Added support to allow Autopsy streaming ingest where files are added in batches. Fixed changes to normalization and validation of emails and phone numbers. Use Autopsy instead if you need an analysis framework. Various fixes from Google-based fuzzing. Ensure all reads even big ones are sector aligned when reading from Windows device. Ensure all command line tools support new pool command line arguments. Limited APFS support added in libtsk and some of the command line tools.
Basis Technology did some minor refactoring. Reported by X. File system bug fixes from uckelman-sf on github Database: DB schema was updated to support pools Added concept of JSON in Blackboard Attributes Schema supports cascading deletes to enable data source deletion Java: Added Pool class and associated infrastructure Added methods to support deleting data sources from database Removed JavaFX as a dependency by refactoring the recently introduced timeline filtering classes.
Added attachment support to the blackboard helper package. Time-based data is automatically added when files and artifacts are created. Used by Autopsy timeline. Logical Imager can save files as individual files instead of in VHD saves space. File Discovery: Changed UI to have more of a search flow and content viewer is hidden until an item is selected.
Reports: Can be generated for a single data source instead of the entire case. Added backend concept of Tag Sets to support Project Vic categories from different countries. Performance: Add throttling of UI refreshes to ensure data is quickly displayed and the tree does not get backed up with requests. Improved efficiency of adding a data source with many orphan files. Improved efficiency of loading file systems. Jython interpreter is preloaded at application startup.
Misc bug fixes and improvements: Fixed bug from last release where hex content viewer text was no longer fixed width. Altered locking to allow multiple data sources to be added at once more smoothly and to support batch inserts of file data. Central repository comments will no longer store tag descriptions. Account type nodes in the Accounts tree show counts.
Full time stamps displayed for messages in ingest inbox. More detailed status during file exports. Improved efficiency of adding timeline events. Fixed bug with CVT most recent filter. Expanded Context Content Viewer to show if an app accessed a file. Added translation feature to Message Content Viewer. Added waypoint type filter to the Geolocation viewer. Added zoom feature to Indexed Text Content Viewer.
Central Repository is enabled by default to store past hashes. Feature to flag previously seen files is disabled by default. Other New Features: Multi-user cases can be created via command line Bug fixes: Prevent entire application from crashing when gstreamer crashes on videos. Improve Geolocation viewer with large data sets.
Fix error with non-sector aligned reads on local disks. Times from Recycle Bin files are now in timeline. Validate timeline events and ignore events too far in the future.
Moved some database queries off of UI thread. Remove hard coded sizes from UI that cause issues with other languages. Works best with the Central Repository storing all of the hashes you've seen. New Map viewer that uses either Bing when online or offline map tiles. Communications UI shows country names for phone numbers and fixed bug in summary panel. Fixed bugs in timeline filtering.
Does not include encrypted volumes or ones that span multiple disks. Currently shows what message a file was attached to or what URL a file was downloaded from. Ingest Modules: Keyword Search module uses Decodetect statistical encoding detection for plain text files. Fixes issues with incorrect detection of Japanese files. Embedded File Extractor module uses statistical analysis to determine encoding of file names in ZIP files.
Solr Keyword Search module now uses Japanese-specific tokenization using Kuromoji. Plaso module no longer generates an error if enabled for non-disk image data sources. Added support for message attachments that are stored as an external file system file. Expanded Email and Android modules to use this technique.
General: Fixed crashes by gstreamer when a video is selected. Added initial capability to delete a data source from a case excludes data in the CR. Changed behavior of portable case menu item to automatically open the case and warn if it was already unpacked.
Fixed bug that caused issues when case metadata had Unicode values. Full command line support case creation, adding of data sources, running ingest, and generating reports. More fine grained progress during collection and importing. Log of files and make artifacts. All console messages are saved to a log file too.
Improved handling of cancellation when adding results into a case. Recycle Bin files are parsed in Recent Activity module, new artifacts are created, and deleted file entries are created at the original location of the deleted files. New artifacts are recreated for the data. Data includes password dates, permissions, groups, and full name. Email ingest module parses EML files. New Plaso ingest module that runs Plaso and generates events for the timeline.
Fixed bug in Email module for VCard files to better parse phone number types. Keyword Search module waits longer for Solr to start to prevent incorrectly reporting a problem and disabling the feature. Embedded file extractor module was updated to not report compression bombs for GZIP files. Hash Filtering - Flag known bad files and ignore known good. Keyword Search - Indexed keyword search to find files that mention relevant terms. See the Features page for more details.
Developers should refer to the module development page for details on building modules. Everyone wants results yesterday. Autopsy runs background tasks in parallel using multiple cores and provides results to you as soon as they are found. It may take hours to fully search the drive, but you will know in minutes if your keywords were found in the user's home folder. See the fast results page for more details.
0コメント