SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for autopsy-4.16.0-1.fc27.x86_64.rpm :

* Tue Sep 08 2020 Lawrence R. Rogers 4.16.0-1
* Release 4.15.0-1 Ingest: Added streaming ingest capability for disk images that allow files to be analyzed as soon as they are added to the database. Changed backend code so that disk image-based files are added by Java code instead of C/C++ code. Ingest Modules: Include Interesting File set rules for cloud storage, encryption, cryptocurrency and privacy programs. Updated PhotoRec 7.1 and include 64-bit version. Updated RegRipper in Recent Activity to 2.8 Create artifacts for Prefetch, Background Activity Monitor, and System Resource Usage. Support MBOX files greater than 2GB. Document metadata is saved as explicit artifacts and added to the timeline. New “no change” hashset type that does not change status of file. Central Repository / Personas: Accounts in the Central Repository can be grouped together and associated with a digital persona. All accounts are now stored in the Central Repository to support correlation and persona creation. Content viewers: Created artifact-specific viewers in the Results viewer for contact book and call log. Moved Message viewer to a Results sub-viewer and expanded to show accounts. Added Application sub-viewer for PDF files based on IcePDF. Annotation viewer now includes comments from hash set hits. Geolocation Viewer: Different data types now are displayed using different colors. Track points in a track are now displayed as small, connected circles instead of full pins. Filter panel shows only data sources with geo location data. Geolocation artifact points can be tagged and commented upon. File Discovery: Changed UI to have more of a search flow and content viewer is hidden until an item is selected. Reports: Can be generated for a single data source instead of the entire case. CASE / UCO report module now includes artifacts in addition to files. Added backend concept of Tag Sets to support Project Vic categories from different countries. Performance: Add throttling of UI refreshes to ensure data is quickly displayed and the tree does not get backed up with requests. Improved efficiency of adding a data source with many orphan files. Improved efficiency of loading file systems. Jython interpreter is preloaded at application startup. Misc bug fixes and improvements: Fixed bug from last release where hex content viewer text was no longer fixed width. Altered locking to allow multiple data sources to be added at once more smoothly and to support batch inserts of file data. Central repository comments will no longer store tag descriptions. Account type nodes in the Accounts tree show counts. Full time stamps displayed for messages in ingest inbox. More detailed status during file exports. Improved efficiency of adding timeline events. Fixed bug with CVT most recent filter. Improved documentation and support for running on Linux/macOS.
* Fri May 15 2020 Lawrence R. Rogers 4.15.0-5
* Release 4.15.0-5 Changed to BellSoft Java Full as per the Autopsy installation instructions
* Thu May 14 2020 Lawrence R. Rogers 4.15.0-5
* Release 4.15.0-5 Installs a new version of the 7-Zip Binding for CentOS/RHEL 7 only.
* Mon May 11 2020 Lawrence R. Rogers 4.15.0-4
* Release 4.15.0-4 Fix yet another problem in CentOS/RHEL 7 version.
* Sun May 10 2020 Lawrence R. Rogers 4.15.0-3
* Release 4.15.0-3 Fix problem in CentOS/RHEL 7 version. And reverted back to the JDK that comes with the OS and away from BelLSoft.
* Wed May 06 2020 Lawrence R. Rogers 4.15.0-2
* Release 4.15.0-2 Changed to BellSoft Java
* Thu Apr 30 2020 Lawrence R. Rogers 4.15.0-1
* Release 4.15.0-1 New UI Features: - Added Document view to File Discovery. - Expanded Context Content Viewer to show if an app accessed a file. - Added translation feature to Message Content Viewer. - Added waypoint type filter to the Geolocation viewer. - Added zoom feature to Indexed Text Content Viewer. New Ingest Modules Features: - New GPX ingest module. - New Drone ingest module for DJI drones based on DatCon. - Create artifacts for files opened by Adobe Reader, Windows Media Player, Office Docs (Most Recently Used (MRU) and TrustRecords), 7Zip MRU, WinRAR MRU, Applets, Microsoft Management Console (MMC) via RegRipper. New Central Repository Features: - Central Repository stores account IDs that were previously seen. - Central Repository is enabled by default to store past hashes. Feature to flag previously seen files is disabled by default. Other New Features: - Multi-user cases can be created via command line Bug fixes: - Prevent entire application from crashing when gstreamer crashes on videos. - Improve Geolocation viewer with large data sets. - Fix error with non-sector aligned reads on local disks. - Times from Recycle Bin files are now in timeline. - Validate timeline events and ignore events too far in the future. - Moved some database queries off of UI thread. - Remove hard coded sizes from UI that cause issues with other languages.
* Fri Jan 24 2020 Lawrence R. Rogers 4.14.0-1
* Release 4.14.0-1 Specialized UIs: - New File Discovery UI that allows you to search and filter for certain types of files. - New Map viewer that uses either Bing (when online) or offline map tiles. - Communications UI shows country names for phone numbers and fixed bug in summary panel. - Fixed bugs in timeline filtering. - Refactored backend timeline filtering code based on The Sleuth Kit datamodel changes to remove JavaFX dependency. Data Sources: - Added limited support for APFS disk images. Does not include encrypted volumes or ones that span multiple disks. Uses contribution to The Sleuth Kit from Blackbag Technologies. - New data source processor that parses “XRY File Exports”. Content Viewers: - Added a new “Context” viewer to show where a file came from. Currently shows what message a file was attached to or what URL a file was downloaded from. - Added support to seek and change playback speed for videos in “Application” viewer. - Improved support for Unicode HTML files in “Application” viewer. - Added support for webp image files in “Application” viewer. Ingest Modules: - Keyword Search module uses Decodetect statistical encoding detection for plain text files. Fixes issues with incorrect detection of Japanese files. - Embedded File Extractor module uses statistical analysis to determine encoding of file names in ZIP files. Fixes issues with ZIP files created on Windows Japanese computers. - Solr (Keyword Search module) now uses Japanese-specific tokenization using Kuromoji. - Fixed Shellbags module in RegRipper (used by Autopsy Recent Activity module) to fix parsing errors. - Plaso module no longer generates an error if enabled for non-disk image data sources. - Added support for message attachments that are stored as an external file system file. Expanded Email and Android modules to use this technique. General: - Fixed crashes by gstreamer when a video is selected. - Added initial capability to delete a data source from a case (excludes data in the CR). - Changed behavior of portable case menu item to automatically open the case and warn if it was already unpacked. - Fixed bug that caused issues when case metadata had Unicode values. - Added new Attachment APIs to the CommunicationsArtifactHelper class to support attachments stored as external file system files.
* Thu Oct 10 2019 Lawrence R. Rogers 4.13.0-1
* Release 4.13.0-1 General: - Switch from Oracle JDK to OpenJDK. - Full command line support (case creation, adding of data sources, running ingest, and generating reports). Logical Imager: - Output can be individual files instead of VHD image (uses less space). - More fine grained progress during collection and importing. - Log of files and make artifacts. - All console messages are saved to a log file too. - Improved handling of cancellation when adding results into a case. Ingest Modules: - Added Android support as Python modules for: Android installed apps, Android browser, Facebook Messenger, IMO, LINE, Opera, ORUX Maps, Samsung SBrowser, Skype, ShareIt, TextNow, Viber, WhatsApp, Xender, Zapya. - Recycle Bin files are parsed in Recent Activity module, new artifacts are created, and deleted file entries are created at the original location of the deleted files. Code is based on Mark McKinnon’s RecycleBin module (https://github.com/markmckinnon/Autopsy-Plugins/tree/master/Recycle_Bin). - ShellBag registry data is extracted from RegRipper in the Recent Activity module. New artifacts are recreated for the data. Based on Mark McKinnon’s “Parse ShellBags” module (https://github.com/markmckinnon/Autopsy-Plugins/tree/master/Parse_Shellbags). - Additional data is extracted about users from SAM hive in Recent Activity module. Data includes password dates, permissions, groups, and full name. Based on Mark McKinnon’s “Parse SAM” module (https://github.com/markmckinnon/Autopsy-Plugins/tree/master/Parse_SAM). - Email ingest module parses EML files. Based on Mark McKinnon’s “EML Parser” module (https://github.com/markmckinnon/Autopsy-Plugins/tree/master/EML_Parser). - Fixed bug in MBOX module that caused attachments to have a “_” in the name. - New Plaso ingest module that runs Plaso and generates events for the timeline. - Fixed bug in Email module for VCard files to better parse phone number types. - Keyword Search module waits longer for Solr to start to prevent incorrectly reporting a problem and disabling the feature. - Embedded file extractor module was updated to not report compression bombs for GZIP files. Timeline: - New approach for storing event data. A dedicated events table exists and is populated as files and artifacts are added to the database. No longer requires an explicit step of populating a local events table. - Users can create their own events from the Timeline UI. - Filtering was simplified based or existence of tag or hash set hit versus a specific name. Communications: - Fixed bug that hid contact book entries with duplicate numbers. Image Gallery: - Fixed bug in schema that caused errors with very long file names. Report: - CASE report is included in a portable case. - Image tags are included in portable case. - More size options for a packaged portable case. - New Infrastructure to support command line-based generation. Backend: - Developers should use new new Blackboard.postArtifact() method to ensure artifact is indexed and added to the timeline. - New classes were created to make it easier to write modules for apps.
* Tue Aug 13 2019 Lawrence R. Rogers 4.12.0-1
* Release 4.12.0-1 Aded .desktop files in addition to the following: Collection Added ability to configure a USB drive to use new logical imager tool. Added logical imager tool that runs on a live Windows computer and saves results to a USB drive. Added ability to import logical imager results into Autopsy as a data source. Ingest Modules: Changed file type detection so that Tika does not rely only on extension. Email ingest module assigns thread IDs to messages Android ingest modules store thread ID from their databases. Content Viewers (lower right of UI): New “Text” viewer that consolidates previous Strings and “Indexed Text” viewers. New “Translation” panel was added to the new “Text” viewer. Added integration with Google and Bing translation (credentials required) Redesigned “Other Occurrences” viewer to have 4th column with details of selected item. Added Willi Ballentin’s “Registry Hive Viewer” panel to the “Application” viewer. Improved HTML viewer to use style sheets and better layout. Added ability to draw a box on a picture while tagging it. Result Table (upper right of UI) Added paging to all views for faster loading of large data sets. Improved speed of displaying results when a column was sorted. Reporting Portable cases can contain files marked as Interesting Items Portable cases can be compressed and chunked “Files - Text” report can use either tabs or commas as the delimiter “Files - Text” report better handles Unicode text. Added ability to create a CSV report for the contents of a table HTML report for tagged pictures includes a copy with the overlay box Communications: Added Account Summary view Added Contacts panel to show all contacts associated with an account. Added Media panel to show media attachments associated with an account Added filter to show accounts if they involved with the most recent messages. Messages can be grouped by thread. Auto Ingest New Test button was added to help diagnose permission and configuration issues. Documentation: Created new Triage Standard Operating Procedure (SOP) section to the User Docs
* Fri Apr 26 2019 Lawrence R. Rogers 4.11.0-1
* Release 4.11.0-1 Version 4.11.0
* Tue Dec 18 2018 Lawrence R. Rogers 4.10.0-1
* Release 4.10.0-1 New Features: - Users can now view information on all cases/data sources in the Central Repository. - SSID, MAC address, IMEI, IMSI, and ICCID properties can now be added to the Central Repository by the Correlation Engine ingest module. - The Correlation Engine ingest module can be configured to flag any occurrences of SSID, MAC address, IMEI, IMSI, and ICCID properties that have been previously added to the Central Repository. - File type filtering for common properties search is now supported. - Common properties search results can now be viewed by case and data source within the case. - Users can now search the Central Repository for property instances with a given value. - OCR text extraction for keyword search now supports languages other than English, if language packs are installed. - Added the ability for examiners to select the time zone for displaying dates. - Custom headers and footers can now be added to HTML reports. - Added ability to either enter or generate hashes of image data sources. - Data sources that fail hash verification are now flagged with interesting item artifacts by the Data Source Integrity ingest module (formerly known as the E01 Verifier ingest module). - Added a report module to export data in CASE/UCO format. - Ingest filters and interesting file sets can now be defined with multiple extensions included in a single condition/rule. Bug Fixes: - The Images/Videos Gallery now works for multi-user cases. - Duplicate interesting item and EXIF metadata artifacts are no longer created when you run the modules that generate them more than once. - The Application content viewer now displays SQLite table column names even when the table is empty. - Assorted small bug fixes are included.
* Fri Nov 09 2018 Lawrence R. Rogers 4.9.1-1
* Release 4.9.1-1 Image Gallery bug fixes that can cause app to hang.
* Wed Oct 24 2018 Lawrence R. Rogers 4.9.0-1
* Release 4.9.0-1 Autopsy packaged for Fedora and CentOS/RHEL.
  
ICM