Home Software Autopsy 4.7.0 and The Sleuth Kit 4.6.1 have been released

Autopsy 4.7.0 and The Sleuth Kit 4.6.1 have been released


New versions of most popular open source DFIR tools, Autopsy and TSK, have been released. Here are the lists of new features:


  • A graph visualization was added to the Communications tool to make it easier to find messages and relationships.
  • A new “Application” content viewer (lower right) that will contain file-type specific viewers (to reduce number of tabs).
  • New viewer for SQLite databases (in Application content viewer)
  • New viewer for binary PLists (in Appilcation content viewer)
  • L01 files can be imported as data sources.
  • Ingest filters can now use date range conditions for triage.
  • Passwords to open password protected archive files can be entered (by right clicking on the file).
  • Reports (e.g., RegRipper output) generated by ingest modules are now indexed for keyword search.
  • PhotoRec carving module can be configured to keep corrupted files.
  • Sector size can be specified for local drives and images when E01 is wrong or it is a raw image.
  • New data source processor in Experimental module that runs Volatility, adds the outputs as files, and parses the reports to provide INTERESTING_FILE artifacts.
  • Assorted small enhancements are included.

The Sleuth Kit

  • Lots of bounds checking fixes from Google’s fuzzing tests. Thanks Google.
  • Cleanup and fixes from uckelman-sf and others
  • PostgreSQL, libvhdi, & libvmdk are supported for Linux / OS X
  • Fixed display of NTFS GUID in istat – report from Eric Zimmerman.
  • NTFS istat shows details about all FILE_NAME attributes, not just the first. report from Eric Zimmerman.
  • Reports can be URLs
  • Reports are Content
  • Added APIs for graph view of communications
  • JNI library is extracted to name with user name in it to avoid conflicts
  • Database Version upgraded from to 8.0 because Reports are now Content


Load More Related Articles
Load More In Software
Comments are closed.