Thema: Forensic Software diverses

[SiLæncer]

Chainsaw provides a powerful ‘first-response’ capability to quickly identify threats within Windows forensic artefacts such as Event Logs and MFTs. Chainsaw offers a generic and fast method of searching through event logs for keywords, and by identifying threats using built-in support for Sigma detection rules, and via custom Chainsaw detection rules.

License: GPLv3

Whats new:>>

    More optimisations.
    Fix some issues with -t arguments.

https://github.com/WithSecureLabs/chainsaw

[SiLæncer]

OSForensics is an application that enables you to thoroughly check and scan a computer for any piece of evidence that might offer you insight, by checking anything from email archives, deleted files and even web browsing history. In addition, you can organize the evidence by creating separate cases, which can hold the data separate from each other.

Changelog

       
    Create Index:

    Fixed possible crash when using the 'Don't know/Prescan' option

    Logical Cloud Drive Imaging:

    OneDrive Fixed possible discrepancy between the file size when summing all the files and the drive size from querying the user's root. When creating a logical drive, it will use the maximum size between both methods.

    Password Decrypt:

    Brute Force Fixed bug when using Custom Random Dictionary for individual work queue items, the Brute Force settings were not being saved

    Search Index:

    Fixed issue when loading a UTF-8 wordlist file without a BOM

    User Activity:

    Fixed possible crash when using the 'Autorun Commands' option

[close]

http://www.osforensics.com/

[SiLæncer]

Whats new:>>

    New Chainsaw rules
    Fixing JSONL outputting issues for dump and search
    Updated dependencies

https://github.com/WithSecureLabs/chainsaw

[SiLæncer]

Whats new:>>

Support for parsing ESE databases and analysing SRUM databases
New Chainsaw rules
Full output support for aggregations

https://github.com/WithSecureLabs/chainsaw

[SiLæncer]

Whats new:>>

    File Name Search:

    Changed to show 'Multiple directories selected' in directory field instead of the first directory being scanned if multiple directories are selected
    Fixed issue where it would add to directories to scan rather than replacing them when switching between different directories

    Registry Viewer:

    Fixed bug where Time Zone values were incorrect (only first byte of integer value returned) when exporting System Hive

    User Activity:

    Fixed potential buffer overflow issue during the Event Log rendering

http://www.osforensics.com/

[SiLæncer]

Whats new:>>

    Fixes and tweaks for SRUM
    Updated dependencies

https://github.com/WithSecureLabs/chainsaw

[SiLæncer]

Changelog

    Deleted Files Search:

    Fixed recovered partitions not being scanned on first access
    Removed error message being displayed when invalid NTFS partition found (eg. recovered partitions)

    Manage Case:

    Fixed issue when adding new category and reordering immediately afterwards would not save the correct order
    Fixed issue where categories from pre-V11 cases would not sort properly
    Fixed issue where exporting categories would not included changes made in the current Edit case window
    Fixed issue where report was generating but does not complete properly until OSF is closed

    Misc:

    Updated WinPEBuilder to V1.2.108
    Fixed unable to boot on some older Win7 machines

[close]

http://www.osforensics.com/

[SiLæncer]

Changelog

    Email Viewer:

    Added warning message when system lacks Outlook MAPI library that exported MSG files will be saved in OLE format

    Hashing:

    Fixed possible crash when calculating hashes

    User Activity:

    Changed to auto-uncheck Moved Downloads if Downloads was unchecked (needs Download checked to run)

[close]

http://www.osforensics.com/

[SiLæncer]

Changelog

    Android Artifacts:

    Added destination target write permissions check before launching acquisition
    Fixed issue that OSFExtract-data.xml file was not created properly under certain conditions (e.g. Failed to create OSFExtract folder in the destination target)
    Fixed issue where the image was not loaded properly when the OSFExtract-data.xml file was placed in the root folder instead of in the OSFExtract folder
    Updated logs display format

    Deleted Files Search:

    Fixed hash calculation using "DirectAccess" version instead of "buffer" version of file

    Drive Preparation:

    Fixed issue where this module was unable to be run on Drive-0

    File Viewer:

    Fix lockup of internal viewer when attempting to read past media stream size

    Hash Sets:

    Updated to include total # files to hash in 'Files hashed' field
    Updated to display # files with errors

    Manage Case:

    Removed category ID column from Case Edit window - Case Categories tab

    User Activity:

    Fixed possible crash when scanning VLC .ini file
    Fixed issue where OSF is stuck scanning Event Logs on Linux
    Config, Changed to auto uncheck Moved Downloads if Downloads is unchecked

    Misc:

    Fixed possible crash when running USB install
    Updated OSFMount to V3.1.1003

[close]

http://www.osforensics.com/

[SiLæncer]

Whats new:>>

    More native rules
    Ability to change default conditional when searching
    Fix for setting of timezones

https://github.com/WithSecureLabs/chainsaw