Thema: Forensic Software diverses

[SiLæncer]

Autopsy is a graphical interface to The Sleuth Kit and other analysis tools. It was designed to be an extensible platform so that it can be an end-to-end digital forensics solution that incorporates plug-in modules from both open and closed source projects. The application provides users with various analysis features and with the possibility of generating HTML or CSV reports as well.

License: GPL

Changelog

Keyword Search:

    A major upgrade from Solr 4 to Solr 8.6.3. Single user cases continue to use the embedded server.
    Multi-user clusters need to install a new Solr 8 server and can now create a Solr cloud with multiple servers.
    -- NOTE: Cases created with Autopsy 4.18 cannot be opened by previous versions of Autopsy. Autopsy 4.18 can open older cases though.
    -- See http://sleuthkit.org/autopsy/docs/user-docs/4.18.0/upgrade_solr8_page.html for more details.
    Improved text indexing speed by not doing language detection on unknown file formats and unallocated space.

Domain Discovery:

    Added details view to Domain Discovery to show what web-based artifacts are associated with the selected domain.
    Updated the Domain Discovery grouping and sorting by options.
    Added basic domain categorization for webmail-based domains.

Content Viewers:

    Built more specialized viewers for web-based artifacts.

Data Source Summary:

    Added a “Geolocations” tab that shows what cities the data source was near (based on geolocation data).
    Added a “Timeline” tab that shows counts of events from the last 30 days the data source was used.
    Added navigation buttons to jump from the summary view to the main Autopsy UI (for example to go to the map).

Ingest Modules:

    New YARA ingest module to flag files based on regular expression patterns.
    New “Android Analyzer (aLEAPP)” module based on aLEAPP. Previous “Android Analyzer” also still exists.
    Updated “iOS Analyzer (iLEAPP)” module to create more artifacts and work on disk images.
    Hash Database module will calculate SHA-256 hash in addition to MD5.
    Removed Interesting Item rule that flagged existence of Bitlocker (since it ships with Windows).
    Fixed a major bug in the PhotoRec module that could result in an incorrect file layout if the carved file spanned non-contiguous sectors.
    Fixed MBOX detection bug in Email module.

Reporting:

    Attachments from tagged messages are now included in a Portable Case.

Misc:

    Added support for Ext4 inline data and sparse blocks (via TSK fix).
    Updated PostgreSQL JDBC driver to support any recent version of PostgreSQL for multi-user cases and PostgreSQL Central Repository.
    Added personas to the summary viewer in CVT.
    Handling of bad characters in auto ingest manifest files.
    Assorted small bug fixes.

[close]

http://www.sleuthkit.org/autopsy

[SiLæncer]

Changelog

Data Source Management:

    To make managing big cases easier, all data sources are now associated with a host that can be specified in the “Add Data Source” wizard.
    Hosts can be grouped by “person”, which is simply a name of the owner.
    The main tree viewer can be configured to group by person and host.

OS Accounts:

    Operating System (OS) accounts and realms are their own data types and no longer generic artifacts.
    OS Accounts are created for Windows accounts found in the registry. Domain-scoped realms are not fully detected yet.
    NTFS files are associated with OS Accounts by SID.
    The Recent Activity module associates artifacts with OS Accounts based on SID or path of database. Other modules still need to be updated.
    OS accounts appear in a dedicated sub-tree of the main tree view and their properties can be viewed in the results view.
    A new content viewer in the lower right area of the main window was built to display OS account data for the item selected in the results view.

Analysis Result and Data Artifacts

    All modules make either Analysis Results or Data Artifacts instead of “Blackboard Artifacts.”
    New “Analysis Result” content viewer shows the results for a given file and its score.
    The tabular results viewer shows an icon for the aggregate score of a file.
    The tree organizes results into "Analysis Results" and "Data Artifacts" instead of simply “Results.”

Discovery UI:

    Domain categorization and account types are displayed in Domain Discovery results.
    The Domain Discovery results view more explicitly shows when a downloaded file no longer exists.
    Check boxes are now used to select search options instead of shift-based multi-select.

Ingest Modules:

    File metadata updates are batched up before being saved to the case database for better performance.
    Parsing of iLEAPP and aLEAPP output was expanded to create communication relationships which can be displayed in the Communications UI.
    EML email parsing handles EML messages that are attachments (and have their own attachments).
    Domain categorization within Recent Activity can be customized by user-defined rules that can be imported and exported.
    Account IDs and Installed Applications are added to the Central Repository.
    Keyword search can be configured to only do OCR and skip non-OCR files.

Miscellaneous:

    A “Reset Windows” feature was created to help redock windows.
    A case-insensitive wordlist of all words in the keyword search index can be exported as a text document.
    Information from the Data Source Summary panels can be exported as an Excel spreadsheet.
    More artifacts are added to the timeline and artifacts with multiple time-based attributes are mapped to multiple timeline events.
    Added option to only perform optical character recognition on certain file types.
    Heap dumps can be saved to a custom location.
    More detailed error messages about encrypted disks when they are added.
    Added file size filter to Ingest Filters.

Performance:

    Keyword search does not make an explicit commit for each report if ingest is running.
    Language ID is performed on a small subset of a file instead of the entire file.
    Recent Activity is more efficient because of TSK changes to file searching (using extension).
    Embedded file extractor module has been made faster by doing file typing in memory and adding extracted files in batches.
    Moved Content Viewers setNode() and isSupported()/isPreferred() code to background threads.
    Moved Data Source Summary Panel population code to background threads.
    Moved Node/Tree queries to background threads.

Bug Fixes:

    Fixed embedded file extractor file name escaping bug.
    Detect VHD files by signature and not extension.
    Fixed iLEAPP path error.
    Content viewers UIs are more consistent.
    Assorted bug fixes are included.

Auto Ingest:

    The Auto Ingest Dashboard is resizable.
    Get thread dumps from AID
    Added beta pause feature that pauses auto ingest for a set amount of time at a scheduled date and time.

[close]

http://www.sleuthkit.org/autopsy

[SiLæncer]

Changelog

       
    Map Viewer:

    Added Map Viewer module which enables users to view GPS locations marked on a world map.
    Added a new pre-set search option, “Photos with GPS Locations” to automatically find all photos with embedded GPS locations (via EXIF data) and then graphically locate where these photographs were taken on a map. On mouse over of the location on the map thumbnail images and image meta are displayed.
    Ability to import and map GPS coordinates from CSV, GPX and KML files and IP addresses, and search for GPS location by name (ie. Geocoding
    Added map email viewer integration, to draw arrows between the source and destination of an Email, plus any intermediate transit nodes referenced in Email header.

    Auto Triage:

    Removed some unnecessary warning messages (You are attempting a non-live…) displayed when running Auto Triage
    Updated the Passwords to select "Live acquisition" for scan when running Auto Triage.

    Boot VM:

    Updated to now allow booting for MacOS (10.13 and above)
    Now includes support for VMWare Workstation Player 16

    Clipboard Viewer and Signatures Module:

    Restructured UI for consistency and simplicity in OSForensics user experience

    Create / Search Index:

    Restructured UI for simplified user experience. This included convert to 'Sort' link, convert to 'Index' link, move 'Use Word List File' to button dropdown, and consolidated regex filter to search bar.
    Improved indexing of XML files to index not only data content, but also attribute values in tags. Combined with expanding the max word length to 40 characters, this now allow indexing of GUIDs values in XML files. This allows finding GUIDs in peer-2-peer file sharing files (e.g. Profiles.xml file from Shareaza)
    Added sub tabs under ‘Browse Index’. These include Words, Files and Protected lists.
    Added "Save to disk" checked items menu option
    Reporting of “protected” (or encrypted) files that were encountered and not indexed. Provides a quick way to identify all commonly encrypted document types.
    Fixed bug with "Search Index", when matching exact phrases only found in meta description
    Fixed crash bug for when page is near end of index
    Fixed bug with extra text appearing after highlighting when exact phrase matched in meta description
    Fixed timeline filter and other UI issues
    Fixed cleanup of previous state when closing case
    Fixed bug with email indexing causing corrupt index when long header or attachments are used as description in index
    Fixed crash bug when corrupt index is encountered during a search and cleanup occurs, and subsequent searches did not reload the index
    Added handling for partial index unloaded/reloading due to unexpected error cases (low memory, corrupt index, etc.)

    Disk Preparation:

    Fixed a bug stopping Disk 0 from being formatted

    Decrypt File:

    Password Benchmark (i.e. num password per second) is now calculated per thread. Previously only the first benchmark collected was used as the benchmark value for all clients.

    Deleted File Recovery:

    Restructured UI for consistency and simplicity (convert to 'Sort' link, convert to 'Preset' link, reduce clutter at the bottom)
    Added ability to right click on an extension in the scan status tab to view the set of files.
    Added the Face and Nudity Scan feature to the sorting option
    FileCarver Config GUI changed the +/- icons to normal expand/collapse icons. Removed the Linux EXT2 option, FileCarver will try to determine the file system and enable it if necessary.
    Fixed display bug where scrolling to the right and then back, where the listview checkbox/extension column would be unreadable. Added note to expand the extension groups to view the header/footer/etc details for each extension family.
    Fixed a crash that could occur when no files where found

    Device Manager:

    Added support for per-volume encryption, as used in newer versions of Apple’s APFS file system.

    Email Viewer

    Added right-click option to lookup IP addresses in e-mail headers and then mark on Map Viewer.
    Added "Overview" button to view email address statistics in email viewer. Can now get a quick count of Emails To / From each Email address.
    OSForensics will attempt to convert X.400/X.500 e-mail addresses by parsing the MIME headers if available
    Added support for indexing EMLX files from Apple Mail
    Fix overflow with long To/Cc/Bcc strings in mbox and dbx files. Fix missing single address summary icon. Add Top 10 contacts filter to sankey graph. Combine sankey graph and summary table when added to case

    Event Log Viewer:

    Added OSF generated event information as a summary string in quotation marks when viewing items in the event log viewer (for eg “Disconnected USB device "TOSHIBA External USB 3.0 " , Serial Number: XXX").

    File Name Search:

    Optimizations for improved scan speed and performance, especially when using the direct access mode (also called forensics mode).
    Reorganized UI for consistency and simplicity (convert to 'Sort' link, convert to 'Preset' link, move configuration text to tooltip for 'Config' link)
    Dynamically populate map view as files with GPS locations are found, and display image thumbnail (and file metadata) on mouseover of location while in map view
    Fix stack overflow crash due to large local string variables
    Changed search preset name ‘Windows Shortcut Files’ to ‘LNK Files’
    Updated the P2P pre-sets to include UseNet related keywords

    Hash Sets and Create Hash:

    Grouped the two modules into one main hashing module (File Hashing) with two tabs (Hash Sets & Create Hash).
    Added SHA3 (256, 512) as hash options

    Internal Viewer:

    Re-implemented thumbnails using global thumbnail cache for better performance. Increased number of thumbnails in lower bar to fill window width and added support for video thumbnails.
    Jump to file when double clicking thumbnail
    Add extracting of embedded thumbnails in image file within the 'Analyze' dialog. This can help with checking for image manipulation.
    When a file is fragmented on disk, viewer can display list of file fragments + right-click option to jump to fragment
    Improved drawing performance and navigation buttons.
    Hex view, add 'Export strings...' link to string extractor
    Initial support for viewing PDF files using native API in Win10. This allows faster more accurate PDF rendering in viewer.
    Display Office Documents (docx, xlsx, pptx, etc) and OpenDocument (odt, odp, odx) files as HTML.
    When analyzing images, add right-click menu options to embedded thumbnails to 'View with internal viewer...' and 'Add to Case'

    Mismatch Search:

    Restructured UI for consistency and simplicity.
    Fix bug with 0 byte files not being excluded from results

    Password Recovery:

    Restructured UI for consistency and simplicity.
    Distributed password cracking with support for Multiple GPUs (Pro Only). Supports up to 1000 total clients when using distributed cracking
    Fixed an issue with Firefox password recovery, a crash that could occur when parsing Firefox V31 and earlier versions passwords

    Program Artifacts:

    Restructured UI for consistency and simplicity.

    Raw Disk Viewer:

    Restructured UI for consistency and simplicity (move buttons to 'Actions' link, convert to 'Config' link, add search bar)

    System Information:

    Re-organized UI for simplicity and consistency (consolidate "Live acquisition" into combo box, convert into "command list" link).

    Thumbnail Viewer:

    Fixed drawing of images with alpha channel.

    Tag/Untag:

    Changed behaviour of Tagging Files. Keyboard Shortcut (Ctrl+T) applies to selected (not checked) files. The Checked Items Submenu will have options to Tag/Untag checked files by submenu selection only. This has been implemented in FileSystem Browser and Find Name Search.
    Ability to open some tagged items in the case manager, e.g. cookie tagged item. ‘Open internal viewer’ will open the SQLite database where cookie was stored.
    Items tagged in the User Activity modules will indicate they were added in this module in the Case Manager

    User Activity:

    Restructured UI for simplicity and consistency.
    Moved 'Remove filter' link to 'Activity Filters' drop down
    Added Anti-Forensics Artifacts to scan the traces of Anti-Forensics programs
    Search Terms, cut down on duplicate entries by using DISTINCT in SQL query
    Events, filtered out 4624 event when logon type is 5 (too many system generated events swamping others)
    Added Cryptocurrency Wallet Apps to scan artifacts of wallet applications installed on the system
    Fixed activity-specific right click menu options and enter/double click options
    Added support for parsing UseNet NZB files to display filename, file size, poster and time
    Added Newshosting UseNet client P2P artifacts
    Changed the tree-view “Most Recently Used” item to be collapsed by default
    Fixed crash with change to Autofill in Edge Chromium when data value in Sqlite DB is not encrypted.
    Added a 3 second display of message "User Activity Scan Finished - No items found" when no items are found
    Added more checks for cancelled scan when processing ESEDB databases so cancel will complete faster
    Added support to parse the BitTorrent .torrent file format to display its contents info like the filename, file size, and time
    Added scanning for WiFi passwords stored on the Windows system and display under the WLAN category
    Fixed an issue with Firefox password recovery, a crash that could occur when parsing Firefox V31 and earlier versions passwords
    Added support to collect details about recently viewed PDF files in Acrobat Reader and their file size and page numbers.
    Added an option in the config window to allow full scan of the selected drives, which will search Torrent and NZB files across the drives and parse them
    Added support to collect the VLC Media Player last opened filepath by parsing it's .ini file

    Start Menu:

    Added search bar to the start page to quickly find OSF features

    Workflow:

    Set Mount Drive Image button to be hidden by default in the Workflow menu. This was done as the Add Device function is preferable in nearly all cases

    Python API:

    Add methods for adding/removing device from case (including BitLocker and Volume Shadow devices)

    Remote Server:

    Fix bug in creating destination folders when source path is a network folder

    Security:

    Update EXIFTool to 12.25 due to ACE security vulnerability

[close]

http://www.osforensics.com/

[SiLæncer]

Whats new:>>

    Bug Fixes:

    Fixed connection leak associated with creating OS Accounts
    Decreased priority of OS Account Content Viewer
    Misc bound check fixes in TSK

http://www.sleuthkit.org/autopsy

[SiLæncer]

Changelog

       
    Auto Triage:

    Fixed bug with loading user-specified logical image file type settings from config file

    Case Manager:

    New right click option in the case list to open the containing folder (in Windows Explorer).

    Clipboard Viewer:

    Changed linking of WinRT libraries shcore library or Win7 compatibility

    Disk Image:

    Cleaned up the word wrapping on message box warning

    Email Viewer:

    Increased size of 'To' and 'Cc' fields. Enabled word wrapping.

    Filesystem Support:

    Fixed bug in FAT entry offset calculation due to using float type. This caused incorrect offset calculation on exFAT file systems

    File Name Search:

    Added status window for adding files/folders to logical image to improve responsiveness when adding a large number of items

    Internal Viewer:

    When viewing PDF files earlier than Win8, use text conversion instead of native PDF viewer
    Changed linking of WinRT shcore library for Win7 compatibility
    Changed linking of WinRT Windows.Data.Pdf.dll library for Win7 compatibility

    Logical Image:

    Fixed performance issues when adding/removing sources when there are large number of existing items

    Password Recovery:

    Changed linking of OpenCL.dll to delay for Win7/8 compatibility

    Python API:

    Updated youtube-dl to newest version
    Added new Python script template for recursing directories in a file system, ignoring specified extensions and subdirectories

    Start Window:

    Search bar now searches as text is entered.
    Changed search to ignore word order, allow results for (n-1) search terms if no results, return help file if no results.
    Prevent certain search inputs that could cause unintended behaviour.

    WebBrowser:

    Updated web browser module to use webview2. On systems that support it (i.e. have chromium edge installed), the webview2 browser will be used, for systems without, will use the old browser control.
    Change linking of GetDpiForWindow for Win7 compatibility
    GUI Navigation/Icons should be less blurry
    Removed Save Page/Add to Case button/option (it is not implemented/supported by Webview2)
    Fixed issue with resizing browser window below minimum size and buttons moving out of place.
    Export Page, fixed possible bug when downloading a file/video fails causing OSForensics to crash.
    Changed default capture area (camera button) to Whole Page.
    GUI Added visible note to users notifying them that right click options (Save As and possibly Print) on webpages are not working due to webview2 running in elevated permissions as required by OSF.

[close]

http://www.osforensics.com/

[SiLæncer]

BruteShark is a Network Forensic Analysis Tool (NFAT) that performs deep processing and inspection of network traffic (mainly PCAP files). It includes: password extracting, building a network map, reconstruct TCP sessions, extract hashes of encrypted passwords and even convert them to a Hashcat format in order to perform an offline Brute Force attack.

License: GPLv3

Whats new:>>

    Add "Clear Results" button (following #95).
    Bug fix - although a certain network interface was selected at the user interface, another network card was selected behind the scenes (following to #99, #100).
    Upgrade to SharpPcap 6.0.0 (better performance among other improvements).

https://github.com/odedshimon/BruteShark

[SiLæncer]

Changelog

       
Auto Triage

Support for saving compressed Case files (experimental)
Support for uploading Case files to FTP server (experimental)
Fixed UI mouseover issues

Case Manager

Support for importing compressed Case files (experimental)
Fixed a error that occurred when trying to create a case in a network path

Create / Search Index

Fix crash bug when indexing corrupted OLE files (OLE is used in old style XLS, DOC, PPT files)
Added export of "lastfailedindexcfg.zcfg" for debugging purposes when indexing fails
Fixed potential crash bug with buffer issues in indexer

Memory Viewer

When running from network drive, DirectIo driver copied to temporary directory before loading. This is required becuase device drivers aren't be loaded by Windows from network drives.
When saving memory dump to network location, saves to temporary location before moving to network path

Start Window Search

Fixed home/end keys in text input
Added more search results

User Activity

Fixed potential memory buffer overflow crash in function on Win XP
Fixed a crash that could occur when collecting SRUM artifacts on Windows 11

Misc

Fixed crash when running from network drive
Update OpenSSL library in use to 1.1.1L. Previous version in use was v1.0.2L. This fixes a couple of potential security issues in OpenSSL.
Updated help documentation for internal viewer, E-mail viewer, map viewer, file name search map view, updated screenshots

[close]

http://www.osforensics.com/

[SiLæncer]

Changelog

This version contains an implantation of new network model.
That data structure role is to store the current network state including all the extracted items.
Apart from the fact that this refactor improves the readability and structure of the code, thanks to this data structure different display components can share information while maintaining unconsciousness from each other (e.g the Network Map user control can now access DNS records if there are any).

Main Features:

    Network Map user control now have a control describes the node details: open ports, DNS records, sessions count.
    The exported files including a new file named "BruteShark Network Nodes Data.json" that holds all the nodes details (following issue #77).
    Better performance.

[close]

https://github.com/odedshimon/BruteShark

[SiLæncer]

Changelog

    This version contains few improvements and features:

    First, the network map had upgraded by adding additional fields that enables to get insights about domain users and the amount of data transferred from each point in the network:
    Sent data - The amount of data (bytes) sent by the host.
    Received data - The amount of data received (bytes) by the host.
    Domains - the domains that the host is a member of.
    Domain users - domain users that logged into the host.
    This fields will also appear at the "BruteShark Network Nodes Data.json" file that holds all the nodes details.

    Secondly, the BruteSharkDesktop installer file was upgraded:

    Allow to upgrade existing version of BruteSharkDesktop without the need to manually remove the old version.
    Set the license also at the installer prompt.

[close]

https://github.com/odedshimon/BruteShark

[SiLæncer]

Changelog

       
Create / Search Index

    - Added "Save to disk" checked items menu option
    - Added "Uncheck all" menu option
    - Updated text for "Save to disk" option

Email Overview

    Fix overflow with long To/Cc/Bcc strings in mbox and dbx files. Fix missing single address summary icon. Add Top 10 contacts filter to sankey graph. Combine sankey graph and summary table when added to case.

File Name Search

    Updated the P2P presets to include UseNet related keywords

Logical Image

    Fixed a bug in creating destination folders when source path is a network folder (eg. \\holly\temp)

User Activity:

    Added an option in the config to allow full scan of the selected drives, which will search Torrent and NZB files across the drives and parse them


Changes for Beta 2:

OS Support

    Adding Windows 11 support.
    (at this point there is one open issue with parsing the am-cache data in Win11. All other modules should work in Win11)


Email Viewer

    Added single email summary and sankey graph
    Fixed buffer overflow when there are too many destination e-mail addresses

Email Overview

    Added email summary to case manager

User Activity

    Added feature to scan the Anti-Forensics artifacts from AppCompatFlags records.
    Added Desktop and Documents locations for P2P artifacts scan
    Added sub-category under P2P
    Updated P2P columns
    Restored 'User Activity - Summary' dialog box to tree right-click menu (to hide items in the tree view that have zero results)

ESEDB Viewer

    Fixed an issue where tree-view items are not loaded in the ESEDB Viewer if User Activity has not been initialized before
    Fixed an issue loading ESE Database files of Windows 11 Pro Version 21H2

File Name Search

    Fixed map view popup with incorrect width due to unitialized variable
    Change alpha of map view popup thumbnail from 50% -> 100%

[close]

http://www.osforensics.com/

[SiLæncer]

Changelog

       
    * NEW JSON Viewer *
        Supports syntax highlighting for JSON documents
        Treeview shows the hierarchical dependencies between JSON nodes
        Supports JSON formatting and indenting
        Supports compressing (minifying) JSON documents
        Supports encoding: UTF8, ASCII, UTF16 BE/LE
    * NEW Remote Acquisition *
        Preliminary implementation of remote acquisition module
        Added encryption to configuration file. Prompt user for password when loading/saving config file
        Automatically import case when remote acquisition complete
        Support for domain user accounts
        Support for compressed Case File
    Auto Triage
        Fixed bug in FTP case file upload
        Added error messages when uploading of case file failed
        Save FTP config to OSF config file on close
        Fixed minor UI bug when hovering over triage tasks
        Refactor to support running without GUI (ie. command line option)
        Added command line options to run Auto Triage in standalone mode
    Case Management
        Added Case Size column to the list of selectable cases. Size is calculated in background thread
        Added option to "Export to file" in "Export Case" button dropdown menu
    Create / Search Index
        Fixed crash bug when searching in index containing long file paths in the protected files list
    Deleted Files
        Fixed multiple device scanning
    Email Viewer
        Tiff Export, Moved tiff export menu item, changed emails md5 to sha1 and added attachments sha1, added tiff export progress to title bar
        Updated tiff export folder structure
        Updated load file format, added text extraction (using code from Zoom)
        Renamed concordance export option, removed debugging print
        Added right click option to export emails to concordance load file
    Forensic Imaging
        Improved image creation speed significantly
        Changed buffers sizes used to be 16MB by default and 256MB if there is greater than 6GB free system RAM and changed file access method which results in much better performance on very fast drives
        Changed zlib library in use for 64bit build to the cloudflare fork for increased speed when compressing E01 images
        Changed AFF4 compression from using ZLIB to LZ4 which results in increased speed when creating the image
        Fixed a bug where selecting "None" for the hashing function was still creating an MD5 hash while creating the image resulting in a slower speed than expected
        Added CRC32-C to the available hashing options, an SSE4 enhanced version of CRC that is much faster
        Added hash outputs to create image tab
    Install to USB
        Added option to set the workflow to a minimal set of modules for portable OSF installations
        Allow installation of OSF portable to network folder
        Added option to include python packages
    Image Viewer
        Fixed possible bug where the thumbnails may not be display/extracted the second time the image is analyzed
    Password Recovery
        Fixed crash due to using freed OpenSSL structure
    Start Page
        Re-assigned Modules to different groups
        File System Browser moved to File Searching & Indexing
        Web Browser and Analyze Memory with Volatility moved to House Keeping
        Program Artifacts moved to System Artifacts & Passwords
        Change to "Install to USB" to 'Install to USB or Network'
        Modules hidden in both the workflow menu and start page (via customize workflow) will have grey text and have the word [Hidden] appended when appearing in the Module Feature Search. Note: This does not prevent user from accessing these modules
    SQLite Browser
        Fixed bug where it opened the add to case dialog using the main window's handle instead of SQLite Browser's
        Fixed bug where it opened the file select dialog using the main window's handle instead of SQLite Browser's when selecting 'Load DB'
    User Activity
        Added Browser Custom Dictionary entries for Opera and Firefox.
        Added new Browser Custom Dictionary entries activity type. (Chrome, Chromium Edge, Opera, Firefox)
    Web Browser
        Capture Screenshot Region will capture upon left mouse up (previously required user to hit 'Enter' key)
    Web Capture
        Internal changes to better support timing out when a page fails to load, adding delays after page has completed loading before taking capture, setting the page scale
    Misc
        Updated Crypto++ library to 8.6.0

[close]

http://www.osforensics.com/

[SiLæncer]

Whats new:>>

Remote Acquisition

Fixed error when network path contains spaces
Use XML config file to pass triage options rather than command line options
Fixed reporting of triage status for pre triage tasks (memory dump) and post triage tasks (HTML report, FTP upload)

Auto Triage

Refactored handling of logical image configuration

http://www.osforensics.com/

[SiLæncer]

Changelog

GUI Updates:

Special handling of Interesting Files and Interesting Results analysis results was removed from the tree and they are now shown as individual nodes.
Updated display of analysis results in the tabular results viewer.
Improved algorithm for populating the S(core) column in the tabular results view.
Updated the right-click menu options for data artifacts and analysis results.
The O(ther Cases) column in the tabular results view and the Other Occurrences content viewer now count cases in the same way.

Misc:

Installed applications are now added to the central repository.
The Central Repository ingest module no longer uses the generic Interesting Item analysis result and instead creates more specific Previously Seen, Previously Unseen, and Previously Notable analysis results.
Automatic destinations (jump lists) parsing added to the Recent Activity module.
French translation of user documentation contributed by github user @Seb2lyon .

Bug Fixes:

Analysis Results and Annotation content viewers now work when parent is a data artifact.
Fixed bug that prevented media attachments from being displayed in the Communications Viewer.
Fixed RegRipper bug to support parsing of ShellBags with non-Latin characters.
Assorted GUI responsiveness fixes.
Fixed NTFS handling of compressed files that were not fully initialized (via TSK).
Other assorted bug fixes.

[close]

http://www.sleuthkit.org/autopsy

[SiLæncer]

Changelog

Auto Triage:

Fixed stack overflow when attempting to calculate folder size for logical image
Updated info text for Logical Image Config Dialog Box
When loading previous config, re-prompt for FTP server password if non-anonymous upload is enabled

Android Logical Image:

Fixed bug where after imaging, OSForensics would fail to attach log to case "path not found"

Remote Acquisition:

When loading config file, re-prompt for FTP server password if non-anonymous upload is enabled
Added support for non-anonymous FTP upload without passing plain text password
Added check if portable install version matches current version
Fixed triage status file not being written when saving as compressed Case file format

Misc:

Fixed detection of OSForensics Portable for current running instance

[close]

http://www.osforensics.com/

[SiLæncer]

Changelog

    Case Management

        Fixed "Verify" option on case items not working correctly
        Fixed "Verify" option on case items without hash values not displaying an error message

    Deleted File Recovery

        Fixed bug, OSForensics will now proceed with File Carving (if enabled) even if the image file contains mixed file system partition types

    JSON Viewer

        Added right-click menu to view HTML format conversations using internal/system web browsers, also double-click to open browser
        Added TXT and CSV exporting options
        Added support to parse Google Hangouts archive JSON format file downloaded from Google Takeout. It provides a summary view of the Hangouts conversation history and allows export of the selected Hangouts conversations to HTML with nicely formatted chatting app-like style so users can easily read through the messages.
        Added right-click menu to export HTML files to case
        Removed Compress JSON button as it may cause crash on large files

    Remote Acquisition

        Fixed logical image creation on remote machine
        Delete temporary config file passed to remote machine when acquisition finished

    Start Window

        Fixed constant CPU usage due to redrawing

    Verify/Create Hash

        Fixed hash function not starting if "none" was selected for the secondary hash

[close]

http://www.osforensics.com/