Autor Thema: Forensic Software diverses  (Gelesen 9039 mal)

0 Mitglieder und 1 Gast betrachten dieses Thema.

Offline SiLæncer

  • Cheff-Cubie
  • *****
  • Beiträge: 189141
  • Ohne Input kein Output
    • DVB-Cube
OSForensics 7.1.1004
« Antwort #90 am: 06 Januar, 2020, 09:08 »
Changelog

    Create Index/Search Index:

    Further fixes to indexing and searching large number of unique words (2mill+)
    Fixed bug with indexing files failed to be identified by magic being indexed as plain text (now treated as binary files). This may have caused extraneous data being indexed (leading to large number of unique words)
    Fixed bug with "Export search results to CSV" from "Search Index"->"History" tab, when the selected search results contain a mix of files and emails, the columns output in the CSV do not match up (emails will have more columns than the files).

    Email Viewer:

    Fixed bug with Email Viewer rejecting to open an MBOX file which contains non-ASCII characters, and the file is opened in the Internal File Viewer instead.

    ESEDB Viewer:

    dded missing error checks for non- existent table name. This caused out-of-index exception when performing User Activity scan on IE/Edge WebCache01.dat files.

    Passwords:

    Potential fix for crash when scanning for passwords in Credential Manager


[close]

http://www.osforensics.com/

Arbeits.- Testrechner :

Intel® Core™ i7-6700 (4 x 3.40 GHz / 4.00 GHz)
16 GB (2 x 8 GB) DDR4 SDRAM 2133 MHz
250 GB SSD Samsung 750 EVO / 1 TB HDD
ZOTAC Geforce GTX 1080TI AMPExtreme Core Edition 11GB GDDR5
MSI Z170A PC Mate Mainboard
DVD-Brenner Laufwerk
Microsoft Windows 10 Home 64Bit

TT S2 3200 ( BDA Treiber 5.0.1.8 ) + Terratec Cinergy 1200 C ( BDA Treiber 4.8.3.1.8 )

Offline SiLæncer

  • Cheff-Cubie
  • *****
  • Beiträge: 189141
  • Ohne Input kein Output
    • DVB-Cube
OSForensics 7.1.1005
« Antwort #91 am: 24 Januar, 2020, 18:00 »
Changelog


    Case Manager
        Added support for opening tagged e-mails & attachments via double-click/right-click
    Create Index/Search Index
        Fixed bug when selecting file types for "Video", "Executables" or "Other" only (no files indexed when these are the only options selected)
        Fixed crash bug with indexing and extracting meta info for MP3 files containing TXXX frames
        Fixed bug with indexing files found within at least 3 recursive levels of ZIP files. These would show up with incorrect paths (missing ZIP file names) and unable to open the file from the Search Results
        Fixed bug with email messages in HTML or TXT format (not RTF) not being indexed as email filetype (and incorrectly showing up on the "Files" tab in OSF results)
        Fixed bug with MBOX files with no extensions (such as from Thunderbird) being indexed twice when we encounter the .MSF (mbox index) file.
        Fixed bug with MBOX files with no extensions failing to be recognised by the unknown file type identification function (magic).
        Updated PDF indexing to use CreationDate and ModDate from within PDF document properties
    File Name Search
        Presets, Updated default extensions to include heic/heif for images and hevc for videos.
    Generate Report
        Fixed Typos. Custom Logo area is always shown. Still only editable in Pro version.
    Start Page
        Fixed issue where some items were not being hidden when everything was unchecked in Customize Workflow.
    System Information
        Added collection of more fields when performing command ('Windows Info (Registry)'). Fixed collection of 'Install date' field.
    Misc
        Updated web browser video download function to work with current version of YouTube
        Added code to deal with non sector aligned access to physical disk
        Updated support bitlocker encryption. This can fix (some) instances of the "unsupported FVE metadata entry version" error.

[close]

http://www.osforensics.com/

Arbeits.- Testrechner :

Intel® Core™ i7-6700 (4 x 3.40 GHz / 4.00 GHz)
16 GB (2 x 8 GB) DDR4 SDRAM 2133 MHz
250 GB SSD Samsung 750 EVO / 1 TB HDD
ZOTAC Geforce GTX 1080TI AMPExtreme Core Edition 11GB GDDR5
MSI Z170A PC Mate Mainboard
DVD-Brenner Laufwerk
Microsoft Windows 10 Home 64Bit

TT S2 3200 ( BDA Treiber 5.0.1.8 ) + Terratec Cinergy 1200 C ( BDA Treiber 4.8.3.1.8 )

Offline SiLæncer

  • Cheff-Cubie
  • *****
  • Beiträge: 189141
  • Ohne Input kein Output
    • DVB-Cube
Autopsy 4.14.0
« Antwort #92 am: 25 Januar, 2020, 19:00 »
Autopsy is a graphical interface to The Sleuth Kit and other analysis tools. It was designed to be an extensible platform so that it can be an end-to-end digital forensics solution that incorporates plug-in modules from both open and closed source projects. The application provides users with various analysis features and with the possibility of generating HTML or CSV reports as well.

License: GPL

Changelog

    Specialized UIs:

    New File Discovery UI that allows you to search and filter for certain types of files. Works best with the Central Repository storing all of the hashes you've seen.
    New Map viewer that uses either Bing (when online) or offline map tiles.
    Communications UI shows country names for phone numbers and fixed bug in summary panel.
    Fixed bugs in timeline filtering.
    Refactored backend timeline filtering code based on The Sleuth Kit data model changes to remove JavaFX dependency.

    Data Sources:

    Added limited support for APFS disk images. Does not include encrypted volumes or ones that span multiple disks. Uses contribution to The Sleuth Kit from Black Bag Technologies.
    New data source processor that parses “XRY File Exports”.

    Content Viewers:

    Added a new “Context” viewer to show where a file came from. Currently shows what message a file was attached to or what URL a file was downloaded from.
    Added support to seek and change playback speed for videos in “Application” viewer.
    Improved support for Unicode HTML files in “Application” viewer.
    Added support for webp image files in “Application” viewer.

    Ingest Modules:

    Keyword Search module uses Decodetect statistical encoding detection for plain text files. Fixes issues with incorrect detection of Japanese files.
    Embedded File Extractor module uses statistical analysis to determine encoding of file names in ZIP files. Fixes issues with ZIP files created on Windows Japanese computers.
    Solr (Keyword Search module) now uses Japanese-specific tokenization using Kuromoji.
    Fixed Shellbags module in RegRipper (used by Autopsy Recent Activity module) to fix parsing errors.
    Plaso module no longer generates an error if enabled for non-disk image data sources.
    Added support for message attachments that are stored as an external file system file. Expanded Email and Android modules to use this technique.

    General:

    Fixed crashes by gstreamer when a video is selected.
    Added initial capability to delete a data source from a case (excludes data in the CR).
    Changed behavior of portable case menu item to automatically open the case and warn if it was already unpacked.
    Fixed bug that caused issues when case metadata had Unicode values.
    Added new Attachment APIs to the CommunicationsArtifactHelper class to support attachments stored as external file system files.

[close]

http://www.sleuthkit.org/autopsy

Arbeits.- Testrechner :

Intel® Core™ i7-6700 (4 x 3.40 GHz / 4.00 GHz)
16 GB (2 x 8 GB) DDR4 SDRAM 2133 MHz
250 GB SSD Samsung 750 EVO / 1 TB HDD
ZOTAC Geforce GTX 1080TI AMPExtreme Core Edition 11GB GDDR5
MSI Z170A PC Mate Mainboard
DVD-Brenner Laufwerk
Microsoft Windows 10 Home 64Bit

TT S2 3200 ( BDA Treiber 5.0.1.8 ) + Terratec Cinergy 1200 C ( BDA Treiber 4.8.3.1.8 )

Offline SiLæncer

  • Cheff-Cubie
  • *****
  • Beiträge: 189141
  • Ohne Input kein Output
    • DVB-Cube
OSForensics 7.1.1006
« Antwort #93 am: 18 Februar, 2020, 14:00 »
Changelog

    Auto Triage:

    Fixed a crash that could occur when collecting system information (via Auto Triage or System Information)
    Made some changes so less trial limitation warnings are displayed at the same time during Auto Triage

    Create Index:

    New indexer builds with updated BitLocker handling

    Generate Report:

    Fixed an issue with Logos not being enabled to be changed for Pro/Licensed.

    Passwords:

    Updated Password Decrypting .dll files and fixed issued with GPU decryption not running.

    User Activity:

    Export to CSV. Removed Flags field from CSV output causing column shift for some MRU types. Note: Flag values are for case specific and their values were never exported, but the column header for "Flags" was.Fixed shifted/misaligned column issue when exporting Event data to CSV.

    Web Browser:

    Fixed an issue where saving a webpage as web archive (.MHT) was no longer working.

[close]

http://www.osforensics.com/

Arbeits.- Testrechner :

Intel® Core™ i7-6700 (4 x 3.40 GHz / 4.00 GHz)
16 GB (2 x 8 GB) DDR4 SDRAM 2133 MHz
250 GB SSD Samsung 750 EVO / 1 TB HDD
ZOTAC Geforce GTX 1080TI AMPExtreme Core Edition 11GB GDDR5
MSI Z170A PC Mate Mainboard
DVD-Brenner Laufwerk
Microsoft Windows 10 Home 64Bit

TT S2 3200 ( BDA Treiber 5.0.1.8 ) + Terratec Cinergy 1200 C ( BDA Treiber 4.8.3.1.8 )

Offline SiLæncer

  • Cheff-Cubie
  • *****
  • Beiträge: 189141
  • Ohne Input kein Output
    • DVB-Cube
OSForensics 7.1.1007
« Antwort #94 am: 05 März, 2020, 18:00 »
Changelog

    AmCache Viewer:

    Improved performance of reading amcache hive

    Create/ Compare SSignature:

    Added support for SHA-256 hashes. This required changing the signature file format and incrementing the signature file version from 6 -> 7.
    Add support for comparing previous signature file version with v7 signature file

    Create Index:

    Added "Memory dump files" file type option
    Added Email Attachment indexing options ("index attachments by file types")
    Updated indexer with chunked large binary file indexing, and progress indication
    New indexer builds with large file support for .mem, .dmp, .mdmp (large file support does not apply if inside ZIP files)
    New indexer builds with crash bug fixes

    Deleted Files:

    Internal changes to get sector size
    Forensic Imaging
    Added option to select between single/split files when creating Encase image files

    Passwords:

    Improved performance of retrieving registry passwords
    Improved performance of retrieving registry passwords
    Fixed various memory leak issues
    Fix heap corruption when retrieving LSA secrets
    Improved performance of reading Firefox logins from registry
    Improved performance of reading IE logins from registry
    Improved performance of reading Outlook/Windows Live logins from registry

    Registry:

    Added new registry function to read a single key in a hive for better performance without loading the entire registry file

    Scripting:

    Improved performance of RegistryGetSubKeys() and RegistryGetKeyValues() methods for reading registry keys

    System Information:

    Improved performance of registry commands

[close]

http://www.osforensics.com/

Arbeits.- Testrechner :

Intel® Core™ i7-6700 (4 x 3.40 GHz / 4.00 GHz)
16 GB (2 x 8 GB) DDR4 SDRAM 2133 MHz
250 GB SSD Samsung 750 EVO / 1 TB HDD
ZOTAC Geforce GTX 1080TI AMPExtreme Core Edition 11GB GDDR5
MSI Z170A PC Mate Mainboard
DVD-Brenner Laufwerk
Microsoft Windows 10 Home 64Bit

TT S2 3200 ( BDA Treiber 5.0.1.8 ) + Terratec Cinergy 1200 C ( BDA Treiber 4.8.3.1.8 )

Offline SiLæncer

  • Cheff-Cubie
  • *****
  • Beiträge: 189141
  • Ohne Input kein Output
    • DVB-Cube
OSForensics 7.1.1008
« Antwort #95 am: 17 März, 2020, 11:00 »
Changelog

    Fixed crash bugs while indexing large Bitlocker images
    Fixed 'Skipping directory ...' log messages
    Changed handling of $' system files e.g. $AttrDef, $Bitmap, $boot, $LogFile, $MFTMirr, $Secure, $UpCase and $Volume are now only treated as filename index only. Only $MFT and $RECYCLE.BIN are binary extracted.
    RAM drive now allocates 2GB if >16GB of ram is available
    Added error messages for caching files and temp files.
    Updated PDF indexing to only use OCR when text layer is insufficient (avoid excessive OCR'ing files)

[close]

http://www.osforensics.com/

Arbeits.- Testrechner :

Intel® Core™ i7-6700 (4 x 3.40 GHz / 4.00 GHz)
16 GB (2 x 8 GB) DDR4 SDRAM 2133 MHz
250 GB SSD Samsung 750 EVO / 1 TB HDD
ZOTAC Geforce GTX 1080TI AMPExtreme Core Edition 11GB GDDR5
MSI Z170A PC Mate Mainboard
DVD-Brenner Laufwerk
Microsoft Windows 10 Home 64Bit

TT S2 3200 ( BDA Treiber 5.0.1.8 ) + Terratec Cinergy 1200 C ( BDA Treiber 4.8.3.1.8 )

Offline SiLæncer

  • Cheff-Cubie
  • *****
  • Beiträge: 189141
  • Ohne Input kein Output
    • DVB-Cube
OSForensics 7.1.1009
« Antwort #96 am: 24 März, 2020, 11:00 »
Changelog

    Create Index:

    Fixed crash bug when multi-threaded indexing and extracting text from system binary files and non-system binary files

    Password Recovery:

    Added a dialog to allow individual partition selection when trying to run on a disk image mounted as the entire disk that contains multiple partitions
    Fixed a potential crash that could occur when recovering passwords (mostly affecting chrome passwords)

    Registry Viewer:

    Made some changes to work better with disk images mounted as the entire disk that contains multiple partitions, will now scan multiple partitions for known registry files

    User Activity:

    Added a dialog to allow individual partition selection when trying to run user activity on a disk image mounted as the entire disk that contains multiple partitions

[close]

http://www.osforensics.com/

Arbeits.- Testrechner :

Intel® Core™ i7-6700 (4 x 3.40 GHz / 4.00 GHz)
16 GB (2 x 8 GB) DDR4 SDRAM 2133 MHz
250 GB SSD Samsung 750 EVO / 1 TB HDD
ZOTAC Geforce GTX 1080TI AMPExtreme Core Edition 11GB GDDR5
MSI Z170A PC Mate Mainboard
DVD-Brenner Laufwerk
Microsoft Windows 10 Home 64Bit

TT S2 3200 ( BDA Treiber 5.0.1.8 ) + Terratec Cinergy 1200 C ( BDA Treiber 4.8.3.1.8 )

Offline SiLæncer

  • Cheff-Cubie
  • *****
  • Beiträge: 189141
  • Ohne Input kein Output
    • DVB-Cube
OSForensics 7.1.1010
« Antwort #97 am: 25 März, 2020, 11:00 »
Changelog

    Auto triage / User activity:

    Fixed a crash that could occur when running user activity (or auto triage) using the live acquisition option

    Deleted Files:

    NTFS, Reading $ATTRIBUTE_LIST now uses a dynamic-sized buffer rather than a fixed-sized buffer. This may fix buffer overflow issues when scanning MFT
    NTFS, Added more verbose output when scanning $MFT attributes

[close]

http://www.osforensics.com/

Arbeits.- Testrechner :

Intel® Core™ i7-6700 (4 x 3.40 GHz / 4.00 GHz)
16 GB (2 x 8 GB) DDR4 SDRAM 2133 MHz
250 GB SSD Samsung 750 EVO / 1 TB HDD
ZOTAC Geforce GTX 1080TI AMPExtreme Core Edition 11GB GDDR5
MSI Z170A PC Mate Mainboard
DVD-Brenner Laufwerk
Microsoft Windows 10 Home 64Bit

TT S2 3200 ( BDA Treiber 5.0.1.8 ) + Terratec Cinergy 1200 C ( BDA Treiber 4.8.3.1.8 )

Offline SiLæncer

  • Cheff-Cubie
  • *****
  • Beiträge: 189141
  • Ohne Input kein Output
    • DVB-Cube
OSForensics 7.1.1011
« Antwort #98 am: 20 April, 2020, 13:00 »
Changelog

    Case Manager:

    When deleting case, fixed case being deleted even when cancelling option to export case to disk

    Deleted Files:

    Fixed an issue where Prefetch and SRUMDB info wasn't being read correctly and would return 0 items
    Fixed a possible crash when collecting SRUMDB info

[close]

http://www.osforensics.com/

Arbeits.- Testrechner :

Intel® Core™ i7-6700 (4 x 3.40 GHz / 4.00 GHz)
16 GB (2 x 8 GB) DDR4 SDRAM 2133 MHz
250 GB SSD Samsung 750 EVO / 1 TB HDD
ZOTAC Geforce GTX 1080TI AMPExtreme Core Edition 11GB GDDR5
MSI Z170A PC Mate Mainboard
DVD-Brenner Laufwerk
Microsoft Windows 10 Home 64Bit

TT S2 3200 ( BDA Treiber 5.0.1.8 ) + Terratec Cinergy 1200 C ( BDA Treiber 4.8.3.1.8 )

Offline SiLæncer

  • Cheff-Cubie
  • *****
  • Beiträge: 189141
  • Ohne Input kein Output
    • DVB-Cube
Autopsy 4.15.0
« Antwort #99 am: 01 Mai, 2020, 20:00 »
Changelog

    New UI Features:

    Added Document view to File Discovery.
    Expanded Context Content Viewer to show if an app accessed a file.
    Added translation feature to Message Content Viewer.
    Added waypoint type filter to the Geolocation viewer.
    Added zoom feature to Indexed Text Content Viewer.

    New Ingest Modules Features:

    New GPX ingest module.
    New Drone ingest module for DJI drones based on DatCon.
    Create artifacts for files opened by Adobe Reader, Windows Media Player, Office Docs (Most Recently Used (MRU) and TrustRecords), 7Zip MRU, WinRAR MRU, Applets, Microsoft Management Console (MMC) via RegRipper.

    New Central Repository Features:

    Central Repository stores account IDs that were previously seen.
    Central Repository is enabled by default to store past hashes. Feature to flag previously seen files is disabled by default.

    Other New Features:

    Multi-user cases can be created via command line

    Bug fixes:

    Prevent entire application from crashing when gstreamer crashes on videos.
    Improve Geolocation viewer with large data sets.
    Fix error with non-sector aligned reads on local disks.
    Times from Recycle Bin files are now in timeline.
    Validate timeline events and ignore events too far in the future.
    Moved some database queries off of UI thread.
    Remove hard coded sizes from UI that cause issues with other languages.

[close]

http://www.sleuthkit.org/autopsy

Arbeits.- Testrechner :

Intel® Core™ i7-6700 (4 x 3.40 GHz / 4.00 GHz)
16 GB (2 x 8 GB) DDR4 SDRAM 2133 MHz
250 GB SSD Samsung 750 EVO / 1 TB HDD
ZOTAC Geforce GTX 1080TI AMPExtreme Core Edition 11GB GDDR5
MSI Z170A PC Mate Mainboard
DVD-Brenner Laufwerk
Microsoft Windows 10 Home 64Bit

TT S2 3200 ( BDA Treiber 5.0.1.8 ) + Terratec Cinergy 1200 C ( BDA Treiber 4.8.3.1.8 )

Offline SiLæncer

  • Cheff-Cubie
  • *****
  • Beiträge: 189141
  • Ohne Input kein Output
    • DVB-Cube
OSForensics 7.1.1012
« Antwort #100 am: 28 Mai, 2020, 18:00 »
Changelog

    Case Manager:

    Fixed a crash that could occur when loading a case if a category name was longer than the max (63 characters).
    Fixed a bug allowing categories to be added with names longer than the max (63 characters).

    Create Index:

    Fixed crash bug when indexing smaller binary files (<25MB) with multi-threads.
    Fixed bug with 32-bit indexer failing to launch.

    Deleted Files:

    Carving, thread safety updates.
    Carving, fixed bug (read a offset outside of buffer) causing possible crash when carving TIFF files.

    Mobile Artifacts:

    Potential stack overflow crash fix.

[close]

http://www.osforensics.com/

Arbeits.- Testrechner :

Intel® Core™ i7-6700 (4 x 3.40 GHz / 4.00 GHz)
16 GB (2 x 8 GB) DDR4 SDRAM 2133 MHz
250 GB SSD Samsung 750 EVO / 1 TB HDD
ZOTAC Geforce GTX 1080TI AMPExtreme Core Edition 11GB GDDR5
MSI Z170A PC Mate Mainboard
DVD-Brenner Laufwerk
Microsoft Windows 10 Home 64Bit

TT S2 3200 ( BDA Treiber 5.0.1.8 ) + Terratec Cinergy 1200 C ( BDA Treiber 4.8.3.1.8 )

Offline SiLæncer

  • Cheff-Cubie
  • *****
  • Beiträge: 189141
  • Ohne Input kein Output
    • DVB-Cube
OSForensics 8.0.3 Beta
« Antwort #101 am: 14 August, 2020, 19:00 »
Changelog

    Added New Face Detection module for still photographs & images:

    "Detect Faces" button was added in the Image Viewer
    "Sort by Faces" in File Name Search module as added. Depending on the set of images, accuracy is around 80% at the moment. We are hoping to get closer to 95% before the final release. This can make sorting through large collections of images much much faster

    Added new Web Server Log Viewer module:

    Can load up log files from Apache, IIS and other web servers, then filter and sort the log data. A lot of effort was invested to support the loading of very large log files without having huge amounts of system RAM

    Added new Python Scripting module:

    Implemented new scripting engine, which allows access to internal OSF functions from Python scripting. Scripting commands such as osf.UserActivityGetResult(), osf.ReportGenerate() & osf.LogicalImageStart() are now available
    Added support for built-in script Python templates installed under ProgramDataPassMarkOSForensicsScriptTemplates. The template can be selected under the 'New Script' button dropdown
    Added Python API reference for help file

    Added new Cloud Imaging support for Forensic Imaging:

    Added Cloud Download/Imaging for Google Drive, Microsoft OneDrive and Dropbox
    Cloud imaging will create empty files (0 byte files with ".deleted" extension) for deleted items from Dropbox. Dropbox includes deleted files in their directory listing

    AmCache Viewer:

    Improved performance of reading amcache hive

    Case Management:

    Add support for opening tagged e-mails & attachments via double-click/right-click

    Create Index:

    Added indexing for HEIC and HEIF image files (from Apple devices)
    Allowed indexing of memory dump files. .mem, Including .dmp, .mdmp (large file support does not apply if inside ZIP files)
    Improved speed of large binary file extraction indexing (by way of parallel / 2 thread concurrency)
    Fixed bytes progress status when indexing large binary file
    Added Email Attachment indexing options ("index attachments by file types")
    Fixed exiftool indexing issue (using the -fast3 parameter culled out alot of necessary meta information AND may incorrectly identify file type. Note removed -fast optimization will now be slower)
    Fixed indexing of some GPS meta information from exiftool
    Fixed issue with indexing OCR output from HEIC and HEIF files

    Create Signature:

    Added support for SHA-256 hashes. This required changing the signature file format and incrementing the signature file version from 6 -> 7
    Add support for comparing previous signature file version with v7 signature file

    Email Viewer:

    Support opening single e-mails from PST/DBX/MBOX files for faster loading
    Added exporting e-mail messages to MSG file format
    Add checkboxes to e-mail messages for bulk operations

    File name search:

    Changed configuration dialog to support modifying include/exclude folders for each preset. This allows for more accurate preset searches to be defined. Users can also define their own preset searches in the new advanced format
    Preset searches are now fixed and cannot be modified inline
    Added 'User-defined Search' for fully customizable search criteria

    Forensic Imaging:

    Add option to select between single/split files when creating Encase E01 image files

    Image Viewer:

    Added support for HEIC and HEIF image files (from Apple devices)
    Added support for extracting meta data from HEIC and HEIF files

    Passwords:

    Improved performance of reading Firefox, IE & Windows logins from registry
    Fix heap corruption when retrieving LSA secrets
    Fixed various memory leak issues

    Registry reading:

    Improved performance of RegistryGetSubKeys() and RegistryGetKeyValues() methods for reading registry keys
    Improved performance of reading registry entries in User Activity. On a 160MB SOFTWARE hive, load times improved from >10min to 20s (as compared to v7)
    Added new registry function to read a single key in a hive for better performance without loading the entire registry file first

    ThumbCache Viewer (complete rewrite):

    Redesigned the interface allowing to load a single cache file, add multiple files by scanning drive or folder
    Added a tree view to show list of added cache files, folders and drives
    Added a new "All" option to the Thumbnail Size combo box to show all records in a cache index file
    Added a new feature to allow loading multiple cache files and viewing all of the records in them in a single list view
    Added Extended Information to show EXIF data of thumbnails retrieved from ESE Database
    Updated the thumbnail preview window to be resizable
    Improved the efficiency of loading ESE Database

    Thumbnail View of files in various modules:

    Added support for displaying thumbnails for video files
    Support for animated video thumbnails on mouse hover (how cool is this!!)
    Changes to thumbnail caching thread for better performance and robustness
    Added support for deleted video thumbnails
    Files that do not have thumbnails are cached and no longer reloaded

    User Activity:

    Fixed bug in opening ARES registry key path
    Added more Windows Event IDs to extract more forensically interesting logs
    Added times to Browser Bookmarks and WLAN items
    Fixed Time Source display error for some items under All category
    Changed list-view default sorting as date and time descending order
    Improved column sorting speed. Sorting large data sets is now 50x faster
    Updated column names for Autorun Commands and UserAssist

    Boot Virtual Machine:

    Added the ability to select additional hard drives (data drives) when booting a VM from a disk image

[close]

http://www.osforensics.com/

Arbeits.- Testrechner :

Intel® Core™ i7-6700 (4 x 3.40 GHz / 4.00 GHz)
16 GB (2 x 8 GB) DDR4 SDRAM 2133 MHz
250 GB SSD Samsung 750 EVO / 1 TB HDD
ZOTAC Geforce GTX 1080TI AMPExtreme Core Edition 11GB GDDR5
MSI Z170A PC Mate Mainboard
DVD-Brenner Laufwerk
Microsoft Windows 10 Home 64Bit

TT S2 3200 ( BDA Treiber 5.0.1.8 ) + Terratec Cinergy 1200 C ( BDA Treiber 4.8.3.1.8 )

Offline SiLæncer

  • Cheff-Cubie
  • *****
  • Beiträge: 189141
  • Ohne Input kein Output
    • DVB-Cube
Autopsy 4.16.0
« Antwort #102 am: 10 September, 2020, 09:07 »
Changelog

    Ingest:

    Added streaming ingest capability for disk images that allow files to be analyzed as soon as they are added to the database.
    Changed backend code so that disk image-based files are added by Java code instead of C/C++ code.

    Ingest Modules:

    Include Interesting File set rules for cloud storage, encryption, cryptocurrency and privacy programs.
    Updated PhotoRec 7.1 and include 64-bit version.
    Updated RegRipper in Recent Activity to 2.8
    Create artifacts for Prefetch, Background Activity Monitor, and System Resource Usage.
    Support MBOX files greater than 2GB.
    Document metadata is saved as explicit artifacts and added to the timeline.
    New “no change” hashset type that does not change status of file.

    Central Repository / Personas:

    Accounts in the Central Repository can be grouped together and associated with a digital persona.
    All accounts are now stored in the Central Repository to support correlation and persona creation.

    Content viewers:

    Created artifact-specific viewers in the Results viewer for contact book and call log.
    Moved Message viewer to a Results sub-viewer and expanded to show accounts.
    Added Application sub-viewer for PDF files based on IcePDF.
    Annotation viewer now includes comments from hash set hits.

    Geolocation Viewer:

    Different data types now are displayed using different colors.
    Track points in a track are now displayed as small, connected circles instead of full pins.
    Filter panel shows only data sources with geo location data.
    Geolocation artifact points can be tagged and commented upon.

    File Discovery:

    Changed UI to have more of a search flow and content viewer is hidden until an item is selected.

    Reports:

    Can be generated for a single data source instead of the entire case.
    CASE / UCO report module now includes artifacts in addition to files.
    Added backend concept of Tag Sets to support Project Vic categories from different countries.

    Performance:

    Add throttling of UI refreshes to ensure data is quickly displayed and the tree does not get backed up with requests.
    Improved efficiency of adding a data source with many orphan files.
    Improved efficiency of loading file systems.
    Jython interpreter is preloaded at application startup.

    Misc bug fixes and improvements:
 
  Fixed bug from last release where hex content viewer text was no longer fixed width.
    Altered locking to allow multiple data sources to be added at once more smoothly and to support batch inserts of file data.
    Central repository comments will no longer store tag descriptions.
    Account type nodes in the Accounts tree show counts.
    Full time stamps displayed for messages in ingest inbox.
    More detailed status during file exports.
    Improved efficiency of adding timeline events.
    Fixed bug with CVT most recent filter.
    Improved documentation and support for running on Linux/macOS.

[close]

http://www.sleuthkit.org/autopsy

Arbeits.- Testrechner :

Intel® Core™ i7-6700 (4 x 3.40 GHz / 4.00 GHz)
16 GB (2 x 8 GB) DDR4 SDRAM 2133 MHz
250 GB SSD Samsung 750 EVO / 1 TB HDD
ZOTAC Geforce GTX 1080TI AMPExtreme Core Edition 11GB GDDR5
MSI Z170A PC Mate Mainboard
DVD-Brenner Laufwerk
Microsoft Windows 10 Home 64Bit

TT S2 3200 ( BDA Treiber 5.0.1.8 ) + Terratec Cinergy 1200 C ( BDA Treiber 4.8.3.1.8 )

Offline SiLæncer

  • Cheff-Cubie
  • *****
  • Beiträge: 189141
  • Ohne Input kein Output
    • DVB-Cube
BruteShark 1.1.1
« Antwort #103 am: 16 September, 2020, 05:00 »
BruteShark is a Network Forensic Analysis Tool (NFAT) that performs deep processing and inspection of network traffic (mainly PCAP files). It includes: password extracting, building a network map, reconstruct TCP sessions, extract hashes of encrypted passwords and even convert them to a Hashcat format in order to perform an offline Brute Force attack.

License: GPLv3

Whats new:>>

    BruteShark is now capable of reconstruct also all UDP streams.
    Configuration buttons where added featuring enabling / disabling reconstruction of TCP and / or UDP sessions

https://github.com/odedshimon/BruteShark

Arbeits.- Testrechner :

Intel® Core™ i7-6700 (4 x 3.40 GHz / 4.00 GHz)
16 GB (2 x 8 GB) DDR4 SDRAM 2133 MHz
250 GB SSD Samsung 750 EVO / 1 TB HDD
ZOTAC Geforce GTX 1080TI AMPExtreme Core Edition 11GB GDDR5
MSI Z170A PC Mate Mainboard
DVD-Brenner Laufwerk
Microsoft Windows 10 Home 64Bit

TT S2 3200 ( BDA Treiber 5.0.1.8 ) + Terratec Cinergy 1200 C ( BDA Treiber 4.8.3.1.8 )

Offline SiLæncer

  • Cheff-Cubie
  • *****
  • Beiträge: 189141
  • Ohne Input kein Output
    • DVB-Cube
OSForensics 8.0.1002
« Antwort #104 am: 09 November, 2020, 09:20 »
Changelog
       
    Auto Triage

        Fixed a broken link to the Auto Triage section in the help file

    Install to USB

        Fixed an issue where a ket.dat file created by OSForensics would not be read correctly when OSForensics starts

    Workflow

        Started saving config file immediately after locking the workflow rather than when OSForensics was closed so changes made to the workflow will be applied when installing to USB

[close]

http://www.osforensics.com/

Arbeits.- Testrechner :

Intel® Core™ i7-6700 (4 x 3.40 GHz / 4.00 GHz)
16 GB (2 x 8 GB) DDR4 SDRAM 2133 MHz
250 GB SSD Samsung 750 EVO / 1 TB HDD
ZOTAC Geforce GTX 1080TI AMPExtreme Core Edition 11GB GDDR5
MSI Z170A PC Mate Mainboard
DVD-Brenner Laufwerk
Microsoft Windows 10 Home 64Bit

TT S2 3200 ( BDA Treiber 5.0.1.8 ) + Terratec Cinergy 1200 C ( BDA Treiber 4.8.3.1.8 )