The latest version of The @stake Sleuth Kit (TASK) and Autopsy are now available with support for NTFS file systems. TASK now supports NTFS, FAT, EXT2FS, EXT3FS, and FFS file systems. Together, TASK and Autopsy now provide the same features found in many commercial tools. For a full description and download, refer to: TASK: http://www.atstake.com/research/tools/task/index.html Autopsy: http://www.atstake.com/research/tools/autopsy/index.html NEW TASK FEATURES (version 1.50): - NTFS support - View deleted file names - View alternate data streams (attributes) - View details about any MFT entry - SHA1 binary (for NIST data base) - 'mactime' now displays the day of the week in the time line - 'dls' can extract slack space from NTFS and FAT images with the '-s' flag - minor bug fixes NEW AUTOPSY FEATURES (version 1.60): - Add notes or comments to any file, directory, inode, MFT entry, or cluster. The notes can be later viewed along with the object that the note refers to. - Import password and group files when making a file activity time line. - Improved sorting - MD5 values are generated for every file created by Autopsy. - MD5 values can be created for every file in a directory, which is useful for using the Solaris Fingerprints Database. - Improved audit log of actions that are performed on the image. - New interfaces - Changes to handle all of the NTFS attributes (alternate data streams) - minor bug fixes MAILING LISTS: Mailing lists have been established on SourceForge for user discussions and future announcements (this will be the last broadcast to the traditional forensics mailing lists). http://sourceforge.net/mail/?group_id=55685 brian ----------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Tue Jul 23 2002 - 04:54:20 PDT