Thema: Forensic Software diverses

[SiLæncer]

Autopsy is a graphical interface to The Sleuth Kit and other analysis tools. It was designed to be an extensible platform so that it can be an end-to-end digital forensics solution that incorporates plug-in modules from both open and closed source projects. The application provides users with various analysis features and with the possibility of generating HTML or CSV reports as well.

License: GPL

Changelog

    GUI:

    Expanded the Data Source Summary panel to show recent activity, past cases, analysis results, etc. Also made this available from the main UI when a data source is selected.
    Expanded Discovery UI to support searching for and basic display of web domains. It collapses the various web artifacts into a single view.

    Ingest Modules:

    Added iOS Analyzer module based on iLEAPP and a subset of its artifacts.
    New Picture Analyzer module that does EXIF extraction and HEIC conversion. HEIC/HEIF images are converted to JPEGs that retain EXIF using ImageMagick (replaces the previous EXIF ingest module).
    Added support for the latest version of Edge browser that is based on Chromium into Recent Activity. Other Chromium-based browsers are also supported.
    Updated the rules that search Web History artifacts for search queries. Expanded module to support multiple search engines for ambiguous URLs.
    Bluetooth pairing artifacts are created based on RegRipper output.
    Prefetch artifacts record the full path of exes.
    PhotoRec module allows you to include or exclude specific file types.
    Upgraded to Tika 1.23.

    Performance:

    Documents are added to Solr in batches instead of one by one.
    More efficient queries to find WAL files for SQLite databases.
    Use a local drive for temp files for multi-user cases instead of the shared folder.

    Command Line:

    Command line support for report profiles.
    Restored support for Windows file type association for opening a case in Autopsy by double clicking case metadata (.aut) file.
    Better feedback for command line argument errors.

    Misc:

    Updated versions of libvmdk, libvhdi, and libewf.
    Persona UI fixes: Pre-populate account and changed order of New Persona dialog.
    Streaming ingest support added to auto ingest.
    Recent Activity module processes now use the global timeout.
    Option to include Autopsy executable in portable case (Windows only.)
    Upgraded to NetBeans 11 Rich Client Platform.
    Added debug feature to save the stack trace on all threads.

[close]

http://www.sleuthkit.org/autopsy

[SiLæncer]

Changelog

    Case Management

        Added a continue / stop option when a file copy fails (eg when creating a case report) rather than just stopping the current process

    Cloud Mail Export

        User can select which folder to export from account. An MBOX file will be created separately for each folder exported

    Deleted Files

        Added option in configuration to disable thumbnail creation as it may cause crashes in external windows libraries used to generate the thumbnails (eg media player) on poorly recovered / corrupt files

    File Name Search

        Added a new feature to allow for searching against image EXIF metadata

    OSFExtract

        Fixed issue where OSFExtract app would fail to install on older Android OS devices due to app signing issue

    Subscription

        Added deactivate seat option to the start page

    User Activity

        Event log, fixed a crash that could occur when reading a System log file caused by a very long file path in the event information

[close]

http://www.osforensics.com/

[SiLæncer]

BruteShark is a Network Forensic Analysis Tool (NFAT) that performs deep processing and inspection of network traffic (mainly PCAP files). It includes: password extracting, building a network map, reconstruct TCP sessions, extract hashes of encrypted passwords and even convert them to a Hashcat format in order to perform an offline Brute Force attack.

License: GPLv3

Whats new:>>

New features:

    New hash type extraction - Kerberos AS-REP etype 23 (including Hashcat integration - mode: 18200)
    BruteSharkCli can now export the network map to JSON format for analysis with external tools such as Neo4j.
    File extraction module support for PDF and ZIP file formats.
    BruteSharkDesktop GUI improvements - Indication for files that failed the analysis.

https://github.com/odedshimon/BruteShark

[SiLæncer]

Changelog

       
    Email Viewer

        Remove MAPI initialization from startup, loading on-demand
        Attempt to load MAPI dll from Outlook installation in registry (rather than mapi32.dll in Windows\System32) to prevent a "No mail client found" error message in some cases

    File Name Search

        Added vcruntime140_1.dll for exiv2.exe tool to fix missing DLL issue
        Updated EXIF Metadata search keywords preset list

    Hash Set Import

        Fixed a crash that could occur when importing NSRL hash sets

[close]

http://www.osforensics.com/

[SiLæncer]

Whats new:>>

New Module Release: DNS Module.
The module Enables to parse DNS queries.
DNS data also shown in the Network Map user window.

https://github.com/odedshimon/BruteShark

[SiLæncer]

Changelog

              
    Auto Triage

        Upgraded the screen capture to take screenshots of all running program windows.
        Removed the drive selection drop-down list and changed it to select the OS boot drive to perform live acquisition scanning.

    Case manager

        Fixed an issue when exporting a report using the copy files option, if a source file was read only then multiple error messages could be show during the file copy process.

        Improved speed of export when large amounts of files are being exported as part of the report
    USEDB viewer

        updated to library code for compatibility with newer helper libraries

    Verify Hash

        Fixed a bug where clicking the "upper case output" option after generating a hash would not update the primary hash and instead replace the secondary hash with the upper case primary

    File system support

        Updated library code for reading E01 and L01 files. While there were multiple changes under the hood, the most visiible change should be better support for L01 image files. In particular it fixes a case where a NTFS directory entry in a L01 could point to the wrong file.

[close]

http://www.osforensics.com/

[SiLæncer]

Whats new:>>

BruteShark can now handle pcapng files (as well as the old pcap file format).
PCAPNG example files where added to the repo at, so you can check it by yourself : https://github.com/odedshimon/BruteShark/tree/master/Pcap_Examples/Pcap_Examples_PCAPNG

https://github.com/odedshimon/BruteShark

[SiLæncer]

Whats new:>>

BruteSharkCli now has two modes: single command and shell mode. The single command mode works by geting all the relevant parameters for the processing and then printing the results to stdout or files. The shell mode allows to perform each step individually.

https://github.com/odedshimon/BruteShark

[SiLæncer]

Whats new:>>

Add exporting of extracted files to BruteSharkCli.
Fix a bug while exporting network map to JSON.

https://github.com/odedshimon/BruteShark

[SiLæncer]

Changelog

              
    Auto Triage

        Updated select drives dialog.
        Renamed "Deleted Files" to "List of Deleted Files"
        Renamed "File Listing (Signature)" to "File Listing"
        Added timezone to Process List and File Listing exporting CSV
        Updated to add not only the OS boot drive but also all the other available logical and physical drives to case, and then scan all of them to create file listing
        Deleted file search, updated to scan all drives available and export to CSV files separately
        Added drive selecting options for file listing and deleted files searches

    Case Manager

        Add Device, Added debug output when populating device dropdown
        More robust handling of case device dropdown
        Added more verbose logging during case load

    Forensic Imaging

        Removed unnecessary refreshing of drive dropdown when loading Create Image tab
        Added more verbose logging when opening Forensic Imaging window
        Added debug output when populating device dropdown

[close]

http://www.osforensics.com/

[SiLæncer]

Changelog

       
    Auto Triage

        Fixed an issue in the Logical Image configuration window where a non-system drive path was not added properly to the image creation list.

    User activity

        Fixed a crash that could occur when removing the filter after using timeline view to view and select files at a certain time

[close]

http://www.osforensics.com/

[SiLæncer]

Whats new:>>

Both versions of BruteShark is now capable of live capturing and analyzing network data directly from a network interface!
This version featuring all required features for operating the live capture option easily and smoothly:

    List all available network interfaces names.
    Enable configure BPF filters.
    Enable using promiscuous mode.

https://github.com/odedshimon/BruteShark

[SiLæncer]

Whats new:>>

Both versions of BruteShark (BruteSharkDesktop & BruteSharkCli) is now capable to extract Voip calls.

    Voip calls can be exported to raw-audio files
    Example PCAP files where added to the repo.

https://github.com/odedshimon/BruteShark

[SiLæncer]

Whats new:>>

    Fix a bug that cause Kerberos hashes over TCP hashes was not extracted due to lack of proper parsing of "Record mark" section parsing (See issue: #90 )
    Implement Kerberos TGS-REP Etype 17 and 18 hashes parsing include Hashcat export.
    Upgrade all projects NuGets.
    Add a link to download BruteSharkCli for windows.

https://github.com/odedshimon/BruteShark

[SiLæncer]

Changelog

       
    CloudMail

        Fixed issue with Microsoft Outlook/Hotmail email when Content-Length is not returned in the header, but response body contains text

    ThumbCache Viewer

        Fixed an issue where Thumbnail items were not able to add to the case

    User Activity

        Form Autofill, fixed crash with change to Autofill in Edge Chromium when data value in sqlite db is not encryptet
        Passwords, fixed wireless network passwords recovery issue
        Passwords, fixed Firefox browser password recovery bugs

    Misc

        Fixed Typo in Expiration/Subscription GUI Text

[close]

http://www.osforensics.com/