. > > Source code tar ball and windows binaries are here: > > http://www.sleuthkit.org/sleuthkit/ > > brian > ------------------------------------------------------------------------------ > Monitor Your Dynamic Infrastructure at Any Scale With Datadog! > Get real-time metrics from all of your servers, apps and tools in one place. > SourceForge users - Click here to start your Free Trial of Datadog now! > http://pubads.g.doubleclick.net/gampad/clk?id=241902991&iu=/4140 > _______________________________________________ > sleuthkit-users mailing list > https://lists.sourceforge.net/lists/listinfo/sleuthkit-users > http://www.sleuthkit.org |
|
From: Kalin K. <me....@gm...> - 2015-09-17 15:18:31
|
Great! >> -----Original Message----- >> From: Brian Carrier [mailto:ca...@sl...] >> >> The 4.2.0 release is finally out. It’s been well over 1.5 years since there was >> an independent TSK release. There is a lot more in there than what we have >> listed in the NEWS.txt file because we didn’t keep it up to date with all of the >> little fixes and changes. >> I included an ebuild in my Gentoo overlay, will file a revbump bug after some more testing. The Java bindings are not built/enabled, I'll need to work this out. https://github.com/thinrope/pkalin/tree/master/app-forensics/sleuthkit Looking at the compiler warnings, I noticed quite a few with yaffs.c and it may be good to look at those in more detail. I haven't used YAFFS yet so testing it locally may be a bit of time investment. Here are the messages in question libtool: compile: x86_64-pc-linux-gnu-g++ -DHAVE_CONFIG_H -I. -I../../tsk -I../.. -I./../.. -Wall -pthread -O2 -pipe -c yaffs.cpp -fPIC -DPIC -o .libs/yaffs.o yaffs.cpp: In function ‘void yaffscache_object_dump(FILE*, YaffsCacheObject*)’: yaffs.cpp:619:30: warning: format ‘%llx’ expects argument of type ‘long long unsigned int’, but argument 6 has type ‘TSK_OFF_T {aka long int}’ [-Wformat=] chunk->ycc_offset); ^ yaffs.cpp: In function ‘uint8_t yaffsfs_parse_image_load_cache(YAFFSFS_INFO*)’: yaffs.cpp:1524:99: warning: format ‘%x’ expects argument of type ‘unsigned int’, but argument 3 has type ‘TSK_OFF_T {aka long int}’ [-Wformat=] fprintf(stderr, "Error reading header to get parent id at offset %x\n", offset); ^ yaffs.cpp:1560:16: warning: unused variable ‘orphanParentID’ [-Wunused-variable] TSK_INUM_T orphanParentID = yfs->fs_info.last_inum; ^ yaffs.cpp: In function ‘uint8_t yaffs_make_deleted(YAFFSFS_INFO*, TSK_FS_FILE*)’: yaffs.cpp:1743:95: warning: deprecated conversion from string constant to ‘char*’ [-Wwrite-strings] if (yaffs_make_directory(yaffsfs, fs_file, YAFFS_OBJECT_DELETED, YAFFS_OBJECT_DELETED_NAME)) ^ yaffs.cpp: In function ‘uint8_t yaffs_make_unlinked(YAFFSFS_INFO*, TSK_FS_FILE*)’: yaffs.cpp:1765:97: warning: deprecated conversion from string constant to ‘char*’ [-Wwrite-strings] if (yaffs_make_directory(yaffsfs, fs_file, YAFFS_OBJECT_UNLINKED, YAFFS_OBJECT_UNLINKED_NAME)) ^ yaffs.cpp: In function ‘uint8_t yaffs_inode_lookup(TSK_FS_INFO*, TSK_FS_FILE*, TSK_INUM_T)’: yaffs.cpp:1876:19: warning: deprecated conversion from string constant to ‘char*’ [-Wwrite-strings] real_name = YAFFS_OBJECT_LOSTNFOUND_NAME; ^ yaffs.cpp:1879:19: warning: deprecated conversion from string constant to ‘char*’ [-Wwrite-strings] real_name = YAFFS_OBJECT_UNLINKED_NAME; ^ yaffs.cpp:1882:19: warning: deprecated conversion from string constant to ‘char*’ [-Wwrite-strings] real_name = YAFFS_OBJECT_DELETED_NAME; ^ yaffs.cpp: In function ‘TSK_FS_INFO* yaffs2_open(TSK_IMG_INFO*, TSK_OFF_T, TSK_FS_TYPE_ENUM, uint8_t)’: yaffs.cpp:1580:39: warning: ‘max_inum’ may be used uninitialized in this function [-Wmaybe-uninitialized] yfs->fs_info.last_inum = max_inum + 1; // One more for the orphan dir ^ yaffs.cpp:1578:16: note: ‘max_inum’ was declared here TSK_INUM_T max_inum; ^ yaffs.cpp: At global scope: yaffs.cpp:626:5: warning: ‘void yaffscache_objects_dump(FILE*, YAFFSFS_INFO*)’ defined but not used [-Wunused-function] yaffscache_objects_dump(FILE *fp, YAFFSFS_INFO *yfs) ^ Kalin. |
|
From: Nanni B. <dig...@gm...> - 2015-09-17 15:23:32
|
Thanks! ;) I just release this based on TSK :-) XAll V.1.0 http://scripts4cf.sourceforge.net/tools.html thank you again -- Dott. Nanni Bassetti http://www.nannibassetti.com CAINE project manager - http://www.caine-live.net |
|
From: fpi <fra...@gm...> - 2015-09-17 15:57:02
|
On 17/09/2015 06:10, Brian Carrier wrote: > The 4.2.0 release is finally out. It’s been well over 1.5 years > since there was an independent TSK release. ... Great! Thank you for your awesome work! Francesco |
|
From: Mike P. <mpi...@gm...> - 2015-09-17 16:08:53
|
It's a labor of love I imagine, but labor nonetheless. Thanks so much for all the hard work you contribute to the forensic community! Mike On Thu, Sep 17, 2015 at 10:57 AM, fpi <fra...@gm...> wrote: > On 17/09/2015 06:10, Brian Carrier wrote: > > The 4.2.0 release is finally out. It’s been well over 1.5 years > > since there was an independent TSK release. ... > > Great! Thank you for your awesome work! > Francesco > > > > ------------------------------------------------------------------------------ > Monitor Your Dynamic Infrastructure at Any Scale With Datadog! > Get real-time metrics from all of your servers, apps and tools > in one place. > SourceForge users - Click here to start your Free Trial of Datadog now! > http://pubads.g.doubleclick.net/gampad/clk?id=241902991&iu=/4140 > _______________________________________________ > sleuthkit-users mailing list > https://lists.sourceforge.net/lists/listinfo/sleuthkit-users > http://www.sleuthkit.org > |
×
Want the latest updates on software, tech news, and AI?
Get latest updates about software, tech news, and AI from SourceForge directly in your inbox once a month.
Thanks for helping keep SourceForge clean.
X