Home Software Autopsy 4.9.0 and the Sleuth Kit 4.6.3 released

Autopsy 4.9.0 and the Sleuth Kit 4.6.3 released

0
0
733

New versions of our open source DFIR tools have been released:

Autopsy

New Features:

  • Removed data from table that are time intensive and can be found in content viewers (such as hash set hits)
  • Added ability to find common items (files, emails, etc.) between current case and past cases using the Central Repository.
  • Added ability to ignore common items that exist in a large number of cases by using Central Repository data.
  • Data is validated and normalized before being entered into the Central Repository.
  • Allow users to specify that an ad-hoc keyword search should not be saved to database
  • New “Annotations” content viewer that shows all tags and comments associated with an item
  • Added 2 icons to the table to show the item’s score (if it is notable or suspicious) and if it has a comment.
  • Added column to the table to show previous number of occurrences.
  • Tags are now associated with the user (in a multi-user environment) and you can hide other people’s tags
  • New Display options area that unifies various new settings.
  • Hash sets can be copied into the user’s config folder (AppData), which makes it easier to run Autopsy from a Live Triage USB and not care about what drive letter it gets.
  • Image Gallery stores its groups and seen status in Case DB instead of its own.
  • Image Gallery works better in multi-user setups and reloads the database when other nodes add data sources.
  • Image Gallery saves which user saw a group and gives user option of seeing only their unseen groups or all unseen groups.
  • Saves last export location and pre-populates that in the file picker
  • Provide feedback about why some right click options are disabled (ingest is running, not file content, etc.)

Bug Fixes:

  • Substring keyword search is more accurate (now uses regular expression)
  • New text extractor for SQLite that better deals with full text search tables
  • Better deal with Unicode text files that do not have Byte Order Marker
  • Embedded file extractor module is now faster because it uses a different 7ZIP API.
  • Fixed various HTML report bugs
  • Duplicate hash set hits are not created when you run the Hash Ingest Module twice.
  • Auto ingest (in Experimental) scan times of input folders is faster.

The Sleuth Kit

C/C++ Code:

  • Hashdb bug fixes for corrupt indexes and 0 hashes
  • New code for testing power of number in ExtX code

Java Code:

  • New class that allows generic database access
  • New methods that check for duplicate artifacts
  • Added caches for frequently used content

Database Schema:

  • Added Examiner table
  • Tags are now associated with Examiners
  • Changed parent_path for logical files to be consistent with FS files.
Load More Related Articles
Load More In Software

Leave a Reply

Your email address will not be published. Required fields are marked *