Releases: sleuthkit/sleuthkit
Releases · sleuthkit/sleuthkit
The Sleuth Kit 4.6.7 Release
sleuthkit-4.6.7
This tag was signed with the committer’s verified signature.
bcarrier
Brian Carrier
C/C++ Code:
- First release of new logical imager tool
- VHD image writer fixes for out of space scenarios
Java:
- Expand Communications Manager API
- Performance improvement for SleuthkitCase.addLocalFile()
The Sleuth Kit 4.6.6
sleuthkit-4.6.6
This tag was signed with the committer’s verified signature.
bcarrier
Brian Carrier
C/C++ Code:
- Acquisition details are set in DB for E01 files
- Fix NTFS decompression issue (from Joe Sylve)
- Image reading fix when cache fails (Joe Sylve)
- Fix HFS+ issue with large catalog files (Joe Sylve)
- Fix free memory issue in srch_strings (Derrick Karpo)
Java:
- Fix so that local files can be relative
- More Blackboard artifacts and attributes for web data
- Added methods to CaseDbManager to enable checking for and modifying tables.
- APIs to get and set acquisition details
- Added methods to add volume and file systems to database
- Added method to add LayoutFile for allocated files
- Changed handling of JNI handles to better support multiple cases
The Sleuth Kit 4.6.5
sleuthkit-4.6.5
This tag was signed with the committer’s verified signature.
bcarrier
Brian Carrier
C/C++ Code:
- HFS boundary check fix
Java Code:
- New artifacts and attributes defined
- Fixed bug in SleuthkitCase.getContentById() for data sources
- Fixed bug in LayoutFile.read() that could allow reading past end of file
Case Database Schema
- New fields for hash values and acquisition details in case database
- Store "created schema version" in case database
The Sleuth Kit 4.6.4
sleuthkit-4.6.4
This tag was signed with the committer’s verified signature.
bcarrier
Brian Carrier
This release has no changes to the command line tools or C/C++ libraries. It is being done only to support the Autopsy 4.9.1 release.
Java Code:
- Increase max statements in database to prevent errors under load
- Have a max timeout for SQLite retries
The Sleuth Kit 4.6.3
sleuthkit-4.6.3
This tag was signed with the committer’s verified signature.
bcarrier
Brian Carrier
C/C++ Code:
- Hashdb bug fixes for corrupt indexes and 0 hashes
- New code for testing power of number in ExtX code
Java Code:
- New class that allows generic database access
- New methods that check for duplicate artifacts
- Added caches for frequently used content
Database Schema:
- Added Examiner table
- Tags are now associated with Examiners
- Changed parent_path for logical files to be consistent with FS files.
The Sleuth Kit 4.6.2
sleuthkit-4.6.2
This tag was signed with the committer’s verified signature.
bcarrier
Brian Carrier
C/C++ Code:
- Various compiler warning fixes
- Added small delay into image writer to not starve other threads
Java:
- Added more locking to ensure that handles were not closed while other threads were using them.
- Added APIs to support more queries by data source
- Added memory-based caching when detecting if an object has children or not.
The Sleuth Kit 4.6.1
sleuthkit-4.6.1
This tag was signed with the committer’s verified signature.
bcarrier
Brian Carrier
C/C++ Code:
- Lots of bounds checking fixes from Google's fuzzing tests. Thanks Google.
- Cleanup and fixes from uckelman-sf and others
- PostgreSQL, libvhdi, & libvmdk are supported for Linux / OS X
- Fixed display of NTFS GUID in istat - report from Eric Zimmerman.
- NTFS istat shows details about all FILE_NAME attributes, not just the first. report from Eric Zimmerman.
Java:
- Reports can be URLs
- Reports are Content
- Added APIs for graph view of communications
- JNI library is extracted to name with user name in it to avoid conflicts
Database:
- Version upgraded from to 8.0 because Reports are now Content
The Sleuth Kit 4.6.0
sleuthkit-4.6.0
This tag was signed with the committer’s verified signature.
bcarrier
Brian Carrier
New Features
- New Communications related Java classes and database tables.
- Java build updates for Autopsy Linux build
- Blackboard artifacts are now Content objects in Java and part of tsk_objects table in database.
- Increased cache sizes.
- Lots of bounds checking fixes from Google's fuzzing tests. Thanks Google.
- HFS fix from uckelman-sf.
The Sleuth Kit 4.5.0
New Features:
- Support for LZVN compressed HFS files (from Joel Uckelman)
- Use sector size from E01 (helps with 4k sector sizes)
- More specific version number of DB schema
- New Local Directory type in DB to differentiate with Virtual Directories
- All blackboard artifacts in DB are now 'content'. Attachments can now be children of their parent message.
- Added extension as a column in tsk_files table.
Bug Fixes:
- Faster resolving of HFS hard links
- Lots of fixes from Google Fuzzing efforts.
4.4.2 Release
sleuthkit-4.4.2
This tag was signed with the committer’s verified signature.
bcarrier
Brian Carrier
New Features:
- usnjls tool for NTFS USN log (from noxdafox)
- Added index to mime type column in DB
- Use local SQLite3 if it exists (from uckelman-sf)
- Blackboard Artifacts have a shortDescription metho
Bug Fixes:
- Fix for highest HFS+ inum lookup (from uckelman-sf)
- Fix ISO9660 crash
- various performance fixes and added thread safety checks