Thema: Forensic Software diverses

[SiLæncer]

Changelog

       
    Auto Triage:

    Fixed crash in Auto Triage > Logical Image Configuration when selecting Peer 2 Peer option (pattern string length was too long)
    Fixed crash in Auto Triage > Password recovery

    Password Recovery:

    Fixed windows login passwords not scanning when using live acquisition

    User Activity:

    Fixed bug when trying to re-order columns for USB items that would cause the columns to disappear until OSF was restarted

    User Interface:

    Mitigated Window drag lag (effect was more prominent with mouse using with high polling rates (>300/s))

    Misc:

    Fixed issue with OSF not validating some key.dat files because of extra lines in the file

[close]

http://www.osforensics.com/

[SiLæncer]

OSFClone is a free, self-booting solution which enables you to create or clone exact raw disk images quickly and independent of the installed operating system.

In addition to raw disk images, OSFClone also supports imaging drives to the open Advance Forensics Format (AFF). AFF is an open and extensible format to store disk images and associated metadata. An open standard enables investigators to use quickly and efficiently their preferred tools for drive analysis. After creating or cloning a disk image, you can mount the image with PassMark OSFMount before conducting analysis with PassMark OSForensics™.

OSFClone creates a forensic image of a disk, preserving any unused sectors, slack space, file fragmentation and undeleted file records from the original hard drive. Boot into OSFClone and create disk clones of FAT, NTFS, and USB-connected drives! OSFClone can be booted from CD/DVD drives, or from USB flash drives.

Freeware

Whats new:>>

    Updated Porteus Linux to V5.0 (Base Image, Porteus-XFCE-v4.0-x86_64.iso)
    Updated libewf to 20220831 (included libsmdev-20220716)
    Updated afflib to 3.7.19

http://osforensics.com/tools/create-disk-images.html

[SiLæncer]

Changelog

       
    Case Management:

    Reporting, increased PDF report generation timeout
    Reporting, added a progress window when exporting report as a PDF
    Devices, added support for BDE volumes with a clear key

    Create Index:

    Fixed bug where if multiple folders/unallocated are added, the indexers fails to run

    Deleted Files:

    Fixed crash when carving MFT records on disks without valid file systems

    Email Viewer:

    Added checkbox option to search for attachment filenames

    Password Recovery:

    Added an error message and retry option if Chrome local state file was locked (triggered if using Chrome to login into a site or switch profiles at the same time as running a scan in OSF)
    Now clearing file system cache before performing scan. This is to fix issues due to inconsistent data when scanning live system drives in Forensics Mode
    Fixed a failure to decrypt passwords due to unnecessary encoding/decoding operations of the keys when scanning Browsers passwords. This caused incorrect AES key and key length returned which caused the failure
    Decryption and Password Recovery, made a change so that the number of available GPUs is not checked until clicking on the tab (previously it would happen at OSF startup and could cause a crash if GPU drivers are out of date)
    Fixed bug where scan was being preformed on Live system regardless of which drive was selected

    Rainbow Tables:

    Fixed bug where 'recover passwords' button did not resize properly after recovery is completed/cancelled

    Start Page:

    Added icon and button to display USB write blocking current setting, displayed as "USB Write: Enabled" or "USB Write: Disabled", and can be toggled on and off using this button (current case setting will be changed)

    User Activity:

    Now clearing file system cache before performing scan. This is to fix issues due to inconsistent data when scanning live system drives in Forensics Mode
    Fixed a failure to decrypt passwords due to unnecessary encoding/decoding operations of the keys when scanning Browsers passwords. This caused incorrect AES key and key length returned which caused the failure

[close]

http://www.osforensics.com/

[SiLæncer]

Changelog

       
    E-mail Viewer:

    Fixed Ctrl+J jump to message shortcut not working
    Create / Search Index
    New indexer builds
    Fixed email indexing issue with delimiter character

    Internal Viewer:

    Metadata, allow the user to manually extract EXIF data For large files that need to be saved temporarily on disk
    Ffmpeg, fixed pts-related bug affecting certain video files (eg. mjpeg/Microsoft PCM)
    Images, added file size limit for reading to buffer when using libheif

    Misc:

    Replace file size limit with warning prompt when creating temporary copy of a large file

[close]

http://www.osforensics.com/

[SiLæncer]

Changelog

       
    Boot VM:

    Fixed error booting MacOS image on VirtualBox for some systems
    Added a check to prevent user from adding VM to case if a case is not open

    Case Management:

    Reports, added option to have a minimum font size when exporting report as PDF
    Increased font sizes for better readability when exporting as PDF
    Reports, added checkbox for case report dialog "Include thumbnails" to allow thumbnails to be enabled/disabled. It can be useful to disable thumbnails for reports with thousands of images otherwise they may not open correctly in a web browser

    Deleted Files:

    Fixed possible crash when looking up carved files in hash set

    Email Viewer:

    Fixed bug when exporting PST emails to list. The TO, CC, and BCC fields were not cleared between emails

    Internal Viewer:

    Ffmpeg, fixed ffmpeg library error by re-arranging load order of DLLs (previously could display a “Failed to load library” error at OSForensics start-up)

    Mobile Artifacts:

    Fixed bug with exporting SMS to CSV/Text where Sent/Received field was displaying only received
    Fixed bug with exporting SMS to CSV/Text where selected checked items were not being exported correctly. The export was incorrectly using fixed GUI list position index and not the internal list indexes

    Password Recovery:

    Fixed some possible crashes that could occur

    User Activity:

    Fixed possible crash when scanning MRU

[close]

http://www.osforensics.com/

[SiLæncer]

Changelog

       
    File Carver:

    Fixed possible crash during carving when verifying carved images with GDI

    USB Install:

    Fixed crash when trying to create a USB install with all checkboxes selected

    Misc:

    Fixed ffmpeg library loading warning on machines with Visual C++ Redistributable not installed

[close]

http://www.osforensics.com/

[SiLæncer]

Whats new:>>

    Updated WinPEBuilder for ffmpeg support in WinPE
    Fixed signing issue with previous build

http://www.osforensics.com/

[SiLæncer]

Changelog

    Case Manager:

    Fixed tagged files not being saved to the case due to incorrect duplicate file check

    Hash Set:

    Fixed bug with exporting CSV files, category was not being exported in the CSV
    Updated example export output in Help

    Install to USB:

    Fixed bug when Installing OSForensics to USB drive with an old version subscription key, it may wipe the current license from the local install

    Raw Disk Viewer:

    Add support for ext4 64-bit feature

    System Information:

    Fixed crash when “Live Acquisition - Current Machine” is selected for the scan and “Basic System Information” command is selected

    Web Browser:

    Fix bug where OSF may fail to add downloaded video file to case

    Misc

    Updated VolatilityWorkbench to V3.0.1004

[close]

http://www.osforensics.com/

[SiLæncer]

Changelog

    ESEDB Viewer:

    Fixed a bug where Windows.edb file could not be loaded from an image file
    Changed the selecting custom Windows.edb file behavior to make the Windows.edb filepath as the initial directory

    Logical Image - Android Copy:

    Fixed possible crash during imaging due to long file names/extension

    Program Artifacts:

    Fixed parsing of the prefetch files for windows 10 builds 1903 and newer to collect the correct run count

    Report Generation:

    Fixed issue where all 'Exported Files' were added to every 'Category' section
    Enabled hiding of thumbnails for PDF reports
    Fixed issue where options was not disabled for certain report options

    Misc:

    Fixed issue with hover text not displaying properly on toolbar icons (Script Player & SQLite Browser)
    Fixed issue where email files and BitLocker files could not be read in Forensics mode

[close]

http://www.osforensics.com/

[SiLæncer]

Whats new:>>

Fixed issue where all 'Photos of Acquired Evidence' were added to every 'Category' section

http://www.osforensics.com/

[SiLæncer]

Changelog

    File Viewer/File Name Search:

    Added MSVCP140.dll and vcruntime140.dll to fix missing system file issue that could happen when opening docx files and filtering on EXIF metadata in some Windows 11 builds

    Manage Case:

    Fixed issue where USB write block was not being enabled/disabled

    Start Page:

    Fixed issue where 'USB Write: Enabled/Disabled' icon text was not updating in custom workflows
    Fixed issue where 'USB Write: Enabled/Disabled' text was written onto the wrong icon

[close]

http://www.osforensics.com/

[SiLæncer]

Chainsaw provides a powerful ‘first-response’ capability to quickly identify threats within Windows forensic artefacts such as Event Logs and MFTs. Chainsaw offers a generic and fast method of searching through event logs for keywords, and by identifying threats using built-in support for Sigma detection rules, and via custom Chainsaw detection rules.

License: GPLv3

Changelog

v2.6.2 Latest

This release contains the following changes of note:

    Adds array indexing support to key identifiers (tau-engine), which also fixes some chainsaw rules...

v2.6.1

This release contains the following changes of note:

    Fix hunts not running on .jsonl files
    Bring in some false positive reduction for the default Sigma rules mapping file

[close]

https://github.com/WithSecureLabs/chainsaw

[SiLæncer]

Whats new:>>

    Create index:

    Added mp4 and mv4 to default video formats
    Fixed detecting UTF-8 text files without a BOM

http://www.osforensics.com/

[SiLæncer]

Whats new:>>

    This release contains the following changes of note:

    Add cache to disk support for JSONL output
    Add file path to CSV output
    Fix for newline output issue in tabluar output
    Rule loading warnings should highlight output as a warning
    Tweaks and improvements to mappings and rules

https://github.com/WithSecureLabs/chainsaw

[SiLæncer]

Whats new:>>

This release contains the following changes of note:

    Fix mutually exclusive command line options -c can only be used with --jsonl
    Error if caching file cannot be created
    Make thread count is respected everywhere
    Better handling of sigma rules (warn on unknown modifiers, and support base64 conversions)
    additional optimisations to jsonl output

https://github.com/WithSecureLabs/chainsaw