Plaso development team has just released a new Plaso version, fixing a couple of small issues and adding a parser for Sophos Antivirus SAV logs. You can download and test the new version here.

Mail Header Analyzer (MHA) is an open source tool by Ahmed Shawky for parsing email headers and converting them to a human readable format, it also can: Identify hop delays. Identify the source of the email. Identify hop country. You can download it at GitHub.

EasyMetaData has updated FindUSBMSC. It’s a script to parse the system logs on macOS. It looks for USBMSC storage device plugins and links them back to the product information.  

ArtifactExtractor is a script that extracts common Windows artifacts from source images and VSCs. Artifacts in VSCs will be checked (via hash) if they are different from a later VSC/image copy before extraction. The script and the source code can be downloaded here.

The new versions of your favourite open source digital forensics tools – the Sleuth Kit and Autopsy have been released. The Sleuth Kit 4.5.0 New Features: Support for LZVN compressed HFS files (from Joel Uckelman). Use sector size from E01 (helps with 4k sector sizes). More specific version number of DB schema. New Local Directory type in DB to differentiate …

AUMFOR is a GUI based tool which can help a digital forensic investigator by performing all complex and tedious work automatically, it also analyses and gives final accurate reports about possibilities of use of malware in committing a crime. It is build with Django and it uses Volatility to perform memory forensics. AUMFOR uses VirusTotal for performing virus scanning. You can …

The Plaso development team has announced the new version of the tool – Heimdall. Here is the list of new features: New parsers and plugins: New contributor rbdebeer has added a parser for Amcache information on Windows. As systemd continues to be picked by more and more Linux distributions, a parser for the binary Systemd journal have been added. ChromeOS syslog …

RecuperaBit is a piece of  software which attempts to reconstruct file system structures and recover files. Currently it supports only NTFS. RecuperaBit attempts reconstruction of the directory structure regardless of: missing partition table unknown partition boundaries partially-overwritten metadata quick format You can get more information about the reconstruction algorithms and the architecture used in RecuperaBit by reading this MSc thesis or checking out the slides.

Guys from Forensic Control have updated their list of free digital forensic tools. The list was last reviewed on 30 August 2017. Forensic Control is a cyber security and computer forensic company based in London.

The Pharos static binary analysis framework is a project of the Software Engineering Institute at Carnegie Mellon University. The framework is designed to facilitate the automated analysis of binary programs. It uses the ROSE compiler infrastructure developed by Lawrence Livermore National Laboratory for disassembly, control flow analysis, instruction semantics, and more. The Pharos includes the following tools: APIAnalyzer, OOAnalyzer, CallAnalyzer, FN2Yara, FN2Hash and DumpMASM. You …