New Autopsy and TSK Releases!

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view

New Autopsy and TSK Releases!

Brian Carrier-2
We missed our goal of a quarterly release, but we managed to get Autopsy 4.4.0 and TSK 4.4.1 out.  

Autopsy 4.4.0:
- Has a bunch of keyword search improvements, including better regular expression searching with spaces, better hit highlighting, and ability to edit keyword lists. 
- New triage features, such as:
-- You can make a sparse VHD file when analyzing a local drive (USB) so that you don't need to acquire first.  When your analysis is over, you'll have a VHD image of the drive!
-- Ingest filters allow you to run the ingest modules only a subset of files during triage
-- Ingest profiles allow you to pick an ingest filter and set of ingest modules to make it eaiser to preprogram for triage
- Lots of other changes and improvements to existing features.

More changes can be found on the history page.

You can download it from the download page (Note that we are now using github for releases).

The Sleuth Kit 4.4.1:
- Mostly bug fixes, including memory leaks, unicode cleanup, missing NTFS files (in rare cases), really long folder structures and database inserts.
- The code to make the VHD sparse image is in TSK, but not exposed via any of the command line tools.

You can download it from the download page.

Thanks to the community members who contributed to the TSK fixes this release and the Basis team for the new features and fixes.

Next release is scheduled for July 1ish so that we get back on our quarterly schedule.


Check out the vibrant tech community on one of the world's most
engaging tech sites,!
sleuthkit-users mailing list