Das Forum rund um DVB am PC, Handy und Tablet
Neuigkeiten:
Anzeigen der neuesten Beiträge
Übersicht
Forum
Hilfe
Einloggen
Registrieren
DVB-Cube <<< Das deutsche PC und DVB-Forum >>>
»
PC-Ecke
»
# Security Center
»
Software (PC-Sicherheit)
»
Thema:
Forensic Software diverses
« vorheriges
nächstes »
Drucken
Seiten:
1
2
3
4
5
[
6
]
7
8
9
10
11
12
Nach unten
Autor
Thema: Forensic Software diverses (Gelesen 19398 mal)
0 Mitglieder und 1 Gast betrachten dieses Thema.
SiLæncer
Cheff-Cubie
Beiträge: 191383
Ohne Input kein Output
Autopsy 4.10.0
«
Antwort #75 am:
16 Januar, 2019, 17:00 »
Autopsy is a graphical interface to The Sleuth Kit and other analysis tools. It was designed to be an extensible platform so that it can be an end-to-end digital forensics solution that incorporates plug-in modules from both open and closed source projects. The application provides users with various analysis features and with the possibility of generating HTML or CSV reports as well.
License: GPL
Changelog
New Features:
Central Repository
Case Manager shows data source details
SSID, MAC address, IMEI, IMSI, and ICCID can be stored and correlated on
SSID, MAC address, IMEI, IMSI, and ICCID values from past cases are flagged if they are seen again in the current case.
File types can be specified when searching for common files with past cases.
Results from finding common files with past cases is now organized by case instead of by number of occurrences.
The Central Repository can now be searched for a specific value (hash, email, etc.)
The E01 Verifier ingest module was renamed to Data Source Integrity module and it will:
Calculate hashes if none exist for a non-E01 data source
Validate hashes if they are defined
MD5, SHA1, or SHA256 hash values of raw data sources can now be specified when they are added.
Added the ability for examiners to select the time zone for displaying dates.
Tesseract OCR text extraction for keyword search now supports languages other than English, if language packs are installed.
Custom headers and footers can now be added to HTML reports.
New report module to export basic file data in CASE/UCO format.
Ingest filter rules (for triage) can now specify a list of extensions (such as "jpg,jpeg,png") instead of needing to make a rule for each extension.
Image Gallery:
Refactored to ensure database was fully closed when case was closed.
No longer pre-populate DrawableDB database.
Added caching to reduce time required to insert files after analysis.
Bug Fixes:
Duplicate interesting item and EXIF metadata artifacts are no longer created when you run the modules that generate them more than once.
The Application content viewer now displays SQLite table column names even when the table is empty.
Assorted small bug fixes are included.
[close]
http://www.sleuthkit.org/autopsy
Arbeits.- Testrechner
:
Intel® Core™ i7-6700 (4 x 3.40 GHz / 4.00 GHz)
16 GB (2 x 8 GB) DDR4 SDRAM 2133 MHz
250 GB SSD Samsung 750 EVO / 1 TB HDD
ZOTAC Geforce GTX 1080TI AMPExtreme Core Edition 11GB GDDR5
MSI Z170A PC Mate Mainboard
DVD-Brenner Laufwerk
Microsoft Windows 10 Home 64Bit
TT S2 3200 ( BDA Treiber 5.0.1.8 ) + Terratec Cinergy 1200 C ( BDA Treiber 4.8.3.1.8 )
SiLæncer
Cheff-Cubie
Beiträge: 191383
Ohne Input kein Output
Autopsy 4.11.0
«
Antwort #76 am:
29 April, 2019, 12:22 »
Changelog
New Features:
Adding Data:
Hashes can optionally be entered when adding a disk image data source to a case.
Acquisition details can be stored when the data source is added.
Ingest Modules:
Added support for Microsoft Edge browser (cookies, history, and bookmarks)
Added support for Safari web browser (downloads, cookies, history, and bookmarks)
Expanded Chrome browser support to include cache parsing and form/auto fill.
Expanded Firefox browser support to extract form/auto fill fields.
Parse Zone.Identifier files to identify the source of files.
Added a TSK_SOURCE artifact to downloaded files to help users trace back to where it came from.
Added support for parsing vCards (virtual cards).
Extract more information about Windows user accounts (number of logins, creation date, and last login)
Detect more operating system types, which get saved as a TSK_OS_INFO artifact.
Detect Android media cards, which gets saved as a TSK_DATA_SOURCE_USAGE artifact.
UI:
The Application content viewer now displays HTML files.
Video playback now uses gstreamer on 64-bit systems, which supports more video formats.
Pictures can be rotated and zoomed in the Application content viewer.
The Other Occurrences content viewer layout was reorganized to make viewing the data easier.
New "Data Source Summary" panel shows high-level statistics and details about the data sources in the case.
Data sources are now listed in the data sources tree in alphabetical order.
The presentation of finding common properties within a case was revised to group results in a more helpful way.
Report / Export:
Portable Cases can be created based on tagged data. These cases contain a subset of the case data and can be opened anywhere.
Users can now choose tabs or commas as the delimiter for a files report.
Case notes are included in the HTML report.
Other:
Added a new file type that allows module writers to specify a file based on its byte range.
Data sources can be analyzed and have a CASE/UCO report generated using only the command line.
Bug Fixes"
Decreased the time required to execute inter-case common properties searches of the Central Repository.
Assorted small bug fixes are included.
[close]
http://www.sleuthkit.org/autopsy
Arbeits.- Testrechner
:
Intel® Core™ i7-6700 (4 x 3.40 GHz / 4.00 GHz)
16 GB (2 x 8 GB) DDR4 SDRAM 2133 MHz
250 GB SSD Samsung 750 EVO / 1 TB HDD
ZOTAC Geforce GTX 1080TI AMPExtreme Core Edition 11GB GDDR5
MSI Z170A PC Mate Mainboard
DVD-Brenner Laufwerk
Microsoft Windows 10 Home 64Bit
TT S2 3200 ( BDA Treiber 5.0.1.8 ) + Terratec Cinergy 1200 C ( BDA Treiber 4.8.3.1.8 )
SiLæncer
Cheff-Cubie
Beiträge: 191383
Ohne Input kein Output
rifiuti2 0.7.0
«
Antwort #77 am:
09 Mai, 2019, 17:00 »
Rifiuti2 analyse recycle bin files from Windows. Analysis of Windows recycle bin is usually carried out during Windows computer forensics. Rifiuti2 can extract file deletion time, original path and size of deleted files and whether the deleted files have been moved out from the recycle bin since they are trashed.
BSD License
https://abelcheung.github.io/rifiuti2/
Arbeits.- Testrechner
:
Intel® Core™ i7-6700 (4 x 3.40 GHz / 4.00 GHz)
16 GB (2 x 8 GB) DDR4 SDRAM 2133 MHz
250 GB SSD Samsung 750 EVO / 1 TB HDD
ZOTAC Geforce GTX 1080TI AMPExtreme Core Edition 11GB GDDR5
MSI Z170A PC Mate Mainboard
DVD-Brenner Laufwerk
Microsoft Windows 10 Home 64Bit
TT S2 3200 ( BDA Treiber 5.0.1.8 ) + Terratec Cinergy 1200 C ( BDA Treiber 4.8.3.1.8 )
SiLæncer
Cheff-Cubie
Beiträge: 191383
Ohne Input kein Output
OSForensics 7.0.1000
«
Antwort #78 am:
31 Juli, 2019, 12:16 »
Changelog
Platform support:
OSF will no longer run on Windows XP systems. (But disk images from XP machines can still be investigated). If support for installing the software on a XP system is required, then V6 will need to be used.
Add Device:
Bitlocker volume details (eg. key protectors, encryption, etc) now displayed when adding a bitlocker-encrypted drive to case Removed "Forensics Dude" from the Add Device window. The formatting of the help text was changed to the same look as the other windows.
Android Logical:
Fixed issue where during logical copy, some directories were not being included.
Android Artifact:
Removed misleading text indicated "images" can be added to scan. Added warning if adding ".vhd" (e.g. from logical copy) that it needs to be added to device first.
Photo artifacts were only looking at the "data\com.google.android.apps.photos\db\gph otos 0.db" (specified in Help File). But will now also do a quick scan for known image file extensions. Added notification to user to use File Name Search module for more advance viewing/search options.
MMS extracted with OSFExtract will show recipients on the message.
Android Copy:
Copying to a Logical Image (VHD) will no longer require a full scan to calculate disk size. This should increase its responsiveness.
Updated OSFExtract to V1.0.1003. Change: App will transfer "canonical_address" table from mmssms.db database file. Which contains the addresses (recipients) for MMS threads.
Auto triage:
Added configuration options for logical image creation
Moved deleted files report export to a separate thread to improve responsiveness
Moved recent activity report export to a separate thread to improve responsiveness
Disabled hashing of signature file list to improve responsiveness
Boot Virtual Machine
Added ability to boot an image as a VM from OSForensics.
Image to be booted can be read only, as the image file is never modified. Instead changes to the image are written to separate cache files.
Images format support includes E01, Raw, Split images, VMDK, VHD, etc..
Write cache files are now used in mounting when 'Restore existing disk state' is checked, so VM can be restarted were you left off
Added new menu option in Workflow navigation, "Boot Virtual machine" with 3 tabs showing running machines, and associated drives.
Added 'Boot Virtual Machine' icon to Start page
User can select number of cores to allocate to the VM, RAM size and if networking is enabled. Default values are scaled based on system specs of host.
Support for booting partition images by pre-pending an MBR image to the disk in the .vmdk file. (normally it is impossible to boot just a bare partition). This includes images that use with ntldr for booting (Windows XP) and bootmgr + BCD images (Vista and above). Machines with EFI System Partitions are also supported.
VMWare 14,15 and VirtualBox 6 are supported as hypervisors
Host machine needs to be 64bit. Guest can be 32bit or 64bit. Guest image can be Mac OS X 10.13 (High Sierra), Windows XP to Win10 and some Linux distributions.
Preliminary support for disk with multiple bootable partitions. Added warning text when multiple O/Ses are detected on the disk. Note: Not all permutations of multi-boot O/Ss will be supported (there are too many to test). Mac and Windows on the same disk is known to be problematic.
Added option to bypass Windows login by patching a Windows system file and setting automatic logon option in the registry. This method is fast, but it doesn't crack the password of the user. So any files encrypted with EFS are not decrypted. As patching of system files are required, not all releases of Windows are supported. The Win 10 releases from March 2019 (17763) is known to have a problem.
There is support for selecting which user account to auto-logon into in the case where the machine has multiple accounts.
A new version of OSFMount is included with the package. V3.0 build 1005. This allows mounting of images as (emulated) physical drives and caching of disk writes to temp files.
Case Manager
Fixed bug with trailing space characters allowed in case name (causing invalid Windows folder names to be created)
Defined new hash set flag level "major" for Project VIC
Add info dialog when adding a Bitlocker-encrypted drive to Case
Added new case item group for virtual machines
Added case details tab for customizing category definitions
Fixed an annoyance, sometimes when switching cases the OSForensics GUI will lose focus and another window will be on Top.
Fixed a bug where sometimes the status dialog window size can appear too large while generating report.
Reporting, "Extra Information" box will export and identify $FILE_NAME timestamps for applicable items and label it as such. Note: Applies to new items added to case. Existing items in cases will not have the extra timestamps.
Reporting, "Skip Empty" checkbox to do not include empty artifact categories in the generated reports.
Add button for the Case Narrative (html) editor in the main Manage Case module.
Double-clicking on virtual machine case item switches to 'Boot Virtual Machine' module and selecting the VM in the list
When deleting a device that was the case default device the default device will now be set to the first device associated with the case or the C drive if there are no more devices.
Removed "Results of forensics analysis" and "Executive Overview" headings from case narrative / auto triage report
When removing categories, all case items belonging to category shall be unassigned
Categories can now have optional "Notes" property
Added button to manage categories, when adding/editing case items, can click on 'Category' link to manage categories
When adding or editing case items, a new category can be entered in the Category dropdown
Separated "Offences" list and "Categories" list. Defined a new "Categories" list that reflects more common categorization types.
Fixed bug where downloads/attachments were not being loaded into case after OSF restart.
Removed all options other than 'Delete' when right-clicking multiple selected items
Fixed possible crash when sorting Case Item name
Added missing 'Raw Disk' exports to generated report
Create Index / Browse Index
New Indexing feature added, Optical character recognition (OCR) for PDF files. Previously this was only done on photographic images.
Updated indexing engine, with lots of more minor changes for handling different file types & performance.
Added ability to skip pre-scan when creating an index
At Step 1, have all options check-marked by default except binary executable files, which don't contain much useful text.
Fixed bug with search being prematurely truncated when indexed 0x1A character in meta data (title, description, etc.)
Fixed bug with substring searches applying within exact phrases
Fixed bug with exact phrase searches spanning across page SECTIONS. This caused some exact phrase searches (containing words which occur on the page many times but not in that sequence) to take extraordinarily long.
Fixed Check/Uncheck all buttons not affecting new file type options
Fixed buffer overflow issues & crash bugs in Browse Index (removed unnecessary dictionary counting) and when Filtering results
Fixed bug with filenames not being indexed for PDF files and other plugin formats
Improved error messages when failing to launch indexer
Fixed "Failed to add folder" bug with Create Index -> Add folder
Fixed bugs with handling multi-partition images
Fixed bug with Index names ending with "." which caused various failures
Fixed indexing unallocated clusters for entire disk images
Create Signature:
File system cache is now cleared before creating a signature in Direct Access mode. This is important for live file systems where the content is changing while OSF is running.
Compare Signature
Increased number of recently selected signature comparison files (displayed in drop list when selecting a signature) from 10 to 15
When creating a hash set from a comparison there is now the option to include all files in the comparison or just new ones
Added a new difference type of "Attributes Modified"
Deleted Files / File Carving
Hashing of files will only be performed for non-empty files (0 byte files are skipped).
Improved responsiveness by not redrawing window if not visible
Fixed a lockup that could occur
Added new status tab while scanning to show number of files (grouped by extension) found/recovered.
Removed message dialog when no files are found
Checkbox added to enable/disable extensions for file carving.
Updated FileCarver to be threaded for better performance (by adding threading to several operations). Resulted in 2.6x faster carving on a test system.
Added option to look within a sector for header pattern match. Enabled by default (same as previous behaviour) OSF only looks at the bytes only at the beginning of the sector.
Added definition for HEIC/HEIF image file format to allow these types of images to be carved.
Updated JPG file header definition to decrease number of false positive when carving.
Added definition for SQLite files
Added definition and extractors for Intel based Assembly Files (.asm)
Added definition and extractors for .torrent, .nef (Nikon RAW Image), .orf (Olympus RAW Image), .arw (Sony RAW Image) and .raw (Lecia/Panasonic RAW Image) formats
Added header definition for FUJI Raw Image Format (.raf) and Mobile Video Format (.3gp).
List view in Status Window showing total files found is now sortable.
Fixed issue when "Applying Filter" was not returning (stuck in loop).
Fixed issue with double counting files with simliar header pattern.
Drive preparation
Fixed an open file handle from the Drive test that would prevent the data pattern write if the drive test was run first. This fixes a possible false report saying the drive was faulty, when in fact the drive was just locked
Email Viewer:
Fixed UI issues when minimizing and restoring windows
ESEDB Viewer
Changed behaviour to load all items for selected table into data buffer so we can sort columns correctly, still only displaying 1000 entries per page. Will mean a slower initial load but much faster sorting and searching.
Columns can now be sorted by clicking on the column heading
Added SRUDB.dat to known esedb list when opening the ESEDB viewer and fixed some date display issues for the SRUDB date / time format.
File Name Search:
Allow the user to enable the other four ($FILE_NAME attribute) time stamps in the File Name Search Details View.
Added ability to create a New Preset option in the Config window. Defaults are still loaded from FileNameSearchPresets.txt file in AppData directory. User defined Presets are saved in the OSF config file, config.OSFCfg.
Change the module icon from "disk" to "binocular" to be consistent with the main menu.
Config, fixed bug where hash sets were not populating in the drop down selection.
Added right-click option to show only checkmarked files.
Added ability to include additional folders and/or exclude folders from the File Name Search.
When switching cases, any previous search result previously performed will be cleared.
Fixed a bug when enabling $FILE_NAMES attributes, the horizontal scroll will disappear in the List View.
Added Right-Click menu option to "Jump to Thumbnail View" from the File Details and File List tab. And "Jump to File Details" from the Thumbnail Tab.
Started saving column ordering, visibility and size in OSF config file
Fixed default title not being updated when adding multiple files to case
File Previewer/Image viewer:
Added support for single image HEIC files
File System Browser:
Refreshing the current folder using the F5 now clears the file system cache and allows user to see changes to live file system.
Fixed hidden scrollbar when minimizing/restoring the window
Fixed vector Out of bounds crash
Forensic Imaging:
Create a Drive Imaging queue to allow user to add other drives to image once the first imaging job is complete.
Forensic Copy:
Added option to add individual files to the image list instead of just only folders.
Improved performance of looking up duplicate paths by keeping track of hashes
Fixed copy operation not aborting after pressing 'Stop'
Changed source list view to owner draw for better performance
Moved total file size calculation to a separate thread for better response
Hash Set:
Added new built in hash sets for: Keyloggers, VPN Software, Peer to Peer (P2P) software, Cryptocurrency
Added feature to import folder of VIC files. "Import VIC file set" will now prompt to either "import into existing active database" or "create new database". Updated import VIC feature to ignore Category: 0 which are considered Safe files
Added support for importing V2.0 format VIC hash set.
Added support for importing SHA1, MediaSize, LastUpdated fields from V1.3 VIC file format
Fixed Bug with Right Click->Export to Text file output being corrupted. (Column Indexes to the ListView were not correct).
Fixed Bug where Right Click->View with Internal Viewer was unable to open deleted files entries.
Fixed Bug where false positive matches were being returned. (Previous result was not being cleared).
When quitting, OSF will remember the current active hashset & reselect that hashset on startup.
Made error message more descriptive on import failure. Fixed bug holding hast set open after failure to import that was preventing deletion.
Fixed a bug preventing pasting folder locations into the NSRL data set input folder when importing
Added "Delete" option from Hash Set Viewer window (right click menu)
Added confirmation message box when deleting a hash set
Added a more descriptive error message when an NSRL import fails due to errors in the file contents (eg invalid product number)
Removed warning message about selecting a non-example / new hash set when importing an NSRL hash set (a new hash set is created by default when importing a NSRL hash set)
Added more prominent highlighting when file is in hash set to highlight Project VIC hash sets
Improved error message when failing to open .OSFHashSet file which is read only
NSRL hash set import, added an error message when an operating system ID doesn't exist (eg corrupt/incomplete dataset). Will now add a dummy "unknown" entry and continue to import.
Added support for highlighting files as "PF_IN_HASHSET_MAJOR" for Category 2 files
Changed "Look up Hash Set" dialog to not close window when user cancels look up.
Install to USB:
Added option to exclude password recovery dictionaries and rainbow tables from USB install
Changed out of space error message to use MB instead of bytes
Added option to include Hash Sets to be exported during install.
Internal Viewer
File Info, added text to indicate if the file does not exist at the location
Added 'Help' link. Moved 'Capture' button and 'Alt Stream' Combo box to the left
Added preservation of 'create' and 'access' times, when available
Fixed contents of certain .rar files not being displayed (RAR5)
CSVReader, fixed a possible crash opening CSV files with individual elements that contain over 512 characters (element will be truncated to 511 characters now)
Hex View, will display file slack space in internal viewer. Can enable/disable in 'Settings'.
Hex View, fixed bug where hex view would not load and return "Unable to open file: File access is denied" when a file failed to open the underlying disk in raw mode (to load slack space). Show Slack Space is not available for resident MFT files or files on devices not added in forensics mode within OSForensics.
Hex View, will extract strings in file slack space if show slack is enabled.
MemViewer:
Added warning if trying to save memory dump to a filesystem that doesn't support the file size of the dump e.g. Over 4GB on FAT32.
Raw Memory Dump, added progress bar and estimated time remaining.
Updated volatility compiled executable to 2.6.1 and volatility workbench to 2.1.1000 to support new profiles for Win 10 builds 17763 and 17134
OSFDevMgr:
Fixed buffer overflow when calling FindFirstFile() on a group device's root directory (eg. "group_device:")
Fixed FindFirstFile() not returning the list of subdevices for a group device's root directory (eg. "group_device:")
Fixed a crash that could occur when a badly formed system path is passed to SplitFilePath
Password Recovery:
Fixed an issue where passwords from the windows credential manager were returned when running using the "scan drive" option when they are only available for the "live acquisition" option
Made some changes so the registry reading code at this point so it is now thread safe and will work better with the auto triage.
Started saving column ordering, visibility and size in OSF config file
Changed LM/NT references from "(disabled)" to "(empty)"
Added ability to add sequential decryption jobs in the Decryption & Password Recovery tab.
40-Bit Encryption, fix for parsing output of 40-bit file.
Windows Login Passwords, updated GUI so list views expand as the size of the main window expands.
Enabled debug logging for run_server.exe when OSF is ran in debug mode. Log can be found in run_server.exe directory while running and then is moved to the OSF documents folder when finished.
Fixed bug that could cause possible memory corruption issue if GPU decryption is enabled.
Fixed bug where checked item count was not being reset if "Acquire password" was clicked again
Prefetch Viewer:
Added all available run times to results list and exports
Raw disk viewer:
Fixed incorrect GPT 'Partition name' in Data Decode window
Added option to select where (beginning, current position, end) to jump from when jumping using bytes or sectors. (Using a negative sign will jump backwards.)
Recent Activity – Renamed to User Activity
User Activity:
Addition of System Resource Usage Monitor (SRUM) database scanning, will display items from the Application Resource Usage, Network Usage, Network Connectivity and Push Notifications database tables.
Made the user activity navigation pane with the Tree view resizable.
Started encoding HTML special characters (eg <>&) in the HTML output for some items when exporting
P2P, Fixed crash when running on Ubuntu drive
Changed "Show empty activity types" checkbox to default to on so empty types are displayed
Windows search is now using the ESEDB viewer to load the windows search database, will sometimes be slower but should be more reliable (no need to repair database using esentutl which would often crash or leave database in a dirty state still).
Installed programs, added date collection using the InstallDate registry value when available and when not available uses the last write date of the registry entry
No longer stopping the windows search service when the windows search optoin is selected for a live system scan
Added new Recycle Bin activity. Will show items in the Recycle Bin (original file path/name and date deleted).
Added the Last-Visited and Open/Save MRU's to the MRU category: NTUSER.DATSoftwareMicrosoftWindowsCurrentVersi onExplorerComDlg32LastVisitedPidlMRU and NTUSER.DATSoftwareMicrosoftWindowsCurrentVersi onExplorerComDlg32OpenSavePIDlMRU
Added the other 7 run time stamps for Prefetch Files (for 8 total).
Fixed bug with non-ascii characters for recent activities that use a sqlite database (mostly browser - chrome, firefox, opera - activities)
Added Event Log Login Types description
Added MRU Adobe Acrobat Reader DC Artifacts
Added Office 16 and Office365 Word, Excel and Powerpoint Artifacts from desktop install
MRU, Fixed crash when parsing Window's XP Registry files for OpenSave and LastVisit MRU
Added subcategories for the various browser artifacts (Firefox, Chrome, Edge, IE, etc)
Added checkmarks besides each artifact category. Users can then deselect any artifacts they don’t want without going into the config settings.
Added +/- expand collapse for artifacts that have subcategories.
Add subcategories for Windows Event Logs (OAlerts, System, Security, Application, etc.)
Fixed bug where the number of checked items links was not being shown in the File List Tab.
Added VLC artifacts for Windows and OSX/Mac
Added Windows Media Player Last played and folders artifacts
Opera, fixed opera version being read incorrectly for new versions of opera
Opera, fixed bug stopping opera password data being read correctly
Fixed an issue seen where no Chrome information could be retrieved when doing a live scan due to not being able to get the current windows user/profile/known folders
Registry Viewer:
Unknown value data types will be shown as hex data by default (previously the data was not displayed at all. Useful for looking at Windows Store App's settings.dat file which are special registry hive with non documented value data types).
System Information:
Removed "Get" from the Registry Commands.
Get User Info (Registry), fixed an issue where user accounts could display "Account disabled" incorrectly
Changed error message slightly when only live acquisition tasks are in selected list when a drive letter is chosen instead of live acquisition
Added a quick search box to search the text of the current result tab.
Added full name, description and password hint to “Get user information (Registry)” output
Fix to process "Enter" key notification while using the Find Text Control.
Thumbnail View:
Items found in hash set are now entirely highlighted (not just text)
Web Browser:
Updated video download script to support recent changes at Youtube which broke video download feature.
Misc:
Consolidated Red/Green/Yellow bookmarks into single generic bookmark
Renamed 'bookmarks' to 'tags'
Added 'tag' icon to replace previous 'flag' icon
Made some changes so OSF will start as the top most window (sometimes it would start in the background)
Updated help file:
Fixed bug with unable to access Case devices as underlying drives. This caused problems reading from Bitlocker-encrypted drives
Added ClearFileSystemCache_direct() function to clear the file system cache (for live disks). Previously changes in the live file system where not reflected in File System Browser due to caching.
Updated 7zip DLL
Better reporting of SQL errors with hashset databases
Fix for bug with scroll bars in Compare Signature and Browse Index
New logging engine when using DEBUGMODE. Has more detail and has less overhead.
Changed warning message to be less severe when registry SAM permissions need changing on live system (for recent activity and password recovery)
[close]
http://www.osforensics.com/
Arbeits.- Testrechner
:
Intel® Core™ i7-6700 (4 x 3.40 GHz / 4.00 GHz)
16 GB (2 x 8 GB) DDR4 SDRAM 2133 MHz
250 GB SSD Samsung 750 EVO / 1 TB HDD
ZOTAC Geforce GTX 1080TI AMPExtreme Core Edition 11GB GDDR5
MSI Z170A PC Mate Mainboard
DVD-Brenner Laufwerk
Microsoft Windows 10 Home 64Bit
TT S2 3200 ( BDA Treiber 5.0.1.8 ) + Terratec Cinergy 1200 C ( BDA Treiber 4.8.3.1.8 )
SiLæncer
Cheff-Cubie
Beiträge: 191383
Ohne Input kein Output
Autopsy 4.12.0
«
Antwort #79 am:
06 August, 2019, 21:30 »
Changelog
New Features:
Initial logical imager feature
Changed file type detection so that Tika does not rely only on extension.
Communications:
Emails are threaded
Added Account Summary view
Added Contacts panel to show all contacts associated with an account.
Added Media panel to show media attachments associated with an account
Added filter to show accounts if they involved with the most recent messages.
Added ability to draw a box on a picture while tagging it.
Improved speed of displaying results when a column was sorted.
Portable cases can contain files marked as Interesting Items and be compressed.
New “Text” viewer that consolidates previous Strings and “Indexed Text” viewers.
New “Translation” panel with integrations for Google and Bing (credentials required)
Added Willi Ballentin’s “Registry Hive Viewer” panel to the “Application” viewer.
Improved HTML viewer to use style sheets and better layout.
Added paging to all views for faster loading of large data sets.
[close]
http://www.sleuthkit.org/autopsy
Arbeits.- Testrechner
:
Intel® Core™ i7-6700 (4 x 3.40 GHz / 4.00 GHz)
16 GB (2 x 8 GB) DDR4 SDRAM 2133 MHz
250 GB SSD Samsung 750 EVO / 1 TB HDD
ZOTAC Geforce GTX 1080TI AMPExtreme Core Edition 11GB GDDR5
MSI Z170A PC Mate Mainboard
DVD-Brenner Laufwerk
Microsoft Windows 10 Home 64Bit
TT S2 3200 ( BDA Treiber 5.0.1.8 ) + Terratec Cinergy 1200 C ( BDA Treiber 4.8.3.1.8 )
SiLæncer
Cheff-Cubie
Beiträge: 191383
Ohne Input kein Output
OSForensics 7.0.1001
«
Antwort #80 am:
13 August, 2019, 10:00 »
Changelog
Create/Search Index
Fixed file extension count at end of summary. Previously the count of files indexed, per file type, wasn't always accurate when files where found in container files, like ZIP and CHM files.
Fixed crash bug in Create Index Log window stack corruption, when there was very long lines in the log.
Fixed bug in "Search Index" stopping search prematurely, not returning the full set of search results for large datasets
Create Signature
Support for counting NTFS hard links for OSF devices using direct access. This avoids double counting of hard linked files.
Deleted Files
Apply Filter button will be enabled as long as MFT has been scanned even if Search was cancelled during carving (a warning message will be visible that results are incomplete).
File viewer
Fixed crash that could occur when rebuilding thumbnails (triggered by using an "Open file location" right click menu item in recent activity items)
User Activity
Rewrote export to CSV function to export data as seen in each item's list rather than trying to have each item match a preformatted output. The new CSV file will have a section for each item type with a heading row and will be separated with a blank line (eg MRU item headings, MRU items, blank line, USB item headings, usb items etc). This means a lot more data will now be exported to CSV.
USB, Fixed parsing of Unknown USB device in registry
USB, Added parsing of "Properties\\{83DA6326-97A6-4088-9453-A1923F573B29}" registry key to determine USB first installed, last connected, and removal times
USB, Added parsing of Microsoft-Windows-Partition/Diagnostic.evtx event log for USB connection/disconnection events
USB, Added parsing of archived setupapi.dev.xxxxxxxx_xxxxxx.log
USB, Added scanning of SYSTEM\CurrentControlSet\Enum\SCSI for USB connected SCSI disks
Added scanning for files in "Downloads" folder and scanning drive for "Zone.Identifier" alternate stream and reading the "ReferrerUrl" and "HostUrl" fields. This can help identify files that were downloaded but moved to a new folder.
Shellbags, started processing some more item types to retrieve more information when available
Shellbags, fixed a bug where the top level of the disk path wasn't being cleared correctly in some cases when recursively processing the ShellBagMRU leading to malformed disk path such as Desktop\A:\B\C:\ instead of Desktop\C:\
Windows search, fixed a crash that could occur in some older versions of the windows.edb database
Windows search, stopped directory entries from being filtered out automatically, will now be displayed in the "directory" sub type
Misc
Reduced program start-up time by deferring window initialization for each module to when they are first opened. OSF should launch around 3x quicker now.
Fixed default drive not set properly on startup
Fixed handling split image files, where the number of split file parts was > 1000 (.999 -> .1000 or .999 -> .A00). It really doesn't make sense to create split files with this many parts, but someone did it.
[close]
http://www.osforensics.com/
Arbeits.- Testrechner
:
Intel® Core™ i7-6700 (4 x 3.40 GHz / 4.00 GHz)
16 GB (2 x 8 GB) DDR4 SDRAM 2133 MHz
250 GB SSD Samsung 750 EVO / 1 TB HDD
ZOTAC Geforce GTX 1080TI AMPExtreme Core Edition 11GB GDDR5
MSI Z170A PC Mate Mainboard
DVD-Brenner Laufwerk
Microsoft Windows 10 Home 64Bit
TT S2 3200 ( BDA Treiber 5.0.1.8 ) + Terratec Cinergy 1200 C ( BDA Treiber 4.8.3.1.8 )
SiLæncer
Cheff-Cubie
Beiträge: 191383
Ohne Input kein Output
OSForensics 7.0.1002
«
Antwort #81 am:
15 August, 2019, 12:00 »
Whats new:>>
Create/Search Index
Fixed error reporting when indexer run out of memory, max pages exceeded or max words exceeded.
Misc
Fixed a performance issue with direct access of hard drives / images from OSForensics. This was particularly apparent when looking up multiple results from a file search in a hash set or when creating a search index.
http://www.osforensics.com/
Arbeits.- Testrechner
:
Intel® Core™ i7-6700 (4 x 3.40 GHz / 4.00 GHz)
16 GB (2 x 8 GB) DDR4 SDRAM 2133 MHz
250 GB SSD Samsung 750 EVO / 1 TB HDD
ZOTAC Geforce GTX 1080TI AMPExtreme Core Edition 11GB GDDR5
MSI Z170A PC Mate Mainboard
DVD-Brenner Laufwerk
Microsoft Windows 10 Home 64Bit
TT S2 3200 ( BDA Treiber 5.0.1.8 ) + Terratec Cinergy 1200 C ( BDA Treiber 4.8.3.1.8 )
SiLæncer
Cheff-Cubie
Beiträge: 191383
Ohne Input kein Output
OSForensics 7.0.1003
«
Antwort #82 am:
23 August, 2019, 19:00 »
Changelog
Case Logging:
Only the first 100 characters of the case narrative will be written to the case log entry.
Fixed bug. If Case Logging is enabled and a new log text entry was greater than 65536 characters, it could lead to crash and/or corrupt the log file. If entry is larger than allowed, the log entry (not actual contents) will now be truncated to fit.
Create/Search Index:
Added feature to increase Create Index threads up to 20 maximum
Changed default indexing threads to 4 (based on benchmark results)
Deleted Files:
File Carving bug fix, some non-threadsafe functions could cause a crash during file carving due to multiple threads running at the same time which has now been fixed.
Registry Viewer:
Fixed issue with RegViewer displaying incorrect data for "Big Data" entries (were data was over 16KB for a single key).
User Activity:
Added MuiCache to "Installed Programs" artifact list. NOTE: working for live acquisition only currently.
Added new artifact type “Shim Cache”
[close]
http://www.osforensics.com/
Arbeits.- Testrechner
:
Intel® Core™ i7-6700 (4 x 3.40 GHz / 4.00 GHz)
16 GB (2 x 8 GB) DDR4 SDRAM 2133 MHz
250 GB SSD Samsung 750 EVO / 1 TB HDD
ZOTAC Geforce GTX 1080TI AMPExtreme Core Edition 11GB GDDR5
MSI Z170A PC Mate Mainboard
DVD-Brenner Laufwerk
Microsoft Windows 10 Home 64Bit
TT S2 3200 ( BDA Treiber 5.0.1.8 ) + Terratec Cinergy 1200 C ( BDA Treiber 4.8.3.1.8 )
SiLæncer
Cheff-Cubie
Beiträge: 191383
Ohne Input kein Output
OSForensics 7.0.1004
«
Antwort #83 am:
24 September, 2019, 09:11 »
Changelog
NEW Clipboard Viewer
Added clipboard viewer to view current, historical clipboard items (where available) and pinned items
NEW AmCache Viewer
Added AmCache viewer
Auto triage
Added option to collect clipboard contents
Boot Virtual Machine
Fixed unable to boot disk image located on network
Added debug logging when querying mounted disks
Case Manager
Added export clipboard contents to report
Partitions encrypted with Bitlocker now shows "Bitlocker" instead of "Empty"
Create Index
New indexer builds, fixed thread safety bugs with DOCX, PPTX, XLSX indexing with timing issues causing occasional "cannot open file" error on files when multiple threads are in use.
Disk Image and Filesystem Support
Added support for the Stream Optimized sub-format for VMDK images
Fixed possible crash when accessing invalid cache entries for for Linux EXT drives
Added detection of sector size when reading GPT header rather than using default 512 bytes. 4K native (4Kn) sector sizes should now be detected for disk images. This resolves an issue where partition were not being detected in some E01 images. Background info: Since about 2012 most hard drives use 4K physical sectors, but nearly universally implemented 512 byte enumlation (512e). There are a tiny number of enterprise drives that are native 4K however without emulation. OSF now supports this 4Kn format.
Deleted Files
Fixed Crash when OSF Terminates and the background Deleted Files cache thread is still processing items.
Prefetch Viewer (Program Artifacts)
Renamed Prefetch Viewer on Start page to Program Artifacts and changed icon.
Registry Viewer
Internal viewer should now handle large LI/RI Key Types. Should help open some registry files and display previously missing keys.
Fixed crash when decrypting Windows Passwords (Key ClassName value was incorrect)
User Activity
Added clipboard item collection
Shimcache, fixed issue with Shimcache not showing details under File List tab and also when exporting to CSV, HTML, TXT.
Added MuiCache to "Installed Programs" artifact list for non-live acq (i.e. drive images).
Installed Programs , added programs and drivers found in AmCache.hve. (Initial support AmCache format of Windows 10 V1607 and up).
Added right-click option to open system event viewer for event records, fixed double-click/right-click options for other activity types
Fixed bug in MRU recent items file paths
Support adding files from Downloads, Jump List, Recycle Bin, Shim Cache to Case
Updates for adding items to Case and for tagging items
Added some extra error message details if a shadow copy of a locked system file fails
[close]
http://www.osforensics.com/
Arbeits.- Testrechner
:
Intel® Core™ i7-6700 (4 x 3.40 GHz / 4.00 GHz)
16 GB (2 x 8 GB) DDR4 SDRAM 2133 MHz
250 GB SSD Samsung 750 EVO / 1 TB HDD
ZOTAC Geforce GTX 1080TI AMPExtreme Core Edition 11GB GDDR5
MSI Z170A PC Mate Mainboard
DVD-Brenner Laufwerk
Microsoft Windows 10 Home 64Bit
TT S2 3200 ( BDA Treiber 5.0.1.8 ) + Terratec Cinergy 1200 C ( BDA Treiber 4.8.3.1.8 )
SiLæncer
Cheff-Cubie
Beiträge: 191383
Ohne Input kein Output
OSForensics 7.0.1005
«
Antwort #84 am:
10 Oktober, 2019, 12:16 »
Changelog
Boot VM:
Added option to select disk controller. If "Auto" is selected, IDE is used for Windows XP and SATA otherwise. Should improve performance for non-XP images.
Disk Image and Filesystem Support:
Initial support for ISO images.
ESEDB Viewer:
Added detection of MAPI property hex in column header. If so, display the property identifier string
Highlight known tables and display default columns for Win 10 Mail store.vol
Memory Viewer:
Added checkboxes to list of processes
Added export of checked process details to CSV & case
Added export of list of checked process to CSV & case
Added link displaying number of checked processes
Fixed task activity LED not clearing after dumping process memory
Added right-click menu for checked items
Export checked processes memory dump to disk & case
Added right-click menu option to dump checked process memory into single file
Mismatch Search:
Fixed "Identified Type" column header displaying as "Location"
Registry Viewer:
Initial implementation of exporting SAM/SOFTWARE registry hive reports
Initial implementation of exporting SYSTEM/NTUSER.dat registry hive reports
Start Window:
Fixed icon groups re-ordering when changing workflow
User activity:
CSV export of checked items. Behaviour now matches export to text/html where if the ALL items view is currently selected it will export all checked items, but when viewing a specific item type only checked items of that item type are exported.
CSV export, fixed a bug preventing the recycle bin items from being exported correctly.
Fixed an issue with the column sorting when sorting by integer value (eg filesize) for Recycle bin, event, jumplist and shim cache items.
$UsnJrnl viewer:
Changed to detection of MFT record size rather than using hardcoded 1024 bytes
Added additional debug logging when scanning MFT records
[close]
http://www.osforensics.com/
Arbeits.- Testrechner
:
Intel® Core™ i7-6700 (4 x 3.40 GHz / 4.00 GHz)
16 GB (2 x 8 GB) DDR4 SDRAM 2133 MHz
250 GB SSD Samsung 750 EVO / 1 TB HDD
ZOTAC Geforce GTX 1080TI AMPExtreme Core Edition 11GB GDDR5
MSI Z170A PC Mate Mainboard
DVD-Brenner Laufwerk
Microsoft Windows 10 Home 64Bit
TT S2 3200 ( BDA Treiber 5.0.1.8 ) + Terratec Cinergy 1200 C ( BDA Treiber 4.8.3.1.8 )
SiLæncer
Cheff-Cubie
Beiträge: 191383
Ohne Input kein Output
Autopsy 4.13.0
«
Antwort #85 am:
15 Oktober, 2019, 12:00 »
Changelog
General:
Switch from Oracle JDK to OpenJDK.
Full command line support (case creation, adding of data sources, running ingest, and generating reports).
Logical Imager:
Output can be individual files instead of VHD image (uses less space).
More fine grained progress during collection and importing.
Log of files and make artifacts.
All console messages are saved to a log file too.
Improved handling of cancellation when adding results into a case.
Ingest Modules:
Added Android support as Python modules for: Android installed apps, Android browser, Facebook Messenger, IMO, LINE, Opera, ORUX Maps, Samsung SBrowser, Skype, ShareIt, TextNow, Viber, WhatsApp, Xender, Zapya.
Recycle Bin files are parsed in Recent Activity module, new artifacts are created, and deleted file entries are created at the original location of the deleted files. Code is based on Mark McKinnon’s RecycleBin module (
https://github.com/markmckinnon/Autopsy-Plugins/tree/master/Recycle_Bin
).
ShellBag registry data is extracted from RegRipper in the Recent Activity module. New artifacts are recreated for the data. Based on Mark McKinnon’s “Parse ShellBags” module (
https://github.com/markmckinnon/Autopsy-Plugins/tree/master/Parse_Shellbags
).
Additional data is extracted about users from SAM hive in Recent Activity module. Data includes password dates, permissions, groups, and full name. Based on Mark McKinnon’s “Parse SAM” module (
https://github.com/markmckinnon/Autopsy-Plugins/tree/master/Parse_SAM
).
Email ingest module parses EML files. Based on Mark McKinnon’s “EML Parser” module (
https://github.com/markmckinnon/Autopsy-Plugins/tree/master/EML_Parser
).
Fixed bug in MBOX module that caused attachments to have a “_” in the name.
New Plaso ingest module that runs Plaso and generates events for the timeline.
Fixed bug in Email module for VCard files to better parse phone number types.
Keyword Search module waits longer for Solr to start to prevent incorrectly reporting a problem and disabling the feature.
Embedded file extractor module was updated to not report compression bombs for GZIP files.
Timeline:
New approach for storing event data. A dedicated events table exists and is populated as files and artifacts are added to the database. No longer requires an explicit step of populating a local events table.
Users can create their own events from the Timeline UI.
Filtering was simplified based or existence of tag or hash set hit versus a specific name.
Communications:
Fixed bug that hid contact book entries with duplicate numbers.
Image Gallery:
Fixed bug in schema that caused errors with very long file names.
Report:
CASE report is included in a portable case.
Image tags are included in portable case.
More size options for a packaged portable case.
New Infrastructure to support command line-based generation.
Backend:
Developers should use new new Blackboard.postArtifact() method to ensure artifact is indexed and added to the timeline.
New classes were created to make it easier to write modules for apps.
[close]
http://www.sleuthkit.org/autopsy
Arbeits.- Testrechner
:
Intel® Core™ i7-6700 (4 x 3.40 GHz / 4.00 GHz)
16 GB (2 x 8 GB) DDR4 SDRAM 2133 MHz
250 GB SSD Samsung 750 EVO / 1 TB HDD
ZOTAC Geforce GTX 1080TI AMPExtreme Core Edition 11GB GDDR5
MSI Z170A PC Mate Mainboard
DVD-Brenner Laufwerk
Microsoft Windows 10 Home 64Bit
TT S2 3200 ( BDA Treiber 5.0.1.8 ) + Terratec Cinergy 1200 C ( BDA Treiber 4.8.3.1.8 )
SiLæncer
Cheff-Cubie
Beiträge: 191383
Ohne Input kein Output
OSForensics 7.1.1000
«
Antwort #86 am:
19 November, 2019, 12:26 »
Changelog
NEW Event Log Viewer:
New viewer to display windows event log files. Open logs in E01 images, filter logs, add log entries to the case, etc..
Android Logical Copy:
At completion, log will show the count of files copied by file extension.
Case Manager:
Fixed empty partitions being displayed in drop down list when adding physical drives to case
Minor fix for BitLocker encrypted volume detection
Clipboard viewer:
Added some checks when ComBase.dll functions are being called that they exist to prevent a possible crash in Win7 when attempting to collect extended clipboard data
Create/Search Index:
New indexer build that adds XFS file system support
Updated indexer fixed bug with search results from email attachments of ZIP files appearing under the Files tab instead of
Email attachments:
Added 'Export Search Results to CSV' feature on the 'History' tab, which allows user to export results from multiple search queries and multiple indexes at once.
Debug mode - (Start Window):
Added 'Restart OSF in Debug Mode' icon under 'Housekeeping' to restart OSF with 'DEBUGMODE' parameter set
ESEDB Viewer:
Updated libesedb library to libesedb-20181229
Fixed major performance issue with very large ESEDB files (4GB+). Achieved roughly 40x speed improvement. Previously large files would be so slow to process that User Activity module looked like it had locked up. This should resolve this issue
File system support:
Added support for Linux XFS file system
Logical Imaging:
Fixed bug where root paths added from "Other Available Devices" were not being copied.
Registry Viewer:
Added right-click menu for exporting report to disk/case
User activity:
Added a new option in the config "Moved Downloads (Slow)" to control weather the drive is scanned for downloads that have been moved (Zone.Identifier streams), this is now off by default as it can be a slow process
Replaced Jetblue API use with ESEDB library (libesedb) use when getting EDGE/IE10 history
Added some more status messages for registry and browser processes
Fixed sorting of columns for SRUM DB information
Misc:
Physical drive scanning for partitions at startup was updated so that OSF startup speed should be quicker and use less RAM.
Fixed a bug in the disk partition detection code, it was not thread safe when running in debug mode, which could result in a rare crash at startup
Help file updates
[close]
http://www.osforensics.com/
Arbeits.- Testrechner
:
Intel® Core™ i7-6700 (4 x 3.40 GHz / 4.00 GHz)
16 GB (2 x 8 GB) DDR4 SDRAM 2133 MHz
250 GB SSD Samsung 750 EVO / 1 TB HDD
ZOTAC Geforce GTX 1080TI AMPExtreme Core Edition 11GB GDDR5
MSI Z170A PC Mate Mainboard
DVD-Brenner Laufwerk
Microsoft Windows 10 Home 64Bit
TT S2 3200 ( BDA Treiber 5.0.1.8 ) + Terratec Cinergy 1200 C ( BDA Treiber 4.8.3.1.8 )
SiLæncer
Cheff-Cubie
Beiträge: 191383
Ohne Input kein Output
OSForensics 7.1.1001
«
Antwort #87 am:
02 Dezember, 2019, 12:27 »
Changelog
Create / Search Index:
Fixed bug with Custom limit for Max File Size and Max Pages not applying when creating an index
Added ability to "Display Search Results" for multiple selected items in the "History" tab
Added "Path hash" column for "Export Search Results to CSV" to locate files that have been added to case (and stored in the "Files" folder)
Disk Imaging:
Read/Write/Hash threads now use their own I/O buffers to prevent memory access errors when a disk timeout occurs. This typically only happens when disk has a hardware fault. But it could result in a crash when it does happen.
ESEDB Viewer:
Fixed possible crash when loading a table in the ESEDB viewer
Event Log Viewer:
Reorganized elements in the main dialog and top menu.
Updated filter options in the Advanced Filter.
Added tree-view right-click menu.
Added Presets combo box for quick filtering. The user can also add their own preset filters by editing the test file, ProgramDataPassMarkOSForensicsEventLogPresets.txt
Updated list-view item selection to allow multiple item selection using mouse drag and right click menu Toggle Check to select them.
Internal viewer:
Metadata, Improved UI responsiveness by launching metadata collection process in a seperate thread.
Fixed bug in loading NTFS alternate streams when there is no file list
Raw disk viewer:
Added file system scanning for Linux XFS disks. XFS files, directories, and internal structures should be identified and highlighted.
Fixed bug in partition size for XFS disks
User Activity:
Allowed tagging of activity items that are not file paths (eg. registry keys, URLs, DB records, etc.)
Added an option in the list-view right-click menu for Event Log to allow users to open Event Log Viewer and locate the selected event.
Added 'Flags' column to identify 'tagged' items
Fixed Ctrl+T shortcut not working
Fixed memory allocation error due to invalid jump list entries
Fixed Web Browser tab not being highlighted when opening URL
Improved options to export to CSV and copy to clipboard from SRUM Database entries
[close]
http://www.osforensics.com/
Arbeits.- Testrechner
:
Intel® Core™ i7-6700 (4 x 3.40 GHz / 4.00 GHz)
16 GB (2 x 8 GB) DDR4 SDRAM 2133 MHz
250 GB SSD Samsung 750 EVO / 1 TB HDD
ZOTAC Geforce GTX 1080TI AMPExtreme Core Edition 11GB GDDR5
MSI Z170A PC Mate Mainboard
DVD-Brenner Laufwerk
Microsoft Windows 10 Home 64Bit
TT S2 3200 ( BDA Treiber 5.0.1.8 ) + Terratec Cinergy 1200 C ( BDA Treiber 4.8.3.1.8 )
SiLæncer
Cheff-Cubie
Beiträge: 191383
Ohne Input kein Output
OSForensics 7.1.1002
«
Antwort #88 am:
06 Dezember, 2019, 12:24 »
Changelog
Android Logical Copy:
Fixed possible crash due to corrupted stack
Event Log Viewer:
Added Scan Folder button, this allow multiple event logs to be added to the viewer even when the event logs are found in a non-standard folder
Added ability to add and delete multiple drives and folders in tree-view. Previously only files from one drive at a time could be added.
Changed presets filtering configuration file, allowing more complicated filter conditions. Also added some additional preset fitlers
Added a must "Not Contain" option to the event log filter conditions.
User Activity:
Results can now be sorted by tagged state by clicking on the "Flags" column
Fixed crash when sorting by column that we accidentally introduced in last patch, opps.
Added filtering of results by "Flags"
USB, Opening USB device entries obtained from setupapi.dev.log or event log now opens the correct viewer
WLN, Opening WLAN entries obtained from .xml file now opens the correct viewer
Fixed right-click menu for USB/WLAN activity
Fixed a crash that could occur if a scanned ESEDB database was corrupt. Seems to be rare as we have only
[close]
http://www.osforensics.com/
Arbeits.- Testrechner
:
Intel® Core™ i7-6700 (4 x 3.40 GHz / 4.00 GHz)
16 GB (2 x 8 GB) DDR4 SDRAM 2133 MHz
250 GB SSD Samsung 750 EVO / 1 TB HDD
ZOTAC Geforce GTX 1080TI AMPExtreme Core Edition 11GB GDDR5
MSI Z170A PC Mate Mainboard
DVD-Brenner Laufwerk
Microsoft Windows 10 Home 64Bit
TT S2 3200 ( BDA Treiber 5.0.1.8 ) + Terratec Cinergy 1200 C ( BDA Treiber 4.8.3.1.8 )
SiLæncer
Cheff-Cubie
Beiträge: 191383
Ohne Input kein Output
OSForensics 7.1.1003
«
Antwort #89 am:
17 Dezember, 2019, 06:00 »
Changelog
Create Index/Search Index
Fixed bugs with indexing and searching large indexes containing more than 2million unique words. Also improved error reporting.
Indexer now reports number of threads in log
Added debug mode for OSFIndexer
File System Browser
Fixed jumping to disk offset when selected disk in raw disk viewer does not match
Logical Imaging
Fixed copying sparse files, were not being set as sparse on destination (if filesystem supports it)
Raw disk viewer
Support for jumping to XFS inode record
Support for jumping to ext[2|3|4] inode record
Added file system scanning for APFS disks. APFS files should be identified and highlighted.
Added jump to APFS file offset
SQLite Viewer
Fixed "begins with" and "end with" query strings generating reversed queries
Start Window
Added "Check for Updates" icon under "Help and Information" for checking the most up-to-date OSF version
User Activity
Warn user if contents copied to clipboard exceeded limit and will be truncated.
Misc
Fixed disk dropdown box incorrectly display "Unknown/Empty partition" for all case devices
[close]
http://www.osforensics.com/
Arbeits.- Testrechner
:
Intel® Core™ i7-6700 (4 x 3.40 GHz / 4.00 GHz)
16 GB (2 x 8 GB) DDR4 SDRAM 2133 MHz
250 GB SSD Samsung 750 EVO / 1 TB HDD
ZOTAC Geforce GTX 1080TI AMPExtreme Core Edition 11GB GDDR5
MSI Z170A PC Mate Mainboard
DVD-Brenner Laufwerk
Microsoft Windows 10 Home 64Bit
TT S2 3200 ( BDA Treiber 5.0.1.8 ) + Terratec Cinergy 1200 C ( BDA Treiber 4.8.3.1.8 )
Drucken
Seiten:
1
2
3
4
5
[
6
]
7
8
9
10
11
12
Nach oben
« vorheriges
nächstes »
DVB-Cube <<< Das deutsche PC und DVB-Forum >>>
»
PC-Ecke
»
# Security Center
»
Software (PC-Sicherheit)
»
Thema:
Forensic Software diverses