SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for sleuthkit-libs-4.2.0-1.fc19.i686.rpm :
Wed Sep 16 14:00:00 2015 Lawrence R. Rogers - Release 4.2.0-1
- ExFAT support added
- New database schema
- New Sqlite hash database
- Various bug fixes
- NTFS pays more attention to sequence and loads metadata only if it matches
- Added secondary hash database index

Thu Apr 16 14:00:00 2015 Lawrence R. Rogers - Release 4.1.3-6
New revision to force use of version in CERT Forensics Library.

Sun Nov 16 13:00:00 2014 Lawrence R. Rogers - Release 4.1.3-5
Fixed to include java bindings

Wed Jul 30 14:00:00 2014 Lawrence R. Rogers - Release 4.1.3-4
Rebuilt to include java bindings.

Fri Feb 28 13:00:00 2014 Lawrence R. Rogers - Release 4.1.3-3
Patch from Joachim Metz for pytsk.

Thu Feb 27 13:00:00 2014 Lawrence R. Rogers - Release 4.1.3-2
Rebuilt with libewf-20140216

Sat Jan 25 13:00:00 2014 Lawrence R. Rogers - Release 4.1.3-1
fixed bug that could crash UFS/ExtX in inode_lookup.
More bounds checking in ISO9660 code
Image layer bounds checking
Update version of SQLITE-JDBC
changed how java loads navite libraries
Config file for YAFFS2 spare area
New method in image layer to return names
Yaffs2 cleanup.
Escape all strings in SQLite database
SQlite code uses NTTFS sequence number to match parent IDs

Wed Sep 25 14:00:00 2013 Lawrence R. Rogers - Release 4.1.2-1
Core:
- Fixed more visual studio projects to work on 64-bit

Java:
- added method to Image to perform sanity check on image sizes.

fiwalk:
- Fixed compile error on Linux etc.



---------------- VERSION 4.1.1 --------------
Core:
- Added FILE_SHARE_WRITE to all windows open calls.
- removed unused methods in CRC code that caused compile errors.
- Added NTFS FNAME times to time2 struct in TSK_FS_META to make them
easier to access -- should have done this a long time ago!
- fls -m and tsk_gettimes output NTFS FNAME times to output for timelines.
- hfind with EnCase hashsets works when DB is specified (and not only index)
- TskAuto now goes into UNALLOC partitions by default too.
- Added support to automatically find all Cellebrite raw dump files given
the name of the first image.
- Added 64-bit windows targets to VisualStudio files.
- Added NTFS sequence to parent address in directory and directory itself.
- Updated SQLite code to use sequence when finding parent object ID.

Java:
- Java bindings JAR files now have native libraries in them.
- Logical files are added with a transaction

Mon Jun 17 14:00:00 2013 Lawrence R. Rogers - Release 4.1.0-1
Core:
- Added YAFFS2 support (patch from viaForensics).
- Added Ext4 support (patch from kfairbanks)
- changed all include paths to be \'tsk\' instead of \'tsk3\'
-- IMPORTANT FOR ALL DEVELOPERS!

Framework:
- Added Linux and MAC support.
- Added L01 support.
- Added APIs to find files by name, path and extension.
- Removed deprecated TskFile::getAttributes methods.
- moved code around for AutoBuild tool support.

Java Bindings:
- added DerivedFile datamodel support
- added a public method to Content to add ability to close() its tsk handle before the object is gc\'d
- added faster skip() and random seek support to ReadContentInputStream
- refactored datamodel by pushing common methods up to AbstractFile
- fixed minor memory leaks
- improved regression testing framework for java bindings datamodel

Mon Feb 4 13:00:00 2013 Lawrence R. Rogers - Release 4.0.2-1
Core:
New Features:
- Added fiwalk tool from Simson. Not supported in Visual Studio yet.

Bug Fixes:
- Fixed fcat to work on NTFS files (still doesn\'t support ADS though).
- Fixed HFS+ support in tsk_loaddb / SQLite -- root directory was not added.
- NTFS code now looks at all MFT entries when listing directory contents. It used to only look at unallocated entries for orphan files.
This fixes an image that had allocated files missing from the directory b-tree.
- NTFS code uses sequence number when searching MFT entries for all files.
- Libewf detection code change to support v2 API more reliably (ID: 3596212).
- NTFS $SII code could crash in rare cases if $SDS was multiple of block size.

Framework:
- Added new API to TskImgDB that returns the base name of an image.
- Numerous performance improvements to framework.
- Removed requirement in framework to specify module extension in pipeline configuration file.
- Added blackboard artifacts to represent both operating system and network service user accounts.

Java Bindings:
- added more APIs to find files by name, path and where clause
- added API to get currently processed dir when image is being added,
- added API to return specific types of children of image, volume system, volume, file system.
- moved more common methods up to Content interface
- deprecated context of blackboard attributes,
- deprecated SleuthkitCase.runQuery() and SleuthkitCase.closeRunQuery()
- fixed ReadContentInputStream bugs (ignoring offset into a buffer, implementing available() )
- methods that are lazy loading are now thread safe
- Hash class is now thread-safe
- use more PreparedStatements to improve performance
- changed source level from java 1.6 to 1.7
- Throw exceptions from C++ side better

Tue Nov 13 13:00:00 2012 Lawrence R. Rogers 4.0.1-1
- Release 4.0.1-1
New Features:
- Can open raw Windows devices with write mode sharing.
- More DOS partition types are displayed.
- Added fcat tool that takes in file name and exports content (equivalent to using ifind and icat together).
- Added new API to TskImgDB that returns hash value associated with carved files.
- Performance improvements with FAT code (maps and dir_add)
- Performance improvements with NTFS code (maps)
- Added AONLY flag to block_walk
- Updated blkls and blkcalc to use AONLY flag -- MUCH faster.

Bug Fixes:
- Fixed mactime issue where it could choose the wrong timezone that did
not follow daylight savings times.
- Fixed file size of alternate data streams in framework.
- Incorporated memory leak fixes and raw device fixes from ADF Solutions.

Mon Oct 1 14:00:00 2012 Lawrence R. Rogers 4.0.0-1
- Release 4.0.0-1
New Features:
- Added multithreaded support
- Added C++ wrapper classes
- Added JNI bindings / Java data model classes
- 3314047: Added utf8-specific versions of \'toid\' methods for img,vs,fs types
- 3184429: More consistent printing of unset times (all zerso instead of 1970)
- New database design that allows for multiple images in the same database
- GPT volume system tries other sector sizes if first attempt fails.
- Added hash calculation and lookup to AutoDB and JNI.
- Upgraded SQLite to 3.7.9.
- Added Framework in (windows-only)
- EnCase hash support
- Libewf v2 support (it is now non-beta)
- First file in a raw split or E01 can be specified and the rest of the files are found.
- mactime displays times as 0 if the time is not set (isntead of 1970)
- Changed behavior of \'mactime -y\' to use ISO8601 format.
- Updated HFS+ code from ATC-NY.
- FAT orphan file improvements to reduce false positives.
- TskAuto better reports errors.
- Upgrade build projects from Visual Studio 2008 to 2010.

Bug Fixes:
- Relaxed checking when conflict exists between DOS and GPT partitions.
Had a Mac image that was failing to resolve which partition table to use.

Mon Oct 10 14:00:00 2011 Brian Carrier carrierAATTsleuthkit.org 3.2.3-1
- Release 3.2.3-1
New Features:
- new TskAuto method (handleNotification()) that gets verbose messages that allow for debugging when the class makes decisions.
- DOS partitions are loaded even if an extended partition fails to load
- new TskAuto::findFilesInFs(TSK_FS_INFO
*) method
- Need to only specify first E01 file and the rest are found
- Changed docs license to non-commercial
- Unicode conversion routines fix invalid UTF-16 text during conversion
- Added \'-d\' to tsk_recover to specify directory to recover

Bug Fixes:
- Added check to fatfs_open to compare first sectors of FAT if we used backup boot sector and verify it is FAT32.
- More checks to make sure that FAT short names are valid ASCII
- 3406523: Mactime size sanity check
- 3393960: hfind reading of Windows input file
- 3316603: Error reading last blocks of RAW CD images
- Fixed bugs in how directories and files were detected in TskAuto

Built to use libewf-alpha, the Version 2 interface

Fri Jun 10 14:00:00 2011 Brian Carrier carrierAATTsleuthkit.org 3.2.2-1
- Release 3.2.2-1
Fixed FAT orphan file issues
cleanup non-ASCII volume label names
split image names are stored in local copy
Added feature that copies of split file names are stored
change to behavior for issue 3303679 and cleanup of short names
Added missing file
removed makefiles from repo
resolved issue 3303679 re: deleted short FAT names with invalid UTF-8 names
fixed issue where image type in SQLIte db was always 0.
auto closes img_info only if it opened it
Added IMG_INFO openImage method to auto class
added copyright
win32 compile errors fixed
adding in more lost win32 files
added new vcproj files
Merging in C++ classes and multithreaded support
typo fix
Updated FAT sanity checks to be tougher on entries in deleted folders
Fixed some RAW CD issues and added offset of 24 bytes to choices
resolved issues 3213886 and 3213888 re: RAW CD and not handling ISO9660 directory holes
added NEWS to win32 build
updated version files

Sun Feb 27 13:00:00 2011 Nicolas Chauvet - 3.2.1-1
- This release has some minor bug fixes. New features include:
SQLite DB contains a dummy entry if there is no volume system.
The build directory can be different from the source directory when building on Unix.

Bug fixes include:
fls arguments
Compile errors with pthreads on some Linux systems
Different FAT directory entry checking
mingw compile errors
mactime CSV output surrounds file name in quotes

Thu Oct 28 14:00:00 2010 Nicolas Chauvet - 3.2.0-1
This release has new features and bug fixes. Thanks to Anthony Lawrence for help with the new features. New features include:
New tsk_recover tool that extracts files from an image to a local directory.
New tsk_loaddb tool that dumps file system metadata to SQLite database.
New tsk_getimes tool that collects MAC time data on all file systems (equivalent to fls -m on a series of volumes)
New tsk_comparedir tool that compares a directory to an image to detect rootkits.
New C++ TskAuto class that makes it easier to create automated tools that analyze all files.
Name cleanup out of libraries and into tools.
img_cat -e and -s flags.
Changed how default NTFS $Data attribute is named.
HFS+ Case sensitive flag in fsstat.

Bug fixes include:
FAT performance
Crash fix for corrupt NTFS file
Adding attribute runs on fragmented files with multiple attributes of the same type.

Fri Jul 2 14:00:00 2010 Nicolas Chauvet - 3.1.3-1
This release has some bug fixes:
FAT performance

Sun May 23 14:00:00 2010 Nicolas Chauvet - 3.1.2-1
This release has some bug fixes:
FAT performance
Reading errors
ifind not stopping
mmls -B display error

Thu Apr 29 14:00:00 2010 Nicolas Chauvet - 3.1.1-1
- Update to 3.1.1

Sun Jul 26 14:00:00 2009 Fedora Release Engineering - 3.0.1-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild

Wed Feb 25 13:00:00 2009 Fedora Release Engineering - 3.0.1-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild

Tue Feb 10 13:00:00 2009 kwizart < kwizart at gmail.com > - 3.0.1-1
- Update to 3.0.1 (final)

Tue Oct 28 13:00:00 2008 kwizart < kwizart at gmail.com > - 3.0.0-1
- Update to 3.0.0 (final)

Fri Oct 3 14:00:00 2008 kwizart < kwizart at gmail.com > - 3.0.0-0.1.b4
- Update to 3.0.0b4

Tue Jun 17 14:00:00 2008 kwizart < kwizart at gmail.com > - 2.52-1
- Update to 2.52
- Remove merged patches
- Remove clean unused-direct-shlib-dependencies
- Fix rpath at source.
- Sort license within the spec
- Move configure.ac to pkg-config detection
- Remove Perl-Date-Manip installation

Tue Mar 18 13:00:00 2008 kwizart < kwizart at gmail.com > - 2.51-1
- Update to 2.51
- Add libewf/afflib BR
- Requires mac-robber external package.
- Remove internal perl-Date-Manip.

Fri Dec 28 13:00:00 2007 kwizart < kwizart at gmail.com > - 2.10-1
- Update to 2.10

Mon Oct 29 13:00:00 2007 kwizart < kwizart at gmail.com > - 2.09-1
- Initial package for Fedora
(inspired from Oden Eriksson mdk spec).


  
ICM