The latest version of The @stake Sleuth Kit (TASK) and Autopsy are now
available with support for NTFS file systems. TASK now supports NTFS,
FAT, EXT2FS, EXT3FS, and FFS file systems. Together, TASK and Autopsy
now provide the same features found in many commercial tools.
For a full description and download, refer to:
TASK: http://www.atstake.com/research/tools/task/index.html
Autopsy: http://www.atstake.com/research/tools/autopsy/index.html
NEW TASK FEATURES (version 1.50):
- NTFS support
- View deleted file names
- View alternate data streams (attributes)
- View details about any MFT entry
- SHA1 binary (for NIST data base)
- 'mactime' now displays the day of the week in the time line
- 'dls' can extract slack space from NTFS and FAT images with the '-s' flag
- minor bug fixes
NEW AUTOPSY FEATURES (version 1.60):
- Add notes or comments to any file, directory, inode, MFT entry, or
cluster. The notes can be later viewed along with the object that
the note refers to.
- Import password and group files when making a file activity time line.
- Improved sorting
- MD5 values are generated for every file created by Autopsy.
- MD5 values can be created for every file in a directory, which is
useful for using the Solaris Fingerprints Database.
- Improved audit log of actions that are performed on the image.
- New interfaces
- Changes to handle all of the NTFS attributes (alternate data streams)
- minor bug fixes
MAILING LISTS:
Mailing lists have been established on SourceForge for user discussions
and future announcements (this will be the last broadcast to the
traditional forensics mailing lists).
http://sourceforge.net/mail/?group_id=55685
brian
-----------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Tue Jul 23 2002 - 04:54:20 PDT