Releases: sleuthkit/sleuthkit
Releases · sleuthkit/sleuthkit
The Sleuth Kit 4.13.0
sleuthkit-4.13.0
This tag was signed with the committer’s verified signature.
bcarrier
Brian Carrier
C/C++:
- Added BitLocker support (Windows only)
- Updated LibVMDK and LibVHDI
- Updated to Visual Studio 2019
- Updated logical folder caching
- Added support for btrfs (experimental) and xfs (experimental)
- Implemented new unit test framework with Catch
- Updated to C++17. (Update to C++20 pending a solution for compiling for Windows XP)
- Other changes from @simsong, @uckelman-sf, @joachimmetz, and others.
Java:
- Changed how child map was loaded at start up
- Updated handling of OS Accounts in Java DB, especially for Linux
- Updated PostgreSQL SSL configuration
Contributors
simsong, joachimmetz, and uckelman-sf
Assets 6
The Sleuth Kit 4.12.1
sleuthkit-4.12.1
This tag was signed with the committer’s verified signature.
bcarrier
Brian Carrier
C/C++:
- Bug fixes from Luis Nassif and Joachim Metz
- Added check to stop for very large folders to prevent memory exhaustion
Java:
- Added File Repository concept for files to be stored in another location
- Schema updated to 9.4
- Fixed OS Account merge bug and now fire events when accounts are merged
The Sleuth Kit 4.12.0
sleuthkit-4.12.0
This tag was signed with the committer’s verified signature.
bcarrier
Brian Carrier
There was a 1-year gap since 4.11.1 and the git log has 441 commits in that timeframe.
- Many for small fixes.
- This set of release notes is much more of an overview than other releases
What's New:
- LVM Support (non-Windows) from @joachimmetz
- Logical File System support (a folder structure is parsed by TSK libraries) from @APriestman (Basis)
What's Changed:
- Lots of bug fixes from the Basis team and Joachim Metz
- Additional fixes from @Eran-YT, @msuhanov, @uckelman , @dschoemantruter, and @sashashura
- General themes of C/C++ bounds checks and Java improvements to OS Accounts, Ingest jobs, CaseDbAccessManager, and much more.
Contributors
uckelman, APriestman, and 5 other contributors
Assets 7
The Sleuth Kit 4.11.1
sleuthkit-4.11.1
This tag was signed with the committer’s verified signature.
bcarrier
Brian Carrier
C/C++:
- Several fixes from @joachimmetz
- NTFS Decompression bug fix from @kastonework and @uckelman-sf
Java:
- Fixed connection leak when making OS Accounts in bridge
- OsAccount updates for instance types and special Windows SIDs
- Fixed issue with duplicate value in Japanese timeline translation
Contributors
joachimmetz, kastonework, and uckelman-sf
Assets 7
The Sleuth Kit 4.11.0
sleuthkit-4.11.0
This tag was signed with the committer’s verified signature.
bcarrier
Brian Carrier
C/C++:
- Added checks at various layers to detect encrypted file systems and disks to give more useful error messages.
- Added checks to detect file formats that are not supported (such as AD1, ZIP, etc.) to give more useful error messages.
- Added tsk_imageinfo tool that detects if an image is supported by TSK and if it is encrypted.
- Add numerous bound checks from @joachimmetz
- Clarified licenses as pointed out by @joachimmetz
Java:
- Updated from Schema 8.6 to 9.1.
- Added tables and classes for OS Accounts and Realms (Domains).
- Added tables and classes for Host Addresses (IP, MAC, etc.).
- Added tables and classes for Analysis Results vs Data Artifacts by adding onto BlackboardArtifacts.
- Added tables and classes for Host and Person to make it easier to group data sources.
- Added static types for standard artifact types.
- Added File Attribute table to allow custom information to be stored for each file.
- Made ordering of getting lock and connection consistent.
- Made the findFile methods more efficient by using extension (which is indexed).
Contributors
joachimmetz
Assets 7
The Sleuth Kit 4.10.2
sleuthkit-4.10.2
This tag was signed with the committer’s verified signature.
bcarrier
Brian Carrier
C/C++
- Added support for Ext4 inline data
Java
- New Blackboard Artifacts for ALEAPP/ILEAPP, Yara, Geo Area, etc.
- Upgraded to PostgreSQL JDBC Driver 42.2.18
- Added SHA256 to files table in DB and added utility calculation methods.
- Changed TimelineManager to make events for any artifact with a time stamp
- Added Japanese translations
- Fixed synchronization bug in getUniquePath
The Sleuth Kit 4.10.1
sleuthkit-4.10.1
This tag was signed with the committer’s verified signature.
bcarrier
Brian Carrier
C/C++:
- Changed Windows build to use Nuget for libewf, libvmdk, libvhdi.
- Fixed compiler warnings
- Clarrified licenses and added Apache license to distribution
- Improved error handling for out of memory issues
- Rejistry++ memory leak fixes
Java:
- Localized for Japanese
NOTE: .deb file was updated because the initial one was compiled for Java11 instead of Java8. The one for Java8 has an MD5 of c3ca85a89ba19ed34f26d227384a4f11.
The Sleuth Kit 4.10.0
sleuthkit-4.10.0
This tag was signed with the committer’s verified signature.
bcarrier
Brian Carrier
C/C++:
- Removed PostgreSQL code (that was used only by Java code)
- Added Java callback support so that database inserts are done in Java.
Java:
- Added methods and callbacks as required to allow database population to happen in Java instead of C/C++.
- Added support to allow Autopsy streaming ingest where files are added in batches.
- Added TaggingManager class and concept of a TagSet to support ProjectVic categories.
- Fixed changes to normalization and validation of emails and phone numbers.
- Added a CASE/UCO JAR file that creates JSON-LD based on TSK objects.
The Sleuth Kit 4.9.0
sleuthkit-4.9.0
This tag was signed with the committer’s verified signature.
bcarrier
Brian Carrier
C/C++
- Removed framework project. Use Autopsy instead if you need an analysis framework.
- Various fixes from Google-based fuzzing.
- Ensure all reads (even big ones) are sector aligned when reading from Windows device.
- Ensure all command line tools support new pool command line arguments.
- Create virtual files for APFS unallocated space
- HFS fix to display type
Java:
- More artifact helper methods
- More artifacts and attributes for drones and GPS coordinates
- Updated TimelineManager to insert GPS artifacts into events table
The Sleuth Kit 4.8.0
sleuthkit-4.8.0
This tag was signed with the committer’s verified signature.
bcarrier
Brian Carrier
[NOTE: The .tar.gz file was updated after the initial release to fix some compiler errors related to maven and APFS on OS X. No logic changes were made though. Hashes are at the bottom of this note]
C/C++
- Pool layer was added to support APFS. NOTE: API is likely to change.
- Limited APFS support added in libtsk and some of the command line tools.
-- Encryption support is not complete.
-- Black Bag Technologies submitted the initial PR. Basis Technology did some minor refactoring. - Refactoring and minor fixes to logical imager
- Various bug fixes from Google fuzzing efforts and Jonathan B from Afarsec
- Fixed infinite NTFS loop from cyclical attribute lists. Reported by X.
- File system bug fixes from uckelman-sf on github
Database:
- DB schema was updated to support pools
- Added concept of JSON in Blackboard Attributes
- Schema supports cascading deletes to enable data source deletion
Java:
- Added Pool class and associated infrastructure
- Added methods to support deleting data sources from database
- Removed JavaFX as a dependency by refactoring the recently introduced timeline filtering classes.
- Added attachment support to the blackboard helper package.
Hash of .tar.gz that would not compile on all systems: b5c081eb2cc92d2e56b8c470de37f890
Hash of fixed version: c7f9431bceae9b421b337d3c44af4ea9