Autopsy 4.8.0 Release: Open Source Forensics Tool

                      Autopsy is a digital forensics platform and graphical interface to The Sleuth Kit® and other digital forensics tools. It can be used by law enforcement, military, and corporate examiners to investigate what happened on a computer. You can even use it to recover photos from your camera’s memory card.

Support for Windows 32-bit and 64-bit operating system, the same support for Linux and OSX (download the source code, compile their own).

Feature

• Multi-User Cases: Collaborate with fellow examiners on large cases.
• Timeline Analysis: Displays system events in a graphical interface to help identify activity.
• Keyword Search: Text extraction and index searched modules enable you to find files that mention specific terms and find regular expression patterns.
• Web Artifacts: Extracts web activity from common browsers to help identify user activity.
• Registry Analysis: Uses RegRipper to identify recently accessed documents and USB devices.
• LNK File Analysis: Identifies shortcuts and accessed documents
• Email Analysis: Parses MBOX format messages, such as Thunderbird.
• EXIF: Extracts geolocation and camera information from JPEG files.
• File Type Sorting: Group files by their type to find all images or documents.
• Media Playback: View videos and images in the application and not require an external viewer.
• Thumbnail viewer: Displays thumbnail of images to help quick view pictures.
• Robust File System Analysis: Support for common file systems, including NTFS, FAT12/FAT16/FAT32/ExFAT, HFS+, ISO9660 (CD-ROM), Ext2/Ext3/Ext4, Yaffs2, and UFS from The Sleuth Kit.
• Hash Set Filtering: Filter out known good files using NSRL and flag known bad files using custom hashsets in HashKeeper, md5sum, and EnCase formats.
• Tags: Tag files with arbitrary tag names, such as ‘bookmark’ or ‘suspicious’, and add comments.
• Unicode Strings Extraction: Extracts strings from unallocated space and unknown file types in many languages (Arabic, Chinese, Japanese, etc.).
• File Type Detection based on signatures and extension mismatch detection.
• Interesting Files Module will flag files and folders based on name and path.
• Android Support: Extracts data from SMS, call logs, contacts, Tango, Words with Friends, and more.

Changelog 4.8.0

New Features:

• Data Source Grouping:
  — The case tree view can now be grouped by data source.
  — Keyword and file search can now be restricted to a data source.
• Central Repository / Correlation:
  — New common files search feature that finds files that exist in multiple devices in the same case.
  — The Other Occurrences content viewer now shows matches in the current case (in addition to central repository).
  — Central repository options panel now shows cases that are in repo.
• A comment about a file can be created and saved in the central repository so that future cases and see it.
• Keyword Search:
  — Can enable OCR text extraction of PDF and JPG files using Tesseract.
  — Keyword search module normalizes Unicode text.
  — Keyword search module uses ICU to convert text files that do not have a BOM.
• Tagging:
  — Tagging menu changed to have user defined tags at top and “quick tag” removed one level of menus.
  — New “Replace Tag” feature to change the tag on an item.
• Other:
  — SQLite tables can be now be exported to CSV files.
  — An interesting file artifact is now created when a “zip bomb” is detected.
  — An object detection ingest module was added to the Experimental module. It requires an OpenCV trained model.

Bug Fixes:

• Expanding the case tree is more efficient.
• Improved “zip bomb” detection.
• Assorted small bug fixes are included

• Download

Copyright © 2003-2017 Brian Carrier

Source: https://github.com/sleuthkit/

Also Read: ews-crack: Exchange Web Services Cracker