Autopsy 4.15 releases: Open source forensics tool

Autopsy is a digital forensics platform and graphical interface to The Sleuth Kit® and other digital forensics tools. It can be used by law enforcement, military, and corporate examiners to investigate what happened on a computer. You can even use it to recover photos from your camera’s memory card.

Support for Windows 32-bit and 64-bit operating system, the same support for Linux and OSX (download the source code, compile their own).

Feature

• Multi-User Cases: Collaborate with fellow examiners on large cases.
• Timeline Analysis: Displays system events in a graphical interface to help identify activity.
• Keyword Search: Text extraction and index searched modules enable you to find files that mention specific terms and find regular expression patterns.
• Web Artifacts: Extracts web activity from common browsers to help identify user activity.
• Registry Analysis: Uses RegRipper to identify recently accessed documents and USB devices.
• LNK File Analysis: Identifies shortcuts and accessed documents
• Email Analysis: Parses MBOX format messages, such as Thunderbird.
• EXIF: Extracts geolocation and camera information from JPEG files.
• File Type Sorting: Group files by their type to find all images or documents.
• Media Playback: View videos and images in the application and not require an external viewer.
• Thumbnail viewer: Displays thumbnail of images to help quick view pictures.
• Robust File System Analysis: Support for common file systems, including NTFS, FAT12/FAT16/FAT32/ExFAT, HFS+, ISO9660 (CD-ROM), Ext2/Ext3/Ext4, Yaffs2, and UFS from The Sleuth Kit.
• Hash Set Filtering: Filter out known good files using NSRL and flag known bad files using custom hashsets in HashKeeper, md5sum, and EnCase formats.
• Tags: Tag files with arbitrary tag names, such as ‘bookmark’ or ‘suspicious’, and add comments.
• Unicode Strings Extraction: Extracts strings from unallocated space and unknown file types in many languages (Arabic, Chinese, Japanese, etc.).
• File Type Detection based on signatures and extension mismatch detection.
• Interesting Files Module will flag files and folders based on name and path.
• Android Support: Extracts data from SMS, call logs, contacts, Tango, Words with Friends, and more.

Changelog 4.15

New UI Features:

• Added Document view to File Discovery.
• Expanded Context Content Viewer to show if an app accessed a file.
• Added translation feature to Message Content Viewer.
• Added waypoint type filter to the Geolocation viewer.
• Added zoom feature to Indexed Text Content Viewer.

New Ingest Modules Features:

• New GPX ingest module.
• New Drone ingest module for DJI drones based on DatCon.
• Create artifacts for files opened by Adobe Reader, Windows Media Player, Office Docs (Most Recently Used (MRU) and TrustRecords), 7Zip MRU, WinRAR MRU, Applets, Microsoft Management Console (MMC) via RegRipper.

New Central Repository Features:

• Central Repository stores account IDs that were previously seen.
• Central Repository is enabled by default to store past hashes. Feature to flag previously seen files is disabled by default.

Other New Features:

• Multi-user cases can be created via command line

Bug fixes:

• Prevent entire application from crashing when gstreamer crashes on videos.
• Improve Geolocation viewer with large data sets.
• Fix error with non-sector aligned reads on local disks.
• Times from Recycle Bin files are now in timeline.
• Validate timeline events and ignore events too far in the future.
• Moved some database queries off of UI thread.
• Remove hard coded sizes from UI that cause issues with other languages.

Download

Copyright © 2003-2017 Brian Carrier

Source: https://github.com/sleuthkit/