Changelog for
sleuthkit-devel-4.1.0-36.1.i586.rpm :
Sat Jun 22 14:00:00 2013 Greg.FreemyerAATTgmail.com
- this upgrade breaks most packages that build against sleuthkit-devel
- upgrade to 4.1.0
* New Features in Core:
Added YAFFS2 support (patch from viaForensics).
Added Ext4 support (patch from kfairbanks)
* Framework:
Added Linux and MAC support.
Added L01 support.
Added APIs to find files by name, path and extension.
Removed deprecated TskFile::getAttributes methods.
moved code around for AutoBuild tool support.
* Java Bindings:
added DerivedFile datamodel support
added a public method to Content to add ability to close() its tsk handle before the object is gc\'d
added faster skip() and random seek support to ReadContentInputStream
refactored datamodel by pushing common methods up to AbstractFile
fixed minor memory leaks
improved regression testing framework for java bindings datamodel
* -devel
proper soname handling requires fixes in packages linking to libtsk
/usr/include/tsk3 renamed /usr/include/tsk
libtsk3-9.so renamed libtsk-10.so due to proper soname handling
other include file changes
- rm fiwalk patch, now in upstream
- add crc.c patch, now in upstream git repo
- sortr renamed sorter by upstream
- upstream improved soname handling, reflect improvements
- add the java bindings to sleuthkit-devel (Packaging not well tested)
- resolves BNC#815061
Sun Mar 3 13:00:00 2013 Greg.FreemyerAATTgmail.com
- Add obsoletes statement for fiwalk
- add patch to support \"fiwalk -m\"
Wed Feb 13 13:00:00 2013 hpjAATTurpla.net
- Version 4.0.2
New Features in Core:
fiwalk is now included.
Bug Fixes in Core:
Fixed fcat to work on NTFS files (still doesn\'t support ADS though).
Fixed HFS+ support in tsk_loaddb / SQLite -- root directory was not added.
NTFS code now looks at all MFT entries when listing directory contents. It used to only look at unallocated entries for orphan files. This fixes an image that had allocated files missing from the directory b-tree.
NTFS code uses sequence number when searching MFT entries for all files.
Libewf detection code change to support v2 API more reliably (ID: 3596212).
NTFS $SII code could crash in rare cases if $SDS was multiple of block size.
Framework:
Added new API to TskImgDB that returns the base name of an image.
Numerous performance improvements to framework.
Removed requirement in framework to specify module extension in pipeline configuration file.
Added blackboard artifacts to represent both operating system and network service user accounts.
Java Bindings
More methods to query files
Methods to get current directory when being added to DB.
Modified class structure a bit
More lazy loading for children / parents.
Better exception throwing from C++
- Version 4.0.1
New Features:
More DOS partition types are displayed.
Added fcat tool that takes in file name and exports content (equivalent to using ifind and icat together).
performance improvements with FAT code (maps and dir_add)
performance improvements with NTFS code (maps)
added AONLY flag to block_walk
Updated blkls and blkcalc to use AONLY flag -- MUCH faster.
Bug Fixes:
Fixed mactime issue where it could choose the wrong timezone that did not follow daylight savings times.
Fixed file size of alternate data streams in framework.
Incorporated memory leak fixes and raw device fixes from ADF Solutions.
Tue Oct 2 14:00:00 2012 Greg.FreemyerAATTgmail.com
- Version 4.0.0
- general release of the 4.0.0b1 beta release
- only tested by upstream in windows
Thu Sep 6 14:00:00 2012 Greg.FreemyerAATTgmail.com
- Version 4.0.0b1
- Builds with libewf-20120813 (libewf v2)
- drop sleuthkit-gcc47.patch: upstreamed
4.0.0b1 has a lot of new features, including:
. Framework with first set of basic modules (hash calculation, hash lookup, entropy calculation, RegRipper, ZIP file extraction, extraction via name signatures, etc.) -- Windows-only
. Multithreaded support
. C++ wrapper classes
. JNI bindings and data model classes
. All non-set times are displayed as 0 instead of 1970.
. Only first file in split or E01 needs to be specified.
. EnCase Hashset support in hash tools.
. New table schema for loaddb database that supports more data types (carved, local files, etc.).
Wed Apr 11 14:00:00 2012 dimstarAATTopensuse.org
- Add sleuthkit-gcc47.patch: Fix buffer overflow.
Fri Oct 21 14:00:00 2011 Greg.FreemyerAATTgmail.com
- Add EnCase image support for reading
- Source code support was already present, this just involved linking libewf into the build
Fri Oct 7 14:00:00 2011 Greg.FreemyerAATTgmail.com
- VERSION 3.2.3
New Features:
- new TskAuto method (handleNotification()) that gets verbose messages that allow for debugging when the class makes decisions.
- DOS partitions are loaded even if an extended partition fails to load
- new TskAuto::findFilesInFs(TSK_FS_INFO
*) method
- Need to only specify first E01 file and the rest are found
- Changed docs license to opensuse accepted one (by upstream)
- Unicode conversion routines fix invalid UTF-16 text during conversion
- Added \'-d\' to tsk_recover to specify directory to recover
Bug Fixes:
- Added check to fatfs_open to compare first sectors of FAT if we used backup boot sector and verify it is FAT32.
- More checks to make sure that FAT short names are valid ASCII
- 3406523: Mactime size sanity check
- 3393960: hfind reading of Windows input file
- 3316603: Error reading last blocks of RAW CD images
- Fixed bugs in how directories and files were detected in TskAuto
Thu Aug 4 14:00:00 2011 toganmAATTopensuse.org
- Update sleuthkit-3.2.2.tar.gz
* cleaned spec
Mon Sep 13 14:00:00 2010 toganmAATTdinamizm.com
- Reworking the spec file
Mon Sep 13 14:00:00 2010 toganmAATTopensuse.org
- Spec file corrections
Mon Sep 13 14:00:00 2010 Togan Muftuoglu
-3.1.3
- Adaptation of spec file from fedora project
- Update to 3.1.3
Thu Apr 29 14:00:00 2010 Nicolas Chauvet - 3.1.1-1
- Update to 3.1.1
Sun Jul 26 14:00:00 2009 Fedora Release Engineering - 3.0.1-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild