TSK 4.3.0 Release

classic Classic list List threaded Threaded
8 messages Options
Reply | Threaded
Open this post in threaded view
|

TSK 4.3.0 Release

Brian Carrier-2
We’ve finally gotten a new Sleuth Kit release out.   The new release, version 4.3.0, has features from the Autopsy release last year (like PostgreSQL support) that never got out and this release marks the start of a new effort to have a TSK release for every Autopsy release (which should be out later today) and we are shooting for releases every 2 months because this current span has been way too long.  

4.3.0 adds:
        • PostgreSQL support (Windows only)
        • Support for virtual machine formats via libvmdk and libvhdi (Windows only)
        • Schema updates (data sources table, mime type, attributes store type)
        • tsk_img_open can take externally created TSK_IMG_INFO
        • New Release_ NoLibs Visual Studio target
        • Various bug fixes

I’m doing a test too and the downloads are now coming off of github instead of source forge.  Let me know if you have any problems.

    http://sleuthkit.org/sleuthkit/download.php

Thanks to the public contributions and the Basis developers for this work.

thanks,
brian


------------------------------------------------------------------------------
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are
consuming the most bandwidth. Provides multi-vendor support for NetFlow,
J-Flow, sFlow and other flows. Make informed decisions using capacity planning
reports.http://sdm.link/zohodev2dev
_______________________________________________
sleuthkit-users mailing list
https://lists.sourceforge.net/lists/listinfo/sleuthkit-users
http://www.sleuthkit.org
Reply | Threaded
Open this post in threaded view
|

Re: TSK 4.3.0 Release

RB-14
On Wed, Jul 20, 2016 at 7:42 AM, Brian Carrier <[hidden email]> wrote:
>
> Thanks to the public contributions and the Basis developers for this work.
>

Thanks to all indeed for the continued work!

While I know much of the work is predicated on what both analysts and
developers are familiar with, I must confess my trepidation at seeing
yet more Windows-only features creeping in.  We've already seen this
happen with Autopsy, to the point that the tools' origin platform is
now a third-class citizen.  With that same process now happening to
the core tool, I start to worry that the process will complete and we
who practice the art in, say, non-mainstream environments, will be
left in the cold.

How, exactly, is the libvmdk and libvhdi (both primarily developed on
Linux) support Windows-only?  Their APIs aren't platform-sensitive, so
is there at least a configure-time option to enable their use on other
platforms?

------------------------------------------------------------------------------
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are
consuming the most bandwidth. Provides multi-vendor support for NetFlow,
J-Flow, sFlow and other flows. Make informed decisions using capacity planning
reports.http://sdm.link/zohodev2dev
_______________________________________________
sleuthkit-users mailing list
https://lists.sourceforge.net/lists/listinfo/sleuthkit-users
http://www.sleuthkit.org
Reply | Threaded
Open this post in threaded view
|

Re: TSK 4.3.0 Release

Grundy Barry J TIGTA
> -----Original Message-----
> From: RB [mailto:[hidden email]]
> To: Brian Carrier
> Cc: [hidden email] users; sleuthkit-
> Subject: Re: [sleuthkit-users] TSK 4.3.0 Release
>
> Thanks to all indeed for the continued work!

Agreed.
 
> While I know much of the work is predicated on what both analysts and
> developers are familiar with, I must confess my trepidation at seeing yet
> more Windows-only features creeping in.  We've already seen this happen
> with Autopsy, to the point that the tools' origin platform is now a third-class
> citizen.  With that same process now happening to the core tool, I start to
> worry that the process will complete and we who practice the art in, say,
> non-mainstream environments, will be left in the cold.

<slow_clap.gif>

I don't generally use Autopsy, but I have a very real fear of TSK's continued development following in its wake.

> How, exactly, is the libvmdk and libvhdi (both primarily developed on
> Linux) support Windows-only?  Their APIs aren't platform-sensitive, so is
> there at least a configure-time option to enable their use on other
> platforms?

I was just getting ready to test exactly this.  My first thought was perhaps Windows *guests* rather than platform support for the library features, but that makes no sense.  I'm hoping to test over the coming week as time allows.

/*******************************************
Barry J. Grundy
Assistant Special Agent in Charge
Digital Forensic Support Group
Treasury Inspector General for Tax Administration
(301) 210-8741 (desk)
(202) 527-5778 (cell)
[hidden email]
********************************************\
 


------------------------------------------------------------------------------
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are
consuming the most bandwidth. Provides multi-vendor support for NetFlow,
J-Flow, sFlow and other flows. Make informed decisions using capacity planning
reports.http://sdm.link/zohodev2dev
_______________________________________________
sleuthkit-users mailing list
https://lists.sourceforge.net/lists/listinfo/sleuthkit-users
http://www.sleuthkit.org
Reply | Threaded
Open this post in threaded view
|

Re: TSK 4.3.0 Release

Brian Carrier-2
In reply to this post by RB-14
All that should be required is some autoconf/automake magic to get libvmdk and libvhdi working with TSK on Linux / OS X. We just haven’t had the cycles.  I’ll be honest that it is my intent to get PostgreSQL, virtual machine formats, etc. in to the auto* build process when start on these efforts, but other things come up and we’ve been slow enough with getting releases out that I don’t want to hold them up even more.

So, if someone can update configure.ac, etc. to look for the libraries and test them, we’d love a pull request!




> On Jul 20, 2016, at 10:20 AM, RB <[hidden email]> wrote:
>
> On Wed, Jul 20, 2016 at 7:42 AM, Brian Carrier <[hidden email]> wrote:
>>
>> Thanks to the public contributions and the Basis developers for this work.
>>
>
> Thanks to all indeed for the continued work!
>
> While I know much of the work is predicated on what both analysts and
> developers are familiar with, I must confess my trepidation at seeing
> yet more Windows-only features creeping in.  We've already seen this
> happen with Autopsy, to the point that the tools' origin platform is
> now a third-class citizen.  With that same process now happening to
> the core tool, I start to worry that the process will complete and we
> who practice the art in, say, non-mainstream environments, will be
> left in the cold.
>
> How, exactly, is the libvmdk and libvhdi (both primarily developed on
> Linux) support Windows-only?  Their APIs aren't platform-sensitive, so
> is there at least a configure-time option to enable their use on other
> platforms?
>
> ------------------------------------------------------------------------------
> What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
> patterns at an interface-level. Reveals which users, apps, and protocols are
> consuming the most bandwidth. Provides multi-vendor support for NetFlow,
> J-Flow, sFlow and other flows. Make informed decisions using capacity planning
> reports.http://sdm.link/zohodev2dev
> _______________________________________________
> sleuthkit-users mailing list
> https://lists.sourceforge.net/lists/listinfo/sleuthkit-users
> http://www.sleuthkit.org


------------------------------------------------------------------------------
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are
consuming the most bandwidth. Provides multi-vendor support for NetFlow,
J-Flow, sFlow and other flows. Make informed decisions using capacity planning
reports.http://sdm.link/zohodev2dev
_______________________________________________
sleuthkit-users mailing list
https://lists.sourceforge.net/lists/listinfo/sleuthkit-users
http://www.sleuthkit.org
Reply | Threaded
Open this post in threaded view
|

Re: TSK 4.3.0 Release

Luís Filipe Nassif
In reply to this post by Brian Carrier-2
Great news! Congratulations all sleuthkit team.

One question: does the new vmdk and vhdi support work with virtual disks with snapshots?

Thank you,
Luis

2016-07-20 10:42 GMT-03:00 Brian Carrier <[hidden email]>:
We’ve finally gotten a new Sleuth Kit release out.   The new release, version 4.3.0, has features from the Autopsy release last year (like PostgreSQL support) that never got out and this release marks the start of a new effort to have a TSK release for every Autopsy release (which should be out later today) and we are shooting for releases every 2 months because this current span has been way too long.

4.3.0 adds:
        • PostgreSQL support (Windows only)
        • Support for virtual machine formats via libvmdk and libvhdi (Windows only)
        • Schema updates (data sources table, mime type, attributes store type)
        • tsk_img_open can take externally created TSK_IMG_INFO
        • New Release_ NoLibs Visual Studio target
        • Various bug fixes

I’m doing a test too and the downloads are now coming off of github instead of source forge.  Let me know if you have any problems.

    http://sleuthkit.org/sleuthkit/download.php

Thanks to the public contributions and the Basis developers for this work.

thanks,
brian


------------------------------------------------------------------------------
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are
consuming the most bandwidth. Provides multi-vendor support for NetFlow,
J-Flow, sFlow and other flows. Make informed decisions using capacity planning
reports.http://sdm.link/zohodev2dev
_______________________________________________
sleuthkit-users mailing list
https://lists.sourceforge.net/lists/listinfo/sleuthkit-users
http://www.sleuthkit.org


------------------------------------------------------------------------------
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are
consuming the most bandwidth. Provides multi-vendor support for NetFlow,
J-Flow, sFlow and other flows. Make informed decisions using capacity planning
reports.http://sdm.link/zohodev2dev
_______________________________________________
sleuthkit-users mailing list
https://lists.sourceforge.net/lists/listinfo/sleuthkit-users
http://www.sleuthkit.org
Reply | Threaded
Open this post in threaded view
|

Browser History Scanner

DRSL Mail
Hi,

Can anyone please advise a tool that can be run centrally on a network to uncover browsing history of the users?

This is urgently needed as our initial investigation revealed that a user created some malicious mails on this website : emkei.cz ‎ in order to defraud the Organization, although the attempt failed as the third party raised an alarm.

However, we need to know the user whose system was used to launch the malicious mails, we have individually scanned all the users in the affected department but all returned negative.

The firm has about 280 Machines, and so we need a tool that can be deployed centrally to check the browsing history of all the users.

Please help.

Bolanle O. Omotoso, 
Ceo, 
Data Recovery Specialist Ltd 
https://nigeriadatarecovery.com 
08035639710 

Sent from Data Recovery Specialist wireless' device


------------------------------------------------------------------------------
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are
consuming the most bandwidth. Provides multi-vendor support for NetFlow,
J-Flow, sFlow and other flows. Make informed decisions using capacity planning
reports.http://sdm.link/zohodev2dev
_______________________________________________
sleuthkit-users mailing list
https://lists.sourceforge.net/lists/listinfo/sleuthkit-users
http://www.sleuthkit.org
Reply | Threaded
Open this post in threaded view
|

Re: Browser History Scanner

slo.sleuth@gmail.com
Take a look at GRR Rapid Response. https://github.com/google/grr

It was designed exactly for the type of investigation you propose.

On Jul 23, 2016, at 7:55 AM, DRSL Mail <[hidden email]> wrote:

Hi,

Can anyone please advise a tool that can be run centrally on a network to uncover browsing history of the users?

This is urgently needed as our initial investigation revealed that a user created some malicious mails on this website : emkei.cz ‎ in order to defraud the Organization, although the attempt failed as the third party raised an alarm.

However, we need to know the user whose system was used to launch the malicious mails, we have individually scanned all the users in the affected department but all returned negative.

The firm has about 280 Machines, and so we need a tool that can be deployed centrally to check the browsing history of all the users.

Please help.

Bolanle O. Omotoso, 
Ceo, 
Data Recovery Specialist Ltd 
https://nigeriadatarecovery.com 
08035639710 

Sent from Data Recovery Specialist wireless' device

------------------------------------------------------------------------------
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are
consuming the most bandwidth. Provides multi-vendor support for NetFlow,
J-Flow, sFlow and other flows. Make informed decisions using capacity planning
reports.http://sdm.link/zohodev2dev_______________________________________________
sleuthkit-users mailing list
https://lists.sourceforge.net/lists/listinfo/sleuthkit-users
http://www.sleuthkit.org


------------------------------------------------------------------------------
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are
consuming the most bandwidth. Provides multi-vendor support for NetFlow,
J-Flow, sFlow and other flows. Make informed decisions using capacity planning
reports.http://sdm.link/zohodev2dev
_______________________________________________
sleuthkit-users mailing list
https://lists.sourceforge.net/lists/listinfo/sleuthkit-users
http://www.sleuthkit.org
Reply | Threaded
Open this post in threaded view
|

Re: Browser History Scanner

DRSL Mail
Thanks, but I couldn't find anything of value relating to my request on the site!

Can you kindly shed more lights on what I should look for? May be I was checking a wrong link!

Regards,

Bolanle O. Omotoso, 
Ceo, 
Data Recovery Specialist Ltd 
https://nigeriadatarecovery.com 
08035639710 

Sent from Data Recovery Specialist wireless' device
From: John Lehr
Sent: Saturday, July 23, 2016 4:27 PM
To: DRSL Mail
Cc: Luís Filipe Nassif; [hidden email] users
Subject: Re: [sleuthkit-users] Browser History Scanner

Take a look at GRR Rapid Response. https://github.com/google/grr

It was designed exactly for the type of investigation you propose.

On Jul 23, 2016, at 7:55 AM, DRSL Mail <[hidden email]> wrote:

Hi,

Can anyone please advise a tool that can be run centrally on a network to uncover browsing history of the users?

This is urgently needed as our initial investigation revealed that a user created some malicious mails on this website : emkei.cz ‎ in order to defraud the Organization, although the attempt failed as the third party raised an alarm.

However, we need to know the user whose system was used to launch the malicious mails, we have individually scanned all the users in the affected department but all returned negative.

The firm has about 280 Machines, and so we need a tool that can be deployed centrally to check the browsing history of all the users.

Please help.

Bolanle O. Omotoso, 
Ceo, 
Data Recovery Specialist Ltd 
https://nigeriadatarecovery.com 
08035639710 

Sent from Data Recovery Specialist wireless' device

------------------------------------------------------------------------------
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are
consuming the most bandwidth. Provides multi-vendor support for NetFlow,
J-Flow, sFlow and other flows. Make informed decisions using capacity planning
reports.http://sdm.link/zohodev2dev_______________________________________________
sleuthkit-users mailing list
https://lists.sourceforge.net/lists/listinfo/sleuthkit-users
http://www.sleuthkit.org



------------------------------------------------------------------------------
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are
consuming the most bandwidth. Provides multi-vendor support for NetFlow,
J-Flow, sFlow and other flows. Make informed decisions using capacity planning
reports.http://sdm.link/zohodev2dev
_______________________________________________
sleuthkit-users mailing list
https://lists.sourceforge.net/lists/listinfo/sleuthkit-users
http://www.sleuthkit.org