Nytro Posted February 6, 2013 Report Posted February 6, 2013 [h=1]Sleuth Kit 4.0.2![/h]by Mayuresh on February 6, 2013Two days ago, The Sleuth Kit was updated! We now have The Sleuth Kit version 4.0.2. Our first post about The Sleuth Kit or TSK can be found here. This release has bug fixes and some new minor features.“The Sleuth Kit (TSK) is a library and collection of command line tools that allow you to investigate volume and file system data. It is a collection of open source file system forensics tools that allow one to view allocated and deleted data from NTFS, FAT, FFS, and EXT2FS images. The Autopsy Forensic Browser provides a graphical interface to The Sleuth Kit. The Sleuth Kit is an open source forensic toolkit for analyzing Microsoft and UNIX file systems and disks. The Sleuth Kit enables investigators to identify and recover evidence from images acquired during incident response or from live systems. The Sleuth Kit is open source, which allows investigators to verify the actions of the tool or customize it to specific needs.“[h=2]Official change log for The Sleuth Kit:[/h] New Features in Core:fiwalk is now included. Bug Fixes in Core:Fixed fcat to work on NTFS files (still doesn’t support ADS though).Fixed HFS+ support in tsk_loaddb / SQLite — root directory was not added.NTFS code now looks at all MFT entries when listing directory contents. It used to only look at unallocated entries for orphan files. This fixes an image that had allocated files missing from the directory b-tree.NTFS code uses sequence number when searching MFT entries for all files.Libewf detection code change to support v2 API more reliably (ID: 3596212).NTFS $SII code could crash in rare cases if $SDS was multiple of block size. Framework:Added new API to TskImgDB that returns the base name of an image.Numerous performance improvements to framework.Removed requirement in framework to specify module extension in pipeline configuration file.Added blackboard artifacts to represent both operating system and network service user accounts. Java Bindings:More methods to query filesMethods to get current directory when being added to DB.Modified class structure a bitMore lazy loading for children / parents.Better exception throwing from C++ [h=3]Download The Sleuth Kit:[/h] The Sleuth Kit 4.0.2 – sleuthkit-win32-4.0.2.zip/sleuthkit-framework-win32-4.0.2.zip/sleuthkit-4.0.2.tar.gzSursa: The Sleuth Kit 4.0.2! — PenTestIT Quote
