Skip to content

Autopsy 4.18.0
Compare
Choose a tag to compare
@bcarrier bcarrier released this 23 Mar 10:45
· 4989 commits to develop since this release
autopsy-4.18.0
This tag was signed with the committer’s verified signature.
bcarrier Brian Carrier
GPG key ID: 38AD602EC7454C8B
Learn about vigilant mode.
cf9e66a
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.

Keyword Search:

  • A major upgrade from Solr 4 to Solr 8.6.3. Single user cases continue to use the embedded server.
    Multi-user clusters need to install a new Solr 8 server and can now create a Solr cloud with multiple servers.
    -- NOTE: Cases created with Autopsy 4.18 cannot be opened by previous versions of Autopsy. Autopsy 4.18 can open older cases though.
    -- See http://sleuthkit.org/autopsy/docs/user-docs/4.18.0/upgrade_solr8_page.html for more details.
  • Improved text indexing speed by not doing language detection on unknown file formats and unallocated space.

Domain Discovery:

  • Added details view to Domain Discovery to show what web-based artifacts are associated with the selected domain.
  • Updated the Domain Discovery grouping and sorting by options.
  • Added basic domain categorization for webmail-based domains.

Content Viewers:

  • Built more specialized viewers for web-based artifacts.

Data Source Summary:

  • Added a “Geolocations” tab that shows what cities the data source was near (based on geolocation data).
  • Added a “Timeline” tab that shows counts of events from the last 30 days the data source was used.
  • Added navigation buttons to jump from the summary view to the main Autopsy UI (for example to go to the map).

Ingest Modules:

  • New YARA ingest module to flag files based on regular expression patterns.
  • New “Android Analyzer (aLEAPP)” module based on aLEAPP. Previous “Android Analyzer” also still exists.
  • Updated “iOS Analyzer (iLEAPP)” module to create more artifacts and work on disk images.
  • Hash Database module will calculate SHA-256 hash in addition to MD5.
  • Removed Interesting Item rule that flagged existence of Bitlocker (since it ships with Windows).
  • Fixed a major bug in the PhotoRec module that could result in an incorrect file layout if the carved file spanned non-contiguous sectors.
  • Fixed MBOX detection bug in Email module.

Reporting:

  • Attachments from tagged messages are now included in a Portable Case.

Misc:

  • Added support for Ext4 inline data and sparse blocks (via TSK fix).
  • Updated PostgreSQL JDBC driver to support any recent version of PostgreSQL for multi-user cases and PostgreSQL Central Repository.
  • Added personas to the summary viewer in CVT.
  • Handling of bad characters in auto ingest manifest files.
  • Assorted small bug fixes.
Assets 8
Loading