TASK 1.50 & Autopsy 1.60 release

From: Brian Carrier (bcarrierat_private)
Date: Mon Jul 22 2002 - 15:51:46 PDT

Next message: Stephan Holtwisch: "tmap v1.1 (telephone network mapper) release"

Previous message: Ryan Fox: "Web based portscan database"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

The @stake Sleuth Kit (TASK) 1.50 (with NTFS Support) and Autopsy 1.60
are now available.  


DESCRIPTION:
The @stake Sleuth Kit (TASK) and Autopsy Forensic Browser are an open
source alternative to the common Windows-based digital forensic tools.
Autopsy provides an investigator with an HTML-based graphical interface
that allows one to browse images from compromised systems in a "File
Manager"-like interface.  Windows and UNIX file systems can be analyzed
to view deleted files, create time lines of file activity, and perform
key word searches.

Unique Features:
- Add notes or comments to any file, directory, inode, MFT entry, or
  cluster.  The notes can be later viewed along with the object that
  the note refers to.  

- Non-intrusive remote analysis of a live UNIX system. The tools can be
  burnt onto a CD and run on a suspect system.  The Incident Responder
  analyzes the system with an HTML browser on his or her laptop. No file
  time stamps are modified during the analysis.

- Open design using "Best Practices" for Forensic Analysis and Incident
  Response:  
  - All tools are open source so that anyone can verify the code and
    customize them.
  - All files generated by Autopsy have an MD5 value calculated so
    that they can be verified as the investigation progresses.
  - No proprietary formats are used.  Raw partition images and standard
    tools such as 'strings' and 'grep' are used.
  - The graphical interface is separate from the command line file
    system tools so that one is always free to use the command line
    if the GUI does not do something that he or she wants to.
  - ASCII audit log of actions that are performed on the image. 

TASK is a collection of open source, command line tools based on The
Coroner's Toolkit (TCT) and TCTUTILs.  Using these tools, an investigator
can view the details of NTFS, FAT, FFS, and EXT2FS file systems.
TASK gives an investigator access to details that other tools do not,
which can be used for advanced file recovery.  TASK is the only open
source collection of tools for both Windows and UNIX file systems that
allow one to view both allocated and unallocated files.


DOWNLOAD & ADDITIONAL INFORMATION:
    TASK:     http://www.atstake.com/research/tools/task/index.html
    Autopsy:  http://www.atstake.com/research/tools/autopsy/index.html


MAILING LISTS:
Mailing lists have been established on SourceForge for user discussions
and future announcements.  

    http://sourceforge.net/mail/?group_id=55685

brian

Next message: Stephan Holtwisch: "tmap v1.1 (telephone network mapper) release"
Previous message: Ryan Fox: "Web based portscan database"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue Jul 23 2002 - 16:53:07 PDT