SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for sleuthkit-devel-4.6.7-1.1.el6.x86_64.rpm :
Wed Aug 7 14:00:00 2019 Lawrence R. Rogers - Release 4.6.7-1.1
Update Release because Fedora now contains 4.6.7.

Sun Jun 9 14:00:00 2019 Lawrence R. Rogers - Release 4.6.6-1.1
Update Release because Fedora now contains 4.6.6.

Fri Apr 26 14:00:00 2019 Lawrence R. Rogers - Release 4.6.6-1
C/C++ Code:
Acquisition deteails are set in DB for E01 files
Fix NTFS decompression issue (from Joe Sylve)
Image reading fix when cache fails (Joe Sylve)
Fix HFS+ issue with large catalog files (Joe Sylve)
Fix free memory issue in srch_strings (Derrick Karpo)
Java:
Fix so that local files can be relative
More Blackboard artifacts and attributes for web data
Added methods to CaseDbManager to enable checking for and modifying tables.
APIs to get and set acquisition details
Added methods to add volume and file systems to database
Added method to add LayoutFile for allocated files
Changed handling of JNI handles to better support multiple cases

Tue Jan 15 13:00:00 2019 Lawrence R. Rogers - Release 4.6.5-1
C/C++ Code:
HFS boundary check fix
Java Code:
New artifacts and attributes defined
Fixed bug in SleuthkitCase.getContentById() for data sources
Fixed bug in LayoutFile.read() that could allow reading past end of file
Case Database Schema:
New fields for hash values and acquisition details in case database
Store \"created schema version\" in case database

Fri Nov 9 13:00:00 2018 Lawrence R. Rogers - Release 4.6.4-1
Java Code:
Increase max statements in database to prevent errors under load
Have a max timeout for SQLite retries

Sun Oct 14 14:00:00 2018 Lawrence R. Rogers - Release 4.6.3-1
C/C++ Code:
Hashdb bug fixes for corrupt indexes and 0 hashes
New code for testing power of number in ExtX code
Java Code:
New class that allows generic database access
New methods that check for duplicate artifacts
Added caches for frequently used content
Database Schema:
Added Examiner table
Tags are now associated with Examiners
Changed parent_path for logical files to be consistent with FS files.

Wed Oct 3 14:00:00 2018 Lawrence R. Rogers - Release 4.6.2-2
Built with Java support. Release number is greater than the release for Fedora 28 and 27.

Wed Aug 8 14:00:00 2018 Lawrence R. Rogers - Release 4.6.2-1
C/C++ Code:
- Various compiler warning fixes
- Added small delay into image writer to not starve other threads

Java:
- Added more locking to ensure that handles were not closed while other threads were using them.
- Added APIs to support more queries by data source
- Added memory-based caching when detecting if an object has children or not.

Wed May 16 14:00:00 2018 Lawrence R. Rogers - Release 4.6.1-1
Lots of bounds checking fixes from Google\'s fuzzing tests. Thanks Goole.
Cleanup and fixes from uckelman-sf and others
PostgreSQL, libvhdi, & libvmdk are supported for Linux / OS X
Fixed display of NTFS GUID in istat - report from Eric Zimmerman.
NTFS istat shows details about all FILE_NAME attributes, not just the first. report from Eric Zimmerman.

Wed Mar 28 14:00:00 2018 Lawrence R. Rogers - Release 4.6.0-3
Moved sleuthkit-4.6.0.jar from sleuthkit-devel package to sleuthkit package.

Wed Feb 28 13:00:00 2018 Lawrence R. Rogers - Release 4.6.0-2
Removed patches from PyTSK.

Wed Feb 21 13:00:00 2018 Lawrence R. Rogers - Release 4.6.0-1
- New Features
- New Communications related Java classes and database tables.
- Java build updates for Autopsy Linux build
- Blackboard artifacts are now Content objects in Java and part of tsk_objects table in database.
- Increased cache sizes.
- Lots of bounds checking fixes from Google\'s fuzzing tests. Thanks Google.
- HFS fix from uckelman-sf.

Sun Oct 15 14:00:00 2017 Lawrence R. Rogers - Release 4.5.0-1

- New Features:
- Support for LZVN compressed HFS files (from Joel Uckelman)
- Use sector size from E01 (helps with 4k sector sizes)
- More specific version number of DB schema
- New Local Directory type in DB to differentiate with Virtual Directories
- All blackboard artifacts in DB are now \'content\'. Attachments can now be children of their parent message.
- Added extension as a column in tsk_files table.

- Bug Fixes:
- Faster resolving of HFS hard links
- Lots of fixes from Google Fuzzing efforts.

Mon Aug 7 14:00:00 2017 Lawrence R. Rogers - Release 4.4.2-1

- New Features:
- usnjls tool for NTFS USN log (from noxdafox)
- Added index to mime type column in DB
- Use local SQLite3 if it exists (from uckelman-sf)
- Blackboard Artifacts have a shortDescription metho

- Bug Fixes:
- Fix for highest HFS+ inum lookup (from uckelman-sf)
- Fix ISO9660 crash
- various performance fixes and added thread safety checks

Tue May 30 14:00:00 2017 Lawrence R. Rogers - Release 4.4.1-1
- New Features:
-- Can create a sparse VHD file when reading a local drive with new
IMAGE_WRITER structure. Currently being used by Autopsy, but no TSK
command line tools.

- Bug fixes:
-- Lots of cleanup and fixes. Including:
-- memory leaks
-- UTF8 and UTF16 cleanup
-- Missing NTFS files (in fairly rare cases)
-- Really long folder structures and database inserts

Tue Jan 17 13:00:00 2017 Lawrence R. Rogers - Release 4.4.0-1
4.4.0
Compiling in Windows now uses Visual Studio 2015
tsk_loaddb now adds new files for slack space and JNI was upgraded accordingly.

4.3.0
NTFS works on 4k sectors
Added support in Java to store local files in encoded form (XORed)
Added Java Account object into datamodel
Added notion of a review status to blackboard artifacts
Upgraded version of PostgreSQL
Various minor bug fixes

Tue Jul 19 14:00:00 2016 Lawrence R. Rogers - Release 4.3.0-1
Release 4.3.0.

Mon Jul 18 14:00:00 2016 Lawrence R. Rogers - Release 4.2.0-6
Rebuilt to use libewf-20160718, release 20140608.1.
Also patched to 20160718.

Thu Jun 23 14:00:00 2016 Lawrence R. Rogers - Release 4.2.0-5
Patch 6 - bring up to 2016-06-23 version from github.

Thu Apr 21 14:00:00 2016 Lawrence R. Rogers - Release 4.2.0-4
Patch 5 - bring up to 2016-04-21 version from github.

Fri Apr 1 14:00:00 2016 Lawrence R. Rogers - Release 4.2.0-3
Patch 4 - bring up to 2016-04-01 version from github.
Rebuild for the latest libewf.

Wed Oct 7 14:00:00 2015 Lawrence R. Rogers - Release 4.2.0-2
Patch 2 - bring up to 2015-10-07 version from github
Patch 3 - fix srch_strings by reverting source back to 4.1.3 version

Wed Sep 16 14:00:00 2015 Lawrence R. Rogers - Release 4.2.0-1
- ExFAT support added
- New database schema
- New Sqlite hash database
- Various bug fixes
- NTFS pays more attention to sequence and loads metadata only if it matches
- Added secondary hash database index

Thu Apr 16 14:00:00 2015 Lawrence R. Rogers - Release 4.1.3-6
New revision to force use of version in CERT Forensics Library.

Sun Nov 16 13:00:00 2014 Lawrence R. Rogers - Release 4.1.3-5
Fixed to include java bindings

Wed Jul 30 14:00:00 2014 Lawrence R. Rogers - Release 4.1.3-4
Rebuilt to include java bindings.

Fri Feb 28 13:00:00 2014 Lawrence R. Rogers - Release 4.1.3-3
Patch from Joachim Metz for pytsk.

Thu Feb 27 13:00:00 2014 Lawrence R. Rogers - Release 4.1.3-2
Rebuilt with libewf-20140216

Sat Jan 25 13:00:00 2014 Lawrence R. Rogers - Release 4.1.3-1
fixed bug that could crash UFS/ExtX in inode_lookup.
More bounds checking in ISO9660 code
Image layer bounds checking
Update version of SQLITE-JDBC
changed how java loads navite libraries
Config file for YAFFS2 spare area
New method in image layer to return names
Yaffs2 cleanup.
Escape all strings in SQLite database
SQlite code uses NTTFS sequence number to match parent IDs

Wed Sep 25 14:00:00 2013 Lawrence R. Rogers - Release 4.1.2-1
Core:
- Fixed more visual studio projects to work on 64-bit

Java:
- added method to Image to perform sanity check on image sizes.

fiwalk:
- Fixed compile error on Linux etc.



---------------- VERSION 4.1.1 --------------
Core:
- Added FILE_SHARE_WRITE to all windows open calls.
- removed unused methods in CRC code that caused compile errors.
- Added NTFS FNAME times to time2 struct in TSK_FS_META to make them
easier to access -- should have done this a long time ago!
- fls -m and tsk_gettimes output NTFS FNAME times to output for timelines.
- hfind with EnCase hashsets works when DB is specified (and not only index)
- TskAuto now goes into UNALLOC partitions by default too.
- Added support to automatically find all Cellebrite raw dump files given
the name of the first image.
- Added 64-bit windows targets to VisualStudio files.
- Added NTFS sequence to parent address in directory and directory itself.
- Updated SQLite code to use sequence when finding parent object ID.

Java:
- Java bindings JAR files now have native libraries in them.
- Logical files are added with a transaction

Mon Jun 17 14:00:00 2013 Lawrence R. Rogers - Release 4.1.0-1
Core:
- Added YAFFS2 support (patch from viaForensics).
- Added Ext4 support (patch from kfairbanks)
- changed all include paths to be \'tsk\' instead of \'tsk3\'
-- IMPORTANT FOR ALL DEVELOPERS!

Framework:
- Added Linux and MAC support.
- Added L01 support.
- Added APIs to find files by name, path and extension.
- Removed deprecated TskFile::getAttributes methods.
- moved code around for AutoBuild tool support.

Java Bindings:
- added DerivedFile datamodel support
- added a public method to Content to add ability to close() its tsk handle before the object is gc\'d
- added faster skip() and random seek support to ReadContentInputStream
- refactored datamodel by pushing common methods up to AbstractFile
- fixed minor memory leaks
- improved regression testing framework for java bindings datamodel

Mon Feb 4 13:00:00 2013 Lawrence R. Rogers - Release 4.0.2-1
Core:
New Features:
- Added fiwalk tool from Simson. Not supported in Visual Studio yet.

Bug Fixes:
- Fixed fcat to work on NTFS files (still doesn\'t support ADS though).
- Fixed HFS+ support in tsk_loaddb / SQLite -- root directory was not added.
- NTFS code now looks at all MFT entries when listing directory contents. It used to only look at unallocated entries for orphan files.
This fixes an image that had allocated files missing from the directory b-tree.
- NTFS code uses sequence number when searching MFT entries for all files.
- Libewf detection code change to support v2 API more reliably (ID: 3596212).
- NTFS $SII code could crash in rare cases if $SDS was multiple of block size.

Framework:
- Added new API to TskImgDB that returns the base name of an image.
- Numerous performance improvements to framework.
- Removed requirement in framework to specify module extension in pipeline configuration file.
- Added blackboard artifacts to represent both operating system and network service user accounts.

Java Bindings:
- added more APIs to find files by name, path and where clause
- added API to get currently processed dir when image is being added,
- added API to return specific types of children of image, volume system, volume, file system.
- moved more common methods up to Content interface
- deprecated context of blackboard attributes,
- deprecated SleuthkitCase.runQuery() and SleuthkitCase.closeRunQuery()
- fixed ReadContentInputStream bugs (ignoring offset into a buffer, implementing available() )
- methods that are lazy loading are now thread safe
- Hash class is now thread-safe
- use more PreparedStatements to improve performance
- changed source level from java 1.6 to 1.7
- Throw exceptions from C++ side better

Tue Nov 13 13:00:00 2012 Lawrence R. Rogers 4.0.1-1
- Release 4.0.1-1
New Features:
- Can open raw Windows devices with write mode sharing.
- More DOS partition types are displayed.
- Added fcat tool that takes in file name and exports content (equivalent to using ifind and icat together).
- Added new API to TskImgDB that returns hash value associated with carved files.
- Performance improvements with FAT code (maps and dir_add)
- Performance improvements with NTFS code (maps)
- Added AONLY flag to block_walk
- Updated blkls and blkcalc to use AONLY flag -- MUCH faster.

Bug Fixes:
- Fixed mactime issue where it could choose the wrong timezone that did
not follow daylight savings times.
- Fixed file size of alternate data streams in framework.
- Incorporated memory leak fixes and raw device fixes from ADF Solutions.

Mon Oct 1 14:00:00 2012 Lawrence R. Rogers 4.0.0-1
- Release 4.0.0-1
New Features:
- Added multithreaded support
- Added C++ wrapper classes
- Added JNI bindings / Java data model classes
- 3314047: Added utf8-specific versions of \'toid\' methods for img,vs,fs types
- 3184429: More consistent printing of unset times (all zerso instead of 1970)
- New database design that allows for multiple images in the same database
- GPT volume system tries other sector sizes if first attempt fails.
- Added hash calculation and lookup to AutoDB and JNI.
- Upgraded SQLite to 3.7.9.
- Added Framework in (windows-only)
- EnCase hash support
- Libewf v2 support (it is now non-beta)
- First file in a raw split or E01 can be specified and the rest of the files are found.
- mactime displays times as 0 if the time is not set (isntead of 1970)
- Changed behavior of \'mactime -y\' to use ISO8601 format.
- Updated HFS+ code from ATC-NY.
- FAT orphan file improvements to reduce false positives.
- TskAuto better reports errors.
- Upgrade build projects from Visual Studio 2008 to 2010.

Bug Fixes:
- Relaxed checking when conflict exists between DOS and GPT partitions.
Had a Mac image that was failing to resolve which partition table to use.

Mon Oct 10 14:00:00 2011 Brian Carrier carrierAATTsleuthkit.org 3.2.3-1
- Release 3.2.3-1
New Features:
- new TskAuto method (handleNotification()) that gets verbose messages that allow for debugging when the class makes decisions.
- DOS partitions are loaded even if an extended partition fails to load
- new TskAuto::findFilesInFs(TSK_FS_INFO
*) method
- Need to only specify first E01 file and the rest are found
- Changed docs license to non-commercial
- Unicode conversion routines fix invalid UTF-16 text during conversion
- Added \'-d\' to tsk_recover to specify directory to recover

Bug Fixes:
- Added check to fatfs_open to compare first sectors of FAT if we used backup boot sector and verify it is FAT32.
- More checks to make sure that FAT short names are valid ASCII
- 3406523: Mactime size sanity check
- 3393960: hfind reading of Windows input file
- 3316603: Error reading last blocks of RAW CD images
- Fixed bugs in how directories and files were detected in TskAuto

Built to use libewf-alpha, the Version 2 interface

Fri Jun 10 14:00:00 2011 Brian Carrier carrierAATTsleuthkit.org 3.2.2-1
- Release 3.2.2-1
Fixed FAT orphan file issues
cleanup non-ASCII volume label names
split image names are stored in local copy
Added feature that copies of split file names are stored
change to behavior for issue 3303679 and cleanup of short names
Added missing file
removed makefiles from repo
resolved issue 3303679 re: deleted short FAT names with invalid UTF-8 names
fixed issue where image type in SQLIte db was always 0.
auto closes img_info only if it opened it
Added IMG_INFO openImage method to auto class
added copyright
win32 compile errors fixed
adding in more lost win32 files
added new vcproj files
Merging in C++ classes and multithreaded support
typo fix
Updated FAT sanity checks to be tougher on entries in deleted folders
Fixed some RAW CD issues and added offset of 24 bytes to choices
resolved issues 3213886 and 3213888 re: RAW CD and not handling ISO9660 directory holes
added NEWS to win32 build
updated version files

Sun Feb 27 13:00:00 2011 Nicolas Chauvet - 3.2.1-1
- This release has some minor bug fixes. New features include:
SQLite DB contains a dummy entry if there is no volume system.
The build directory can be different from the source directory when building on Unix.

Bug fixes include:
fls arguments
Compile errors with pthreads on some Linux systems
Different FAT directory entry checking
mingw compile errors
mactime CSV output surrounds file name in quotes

Thu Oct 28 14:00:00 2010 Nicolas Chauvet - 3.2.0-1
This release has new features and bug fixes. Thanks to Anthony Lawrence for help with the new features. New features include:
New tsk_recover tool that extracts files from an image to a local directory.
New tsk_loaddb tool that dumps file system metadata to SQLite database.
New tsk_getimes tool that collects MAC time data on all file systems (equivalent to fls -m on a series of volumes)
New tsk_comparedir tool that compares a directory to an image to detect rootkits.
New C++ TskAuto class that makes it easier to create automated tools that analyze all files.
Name cleanup out of libraries and into tools.
img_cat -e and -s flags.
Changed how default NTFS $Data attribute is named.
HFS+ Case sensitive flag in fsstat.

Bug fixes include:
FAT performance
Crash fix for corrupt NTFS file
Adding attribute runs on fragmented files with multiple attributes of the same type.

Fri Jul 2 14:00:00 2010 Nicolas Chauvet - 3.1.3-1
This release has some bug fixes:
FAT performance

Sun May 23 14:00:00 2010 Nicolas Chauvet - 3.1.2-1
This release has some bug fixes:
FAT performance
Reading errors
ifind not stopping
mmls -B display error

Thu Apr 29 14:00:00 2010 Nicolas Chauvet - 3.1.1-1
- Update to 3.1.1

Sun Jul 26 14:00:00 2009 Fedora Release Engineering - 3.0.1-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild

Wed Feb 25 13:00:00 2009 Fedora Release Engineering - 3.0.1-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild

Tue Feb 10 13:00:00 2009 kwizart < kwizart at gmail.com > - 3.0.1-1
- Update to 3.0.1 (final)

Tue Oct 28 13:00:00 2008 kwizart < kwizart at gmail.com > - 3.0.0-1
- Update to 3.0.0 (final)

Fri Oct 3 14:00:00 2008 kwizart < kwizart at gmail.com > - 3.0.0-0.1.b4
- Update to 3.0.0b4

Tue Jun 17 14:00:00 2008 kwizart < kwizart at gmail.com > - 2.52-1
- Update to 2.52
- Remove merged patches
- Remove clean unused-direct-shlib-dependencies
- Fix rpath at source.
- Sort license within the spec
- Move configure.ac to pkg-config detection
- Remove Perl-Date-Manip installation

Tue Mar 18 13:00:00 2008 kwizart < kwizart at gmail.com > - 2.51-1
- Update to 2.51
- Add libewf/afflib BR
- Requires mac-robber external package.
- Remove internal perl-Date-Manip.

Fri Dec 28 13:00:00 2007 kwizart < kwizart at gmail.com > - 2.10-1
- Update to 2.10

Mon Oct 29 13:00:00 2007 kwizart < kwizart at gmail.com > - 2.09-1
- Initial package for Fedora
(inspired from Oden Eriksson mdk spec).


  
ICM