New versions of your favourite open source DFIR tools – the Sleuth Kit and Autopsy, – have been released.
The Sleuth Kit 4.4.2
New Features:
usnjls tool for NTFS USN log (from noxdafox)
Added index to mime type column in DB
Use local SQLite3 if it exists (from uckelman-sf)
Blackboard Artifacts have a shortDescription metho
Bug Fixes:
Fix for highest HFS+ inum lookup (from uckelman-sf)
Fix ISO9660 crash
various performance fixes and added thread safety checks
Autopsy 4.4.1
Beta version of new central repository feature has been added for correlating artifacts across
cases; results are displayed using an Interesting Artifacts branch of the Interesting Items tree and an Other Data Sources content viewer.
Results viewer (top right area of desktop application) sorts are persistent and can be applied to either the table viewer or the thumbnail viewer.
The View Source File in Directory context menu item now works correctly.
Tagged image files in the HTML report are now displayed full-size.
Case deletion is now done using a Case menu item and both single-user and general (not auto ingest) multi-user cases can be deleted.
Content viewers (bottom right area of desktop application) now resize correctly.
Some potential deadlocks during ingest have been eliminated.
Assorted performance improvements, enhancements, and bug fixes.
'computer forensics' 카테고리의 다른 글
멀웨어 Datper의 흔적을 조사하는 ~ 로그 분석 도구 (Splunk · ELK 스택)를 활용 한 조사 (0) | 2017.09.26 |
---|---|
Nullcon ctf MISC 300 (0) | 2017.05.03 |
Acquiring Linux Memory from a Server Far Far Away (0) | 2017.02.22 |
DDos Syn 패킷 분석 (0) | 2016.01.18 |
네트워크 포렌식 (backdoor) (0) | 2015.12.29 |