Home Software Autopsy 4.5.0 and the Sleuth Kit 4.5.0 have been released

Autopsy 4.5.0 and the Sleuth Kit 4.5.0 have been released


The new versions of your favourite open source digital forensics tools – the Sleuth Kit and Autopsy have been released.

The Sleuth Kit 4.5.0

New Features:

  • Support for LZVN compressed HFS files (from Joel Uckelman).
  • Use sector size from E01 (helps with 4k sector sizes).
  • More specific version number of DB schema.
  • New Local Directory type in DB to differentiate with Virtual Directories.
  • All blackboard artifacts in DB are now ‘content’. Attachments can now be children of their parent message.
  • Added extension as a column in tsk_files table.

Bug Fixes:

  • Faster resolving of HFS hard links.
  • Lots of fixes from Google Fuzzing efforts.

Autopsy 4.5.0

  • Memory usage has been reduced to improve support for very large cases.
  • New central repository feature has been added that allows you to correlate between cases and track if an item was previously identified as being “bad” or notable.
  • Message attachments are not associated with the message (and not just the source file). These can be found in the data sources and messages parts of the tree.
  • Credit card number search has added logic to reduce false positives based on number lengths.
  • Virtual directory nodes in the tree view are distinguished in the Data Sources tree by the addition of a “V” to their icon. These are folders that Autopsy/TSK created.
  • A new version of the automated ingest dashboard has been added to allow insight into pending, running and completed automated ingest jobs in automated ingest Examiner mode.
  • All occurrences of “Known Bad” in the user interface have been changed to “Notable.”
  • Assorted small enhancements and bug fixes are included.
Load More Related Articles
Load More In Software
Comments are closed.