The Sleuth Kit version 1.61 and Autopsy version 1.71 are now
available.
http://www.sleuthkit.org/sleuthkit
http://www.sleuthkit.org/autopsy
What is The Sleuth Kit?
The Sleuth Kit was previously known as The @stake Sleuth Kit (TASK)
and is now independent from any organization. All future releases
will be available from http://www.sleuthkit.org.
What is new in The Sleuth Kit 1.71?
The Sleuth Kit had features added and a couple of bugs were fixed
(one is major and all users should upgrade).
Major New Features:
- Thumbnails are now created for graphic images in 'sorter'.
- 'sorter' uses the '-z' flag with 'file' to get the format inside
compressed files.
- 'hfind' now supports the new NIST NSRL hash format (version 2)
- 'hfind' now supports the Hash Keeper hash format
- 'ifind -n' now accepts short names for FAT files.
- 'mactime' can create a summary of daily activity with '-i'
- 'file' was updated due to a vulnerability in it
Bug Fixes:
- A final NTFS Index Buffer was not always being processed, which
resulted in some files not being shown. (Debugging help from
Matthew Shannon).
- NTFS MFT entries with a Magic of 0 were marked as invalid
- 'fls' would crash if a clock skew file was given, the file
had an inode of 0, and '-l' or '-m' was given. (Debugging
help from Josep Homs).
- 'ifind -n' could return the meta data address of a file that had
a name shorter than the requested one
MD5 (sleuthkit-1.61.tar.gz) = cd6783f8d9a109ffe839912674e2f3cf
What is new in Autopsy 1.71:
Autopsy had user interface improvements and added support for new
features in The Sleuth Kit.
Major New Features:
- 'autopsy' can be started with no arguments (port 9999 and localhost
are assumed)
- The path of a directory or file can be entered instead of having to
click through directories (suggested by William Salusky)
- The path in each directory listing now contains hyper links that can
be used to quickly return to previous directories
- To add a passwd and group file to a timeline, only the image needs to
be specified (Autopsy will find the inode values)
- When adding images, Autopsy will copy or create symlinks to the
Evidence Locker instead of forcing the user to
- Added option to extact all graphic images and generate a page of
thumbnails
- The new 'summary' page from 'mactime' is used when viewing timelines
Bug Fixes:
- Keyword searching would fail if special characters were not escaped.
/, ., [, ^, $, ", and - are now escaped
- The path of a strings file could not have a space in it
- The opening of a case was not being logged in the case log
MD5 (autopsy-1.71.tar.gz) = 931b672fabcdb2145ae51e2885e9b685
What is the April issue of The Sleuth Kit Informer on?
The April issue will cover the 'sorter' tool, including how it works and
how to write rulesets to customize how it handles file types.
http://www.sleuthkit.org/informer/
brian
http://www.sleuthkit.org
|
