Skip to content

Autopsy 4.13.0
Compare
Choose a tag to compare
@bcarrier bcarrier released this 14 Oct 11:18
· 10550 commits to develop since this release
autopsy-4.13.0
This tag was signed with the committer’s verified signature.
bcarrier Brian Carrier
GPG key ID: 38AD602EC7454C8B
Learn about vigilant mode.
b15ed19

General:

  • Switch from Oracle JDK to OpenJDK.
  • Full command line support (case creation, adding of data sources, running ingest, and generating reports).

Logical Imager:

  • Output can be individual files instead of VHD image (uses less space).
  • More fine grained progress during collection and importing.
  • Log of files and make artifacts.
  • All console messages are saved to a log file too.
  • Improved handling of cancellation when adding results into a case.

Ingest Modules:

  • Added Android support as Python modules for: Android installed apps, Android browser, Facebook Messenger, IMO, LINE, Opera, ORUX Maps, Samsung SBrowser, Skype, ShareIt, TextNow, Viber, WhatsApp, Xender, Zapya.
  • Recycle Bin files are parsed in Recent Activity module, new artifacts are created, and deleted file entries are created at the original location of the deleted files. Code is based on Mark McKinnon’s RecycleBin module (https://github.com/markmckinnon/Autopsy-Plugins/tree/master/Recycle_Bin).
  • ShellBag registry data is extracted from RegRipper in the Recent Activity module. New artifacts are recreated for the data. Based on Mark McKinnon’s “Parse ShellBags” module (https://github.com/markmckinnon/Autopsy-Plugins/tree/master/Parse_Shellbags).
  • Additional data is extracted about users from SAM hive in Recent Activity module. Data includes password dates, permissions, groups, and full name. Based on Mark McKinnon’s “Parse SAM” module (https://github.com/markmckinnon/Autopsy-Plugins/tree/master/Parse_SAM).
  • Email ingest module parses EML files. Based on Mark McKinnon’s “EML Parser” module (https://github.com/markmckinnon/Autopsy-Plugins/tree/master/EML_Parser).
  • Fixed bug in MBOX module that caused attachments to have a “_” in the name.
  • New Plaso ingest module that runs Plaso and generates events for the timeline.
  • Fixed bug in Email module for VCard files to better parse phone number types.
  • Keyword Search module waits longer for Solr to start to prevent incorrectly reporting a problem and disabling the feature.
  • Embedded file extractor module was updated to not report compression bombs for GZIP files.

Timeline:

  • New approach for storing event data. A dedicated events table exists and is populated as files and artifacts are added to the database. No longer requires an explicit step of populating a local events table.
  • Users can create their own events from the Timeline UI.
  • Filtering was simplified based or existence of tag or hash set hit versus a specific name.

Communications:

  • Fixed bug that hid contact book entries with duplicate numbers.

Image Gallery:

  • Fixed bug in schema that caused errors with very long file names.

Report:

  • CASE report is included in a portable case.
  • Image tags are included in portable case.
  • More size options for a packaged portable case.
  • New Infrastructure to support command line-based generation.

Backend:

  • Developers should use new new Blackboard.postArtifact() method to ensure artifact is indexed and added to the timeline.
  • New classes were created to make it easier to write modules for apps.
Assets 8
Loading