The new versions of your favourite open source digital forensics tools – the Sleuth Kit and Autopsy have been released.
- Support for LZVN compressed HFS files (from Joel Uckelman).
- Use sector size from E01 (helps with 4k sector sizes).
- More specific version number of DB schema.
- New Local Directory type in DB to differentiate with Virtual Directories.
- All blackboard artifacts in DB are now ‘content’. Attachments can now be children of their parent message.
- Added extension as a column in tsk_files table.
- Faster resolving of HFS hard links.
- Lots of fixes from Google Fuzzing efforts.
- Memory usage has been reduced to improve support for very large cases.
- New central repository feature has been added that allows you to correlate between cases and track if an item was previously identified as being “bad” or notable.
- Message attachments are not associated with the message (and not just the source file). These can be found in the data sources and messages parts of the tree.
- Credit card number search has added logic to reduce false positives based on number lengths.
- Virtual directory nodes in the tree view are distinguished in the Data Sources tree by the addition of a “V” to their icon. These are folders that Autopsy/TSK created.
- A new version of the automated ingest dashboard has been added to allow insight into pending, running and completed automated ingest jobs in automated ingest Examiner mode.
- All occurrences of “Known Bad” in the user interface have been changed to “Notable.”
- Assorted small enhancements and bug fixes are included.