Home Software Autopsy 4.7.0 and The Sleuth Kit 4.6.1 have been released

Autopsy 4.7.0 and The Sleuth Kit 4.6.1 have been released

0
0
1,069

New versions of most popular open source DFIR tools, Autopsy and TSK, have been released. Here are the lists of new features:

Autopsy

  • A graph visualization was added to the Communications tool to make it easier to find messages and relationships.
  • A new “Application” content viewer (lower right) that will contain file-type specific viewers (to reduce number of tabs).
  • New viewer for SQLite databases (in Application content viewer)
  • New viewer for binary PLists (in Appilcation content viewer)
  • L01 files can be imported as data sources.
  • Ingest filters can now use date range conditions for triage.
  • Passwords to open password protected archive files can be entered (by right clicking on the file).
  • Reports (e.g., RegRipper output) generated by ingest modules are now indexed for keyword search.
  • PhotoRec carving module can be configured to keep corrupted files.
  • Sector size can be specified for local drives and images when E01 is wrong or it is a raw image.
  • New data source processor in Experimental module that runs Volatility, adds the outputs as files, and parses the reports to provide INTERESTING_FILE artifacts.
  • Assorted small enhancements are included.

The Sleuth Kit

  • Lots of bounds checking fixes from Google’s fuzzing tests. Thanks Google.
  • Cleanup and fixes from uckelman-sf and others
  • PostgreSQL, libvhdi, & libvmdk are supported for Linux / OS X
  • Fixed display of NTFS GUID in istat – report from Eric Zimmerman.
  • NTFS istat shows details about all FILE_NAME attributes, not just the first. report from Eric Zimmerman.
  • Reports can be URLs
  • Reports are Content
  • Added APIs for graph view of communications
  • JNI library is extracted to name with user name in it to avoid conflicts
  • Database Version upgraded from to 8.0 because Reports are now Content

 

Load More Related Articles
Load More In Software

Leave a Reply

Your email address will not be published. Required fields are marked *