EasyMetaData has updated FindUSBMSC. It’s a script to parse the system logs on macOS. It looks for USBMSC storage device plugins and links them back to the product information.  

ArtifactExtractor is a script that extracts common Windows artifacts from source images and VSCs. Artifacts in VSCs will be checked (via hash) if they are different from a later VSC/image copy before extraction. The script and the source code can be downloaded here.

The new versions of your favourite open source digital forensics tools – the Sleuth Kit and Autopsy have been released. The Sleuth Kit 4.5.0 New Features: Support for LZVN compressed HFS files (from Joel Uckelman). Use sector size from E01 (helps with 4k sector sizes). More specific version number of DB schema. New Local Directory type in DB to differentiate …

AUMFOR is a GUI based tool which can help a digital forensic investigator by performing all complex and tedious work automatically, it also analyses and gives final accurate reports about possibilities of use of malware in committing a crime. It is build with Django and it uses Volatility to perform memory forensics. AUMFOR uses VirusTotal for performing virus scanning. You can …

The Plaso development team has announced the new version of the tool – Heimdall. Here is the list of new features: New parsers and plugins: New contributor rbdebeer has added a parser for Amcache information on Windows. As systemd continues to be picked by more and more Linux distributions, a parser for the binary Systemd journal have been added. ChromeOS syslog …

RecuperaBit is a piece of  software which attempts to reconstruct file system structures and recover files. Currently it supports only NTFS. RecuperaBit attempts reconstruction of the directory structure regardless of: missing partition table unknown partition boundaries partially-overwritten metadata quick format You can get more information about the reconstruction algorithms and the architecture used in RecuperaBit by reading this MSc thesis or checking out the slides.

Guys from Forensic Control have updated their list of free digital forensic tools. The list was last reviewed on 30 August 2017. Forensic Control is a cyber security and computer forensic company based in London.

The Pharos static binary analysis framework is a project of the Software Engineering Institute at Carnegie Mellon University. The framework is designed to facilitate the automated analysis of binary programs. It uses the ROSE compiler infrastructure developed by Lawrence Livermore National Laboratory for disassembly, control flow analysis, instruction semantics, and more. The Pharos includes the following tools: APIAnalyzer, OOAnalyzer, CallAnalyzer, FN2Yara, FN2Hash and DumpMASM. You …

Hindsight, an open source Chrome forensics tool, has been updated to version 2.1.1. Support for Chrome versions 1 – 60 Added more error checking / catching in the cache parsing section Updated Hindsight plugin search to better handle combinations of local plugins and the default plugins when installed via pip You can download the tool at GitHub.

CyLR CDQR Forensics Virtual Machine (CCF-VM) by Alan Orlikoski has been updated to version 2.1. Added TimeSketch!!!! Includes Redis & MySQL as well Updated CDQR 4.0.0 Replaced kopf with Cerebro for ElasticSearch DB Updated ElasticSearch Updated Kibana Changed to .zip archive format for the OVF for maximum compatibility Updated “update.sh” script that updates the OS, CDQR, CyLR in one click …