http://open-source-security-software.net/project/sleuthkit/releases.atom 2024-11-15T18:28:14.621894+00:00 python-feedgen sleuthkit sleuthkit-4.3.0 2016-07-20T03:08:15+00:00 2016-07-20T03:08:15+00:00 sleuthkit sleuthkit-4.4.0 2017-01-18T02:33:07+00:00 2017-01-18T02:33:07+00:00 sleuthkit sleuthkit-4.4.1 2017-05-30T17:33:40+00:00 2017-05-30T17:33:40+00:00 sleuthkit sleuthkit-4.4.2 2017-08-07T18:56:02+00:00 New Features: - usnjls tool for NTFS USN log (from noxdafox) - Added index to mime type column in DB - Use local SQLite3 if it exists (from uckelman-sf) - Blackboard Artifacts have a shortDescription metho Bug Fixes: - Fix for highest HFS+ inum lookup (from uckelman-sf) - Fix ISO9660 crash - various performance fixes and added thread safety checks 2017-08-07T18:56:02+00:00 sleuthkit sleuthkit-4.5.0 2017-10-16T02:48:53+00:00 New Features: - Support for LZVN compressed HFS files (from Joel Uckelman) - Use sector size from E01 (helps with 4k sector sizes) - More specific version number of DB schema - New Local Directory type in DB to differentiate with Virtual Directories - All blackboard artifacts in DB are now 'content'. Attachments can now be children of their parent message. - Added extension as a column in tsk_files table. Bug Fixes: - Faster resolving of HFS hard links - Lots of fixes from Google Fuzzing efforts. 2017-10-16T02:48:53+00:00 sleuthkit sleuthkit-4.6.0 2018-02-21T05:15:47+00:00 New Features - New Communications related Java classes and database tables. - Java build updates for Autopsy Linux build - Blackboard artifacts are now Content objects in Java and part of tsk_objects table in database. - Increased cache sizes. - Lots of bounds checking fixes from Google's fuzzing tests. Thanks Google. - HFS fix from uckelman-sf. 2018-02-21T05:15:47+00:00 sleuthkit sleuthkit-4.6.1 2018-05-08T03:31:39+00:00 C/C++ Code: - Lots of bounds checking fixes from Google's fuzzing tests. Thanks Google. - Cleanup and fixes from uckelman-sf and others - PostgreSQL, libvhdi, & libvmdk are supported for Linux / OS X - Fixed display of NTFS GUID in istat - report from Eric Zimmerman. - NTFS istat shows details about all FILE_NAME attributes, not just the first. report from Eric Zimmerman. Java: - Reports can be URLs - Reports are Content - Added APIs for graph view of communications - JNI library is extracted to name with user name in it to avoid conflicts Database: - Version upgraded from to 8.0 because Reports are now Content 2018-05-08T03:31:39+00:00 sleuthkit sleuthkit-4.6.2 2018-08-08T15:09:39+00:00 C/C++ Code: - Various compiler warning fixes - Added small delay into image writer to not starve other threads Java: - Added more locking to ensure that handles were not closed while other threads were using them. - Added APIs to support more queries by data source - Added memory-based caching when detecting if an object has children or not. 2018-08-08T15:09:39+00:00 sleuthkit sleuthkit-4.6.3 2018-10-15T02:31:47+00:00 C/C++ Code: - Hashdb bug fixes for corrupt indexes and 0 hashes - New code for testing power of number in ExtX code Java Code: - New class that allows generic database access - New methods that check for duplicate artifacts - Added caches for frequently used content Database Schema: - Added Examiner table - Tags are now associated with Examiners - Changed parent_path for logical files to be consistent with FS files. 2018-10-15T02:31:47+00:00 sleuthkit sleuthkit-4.6.4 2018-11-10T03:24:23+00:00 This release has no changes to the command line tools or C/C++ libraries. It is being done only to support the Autopsy 4.9.1 release. Java Code: - Increase max statements in database to prevent errors under load - Have a max timeout for SQLite retries 2018-11-10T03:24:23+00:00 sleuthkit sleuthkit-4.6.5 2019-01-15T22:42:51+00:00 C/C++ Code: - HFS boundary check fix Java Code: - New artifacts and attributes defined - Fixed bug in SleuthkitCase.getContentById() for data sources - Fixed bug in LayoutFile.read() that could allow reading past end of file Case Database Schema - New fields for hash values and acquisition details in case database - Store "created schema version" in case database 2019-01-15T22:42:51+00:00 sleuthkit sleuthkit-4.6.6 2019-04-26T14:01:03+00:00 # C/C++ Code: - Acquisition details are set in DB for E01 files - Fix NTFS decompression issue (from Joe Sylve) - Image reading fix when cache fails (Joe Sylve) - Fix HFS+ issue with large catalog files (Joe Sylve) - Fix free memory issue in srch_strings (Derrick Karpo) # Java: - Fix so that local files can be relative - More Blackboard artifacts and attributes for web data - Added methods to CaseDbManager to enable checking for and modifying tables. - APIs to get and set acquisition details - Added methods to add volume and file systems to database - Added method to add LayoutFile for allocated files - Changed handling of JNI handles to better support multiple cases 2019-04-26T14:01:03+00:00 sleuthkit sleuthkit-4.6.7 2019-08-02T20:54:18+00:00 C/C++ Code: - First release of new logical imager tool - VHD image writer fixes for out of space scenarios Java: - Expand Communications Manager API - Performance improvement for SleuthkitCase.addLocalFile() 2019-08-02T20:54:18+00:00 sleuthkit sleuthkit-4.7.0 2019-10-14T11:18:43+00:00 C/C++: - DB schema was expanded to store tsk_events and related tables. Time-based data is automatically added when files and artifacts are created. Used by Autopsy timeline. - Logical Imager can save files as individual files instead of in VHD (saves space). - Logical imager produces log of results - Logical Imager refactor - Removed PRIuOFF and other macros that caused problems with signed/unsigned printing. For example, TSK_OFF_T is a signed value and PRIuOFF would cause problems as it printed a negative number as a big positive number. Java - Travis and Debian package use OpenJDK instead of OracleJDK - New Blackboard Helper packages (blackboardutils) to make it easier to make artifacts. - Blackboard scope was expanded, including the new postArtifact() method that adds event data to database and broadcasts an event to listeners. - SleuthkitCase now has an EventBus for database-related events. - New TimelineManager and associated filter classes to support new events table 2019-10-14T11:18:43+00:00 sleuthkit sleuthkit-4.8.0 2020-01-24T13:37:23+00:00 C/C++ - Pool layer was added to support APFS. NOTE: API is likely to change. - Limited APFS support added in libtsk and some of the command line tools. -- Encryption support is not complete. -- Black Bag Technologies submitted the initial PR. Basis Technology did some minor refactoring. - Refactoring and minor fixes to logical imager - Various bug fixes from Google fuzzing efforts and Jonathan B from Afarsec - Fixed infinite NTFS loop from cyclical attribute lists. Reported by X. - File system bug fixes from uckelman-sf on github Database: - DB schema was updated to support pools - Added concept of JSON in Blackboard Attributes - Schema supports cascading deletes to enable data source deletion Java: - Added Pool class and associated infrastructure - Added methods to support deleting data sources from database - Removed JavaFX as a dependency by refactoring the recently introduced timeline filtering classes. - Added attachment support to the blackboard helper package. 2020-01-24T13:37:23+00:00 sleuthkit sleuthkit-4.9.0 2020-05-01T10:57:45+00:00 C/C++ - Removed framework project. Use Autopsy instead if you need an analysis framework. - Various fixes from Google-based fuzzing. - Ensure all reads (even big ones) are sector aligned when reading from Windows device. - Ensure all command line tools support new pool command line arguments. - Create virtual files for APFS unallocated space - HFS fix to display type Java: - More artifact helper methods - More artifacts and attributes for drones and GPS coordinates - Updated TimelineManager to insert GPS artifacts into events table 2020-05-01T10:57:45+00:00 sleuthkit sleuthkit-4.10.0 2020-09-09T21:05:26+00:00 C/C++: - Removed PostgreSQL code (that was used only by Java code) - Added Java callback support so that database inserts are done in Java. Java: - Added methods and callbacks as required to allow database population to happen in Java instead of C/C++. - Added support to allow Autopsy streaming ingest where files are added in batches. - Added TaggingManager class and concept of a TagSet to support ProjectVic categories. - Fixed changes to normalization and validation of emails and phone numbers. - Added a CASE/UCO JAR file that creates JSON-LD based on TSK objects. 2020-09-09T21:05:26+00:00 sleuthkit sleuthkit-4.10.1 2020-11-09T14:32:22+00:00 C/C++: - Changed Windows build to use Nuget for libewf, libvmdk, libvhdi. - Fixed compiler warnings - Clarrified licenses and added Apache license to distribution - Improved error handling for out of memory issues - Rejistry++ memory leak fixes Java: - Localized for Japanese 2020-11-09T14:32:22+00:00 sleuthkit sleuthkit-4.10.2 2021-03-23T10:46:04+00:00 C/C++ - Added support for Ext4 inline data Java - New Blackboard Artifacts for ALEAPP/ILEAPP, Yara, Geo Area, etc. - Upgraded to PostgreSQL JDBC Driver 42.2.18 - Added SHA256 to files table in DB and added utility calculation methods. - Changed TimelineManager to make events for any artifact with a time stamp - Added Japanese translations - Fixed synchronization bug in getUniquePath 2021-03-23T10:46:04+00:00 sleuthkit sleuthkit-4.11.0 2021-08-02T11:41:54+00:00 **C/C++:** - Added checks at various layers to detect encrypted file systems and disks to give more useful error messages. - Added checks to detect file formats that are not supported (such as AD1, ZIP, etc.) to give more useful error messages. - Added tsk_imageinfo tool that detects if an image is supported by TSK and if it is encrypted. - Add numerous bound checks from @joachimmetz - Clarified licenses as pointed out by @joachimmetz **Java:** - Updated from Schema 8.6 to 9.1. - Added tables and classes for OS Accounts and Realms (Domains). - Added tables and classes for Host Addresses (IP, MAC, etc.). - Added tables and classes for Analysis Results vs Data Artifacts by adding onto BlackboardArtifacts. - Added tables and classes for Host and Person to make it easier to group data sources. - Added static types for standard artifact types. - Added File Attribute table to allow custom information to be stored for each file. - Made ordering of getting lock and connection consistent. - Made the findFile methods more efficient by using extension (which is indexed). 2021-08-02T11:41:54+00:00 sleuthkit sleuthkit-4.11.1 2021-11-11T17:36:30+00:00 **C/C++:** - Several fixes from @joachimmetz - NTFS Decompression bug fix from @kastonework and @uckelman-sf **Java:** - Fixed connection leak when making OS Accounts in bridge - OsAccount updates for instance types and special Windows SIDs - Fixed issue with duplicate value in Japanese timeline translation 2021-11-11T17:36:30+00:00 sleuthkit sleuthkit-4.12.0 2023-01-25T11:58:23+00:00 There was a 1-year gap since 4.11.1 and the git log has 441 commits in that timeframe. - Many for small fixes. - This set of release notes is much more of an overview than other releases What's New: - LVM Support (non-Windows) from @joachimmetz - Logical File System support (a folder structure is parsed by TSK libraries) from @APriestman (Basis) What's Changed: - Lots of bug fixes from the Basis team and Joachim Metz - Additional fixes from @Eran-YT, @msuhanov, @uckelman , @dschoemantruter, and @sashashura - General themes of C/C++ bounds checks and Java improvements to OS Accounts, Ingest jobs, CaseDbAccessManager, and much more. 2023-01-25T11:58:23+00:00 sleuthkit sleuthkit-4.12.1 2023-08-29T21:04:25+00:00 C/C++: - Bug fixes from Luis Nassif and Joachim Metz - Added check to stop for very large folders to prevent memory exhaustion Java: - Added File Repository concept for files to be stored in another location - Schema updated to 9.4 - Fixed OS Account merge bug and now fire events when accounts are merged 2023-08-29T21:04:25+00:00