New versions of your favourite open source DFIR tools – the Sleuth Kit and Autopsy, – have been released.

The Sleuth Kit 4.4.2

New Features:

  • usnjls tool for NTFS USN log (from noxdafox)
  • Added index to mime type column in DB
  • Use local SQLite3 if it exists (from uckelman-sf)
  • Blackboard Artifacts have a shortDescription metho

Bug Fixes:

  • Fix for highest HFS+ inum lookup (from uckelman-sf)
  • Fix ISO9660 crash
  • various performance fixes and added thread safety checks

Autopsy 4.4.1

  • Beta version of new central repository feature has been added for correlating artifacts across
    cases; results are displayed using an Interesting Artifacts branch of the Interesting Items tree and an Other Data Sources content viewer.
  • Results viewer (top right area of desktop application) sorts are persistent and can be applied to either the table viewer or the thumbnail viewer.
  • The View Source File in Directory context menu item now works correctly.
  • Tagged image files in the HTML report are now displayed full-size.
  • Case deletion is now done using a Case menu item and both single-user and general (not auto ingest) multi-user cases can be deleted.
  • Content viewers (bottom right area of desktop application) now resize correctly.
  • Some potential deadlocks during ingest have been eliminated.
  • Assorted performance improvements, enhancements, and bug fixes.
Load More Related Articles
Load More In Software

Leave a Reply

Your email address will not be published. Required fields are marked *