Autopsy: Autopsy 4.18.0

CyberPunk Latest Releases
03/23/2021 10:45 am
Autopsy: Autopsy 4.18.0

Keyword Search:

  • A major upgrade from Solr 4 to Solr 8.6.3. Single user cases continue to use the embedded server.
    Multi-user clusters need to install a new Solr 8 server and can now create a Solr cloud with multiple servers.
    — NOTE: Cases created with Autopsy 4.18 cannot be opened by previous versions of Autopsy. Autopsy 4.18 can open older cases though.
    — See http://sleuthkit.org/autopsy/docs/user-docs/4.18.0/upgrade_solr8_page.html for more details.
  • Improved text indexing speed by not doing language detection on unknown file formats and unallocated space.

Domain Discovery:

  • Added details view to Domain Discovery to show what web-based artifacts are associated with the selected domain.
  • Updated the Domain Discovery grouping and sorting by options.
  • Added basic domain categorization for webmail-based domains.

Content Viewers:

  • Built more specialized viewers for web-based artifacts.

Data Source Summary:

  • Added a \u201cGeolocations\u201d tab that shows what cities the data source was near (based on geolocation data).
  • Added a \u201cTimeline\u201d tab that shows counts of events from the last 30 days the data source was used.
  • Added navigation buttons to jump from the summary view to the main Autopsy UI (for example to go to the map).

Ingest Modules:

  • New YARA ingest module to flag files based on regular expression patterns.
  • New \u201cAndroid Analyzer (aLEAPP)\u201d module based on aLEAPP. Previous \u201cAndroid Analyzer\u201d also still exists.
  • Updated \u201ciOS Analyzer (iLEAPP)\u201d module to create more artifacts and work on disk images.
  • Hash Database module will calculate SHA-256 hash in addition to MD5.
  • Removed Interesting Item rule that flagged existence of Bitlocker (since it ships with Windows).
  • Fixed a major bug in the PhotoRec module that could result in an incorrect file layout if the carved file spanned non-contiguous sectors.
  • Fixed MBOX detection bug in Email module.

Reporting:

  • Attachments from tagged messages are now included in a Portable Case.

Misc:

  • Added support for Ext4 inline data and sparse blocks (via TSK fix).
  • Updated PostgreSQL JDBC driver to support any recent version of PostgreSQL for multi-user cases and PostgreSQL Central Repository.
  • Added personas to the summary viewer in CVT.
  • Handling of bad characters in auto ingest manifest files.
  • Assorted small bug fixes.

Directly related posts:

GitHub