Software-update: The Sleuth Kit 4.8.0

Het programma The Sleuth Kit is een collectie forensische tools die gebruikt kunnen worden om de harde schijf nader te bekijken. Daarmee wordt het mogelijk om verwijderde bestanden terug te halen of gedeeltelijk te bekijken. Ondersteuning voor ntfs-, fat-, exfat-, ufs1-, ufs2-, ext2fs-, ext3fs-, etx4-, hfs-, yaffs2- en iso 9660-indelingen is aanwezig. Voor meer informatie verwijzen we naar deze pagina. De ontwikkelaars hebben onlangs versie 4.8.0 uitgebracht, met de volgende veranderingen:

The Sleuth Kit 4.8.0

[NOTE: The .tar.gz file was updated after the initial release to fix some compiler errors related to maven and APFS on OS X. No logic changes were made though.

C/C++

• Pool layer was added to support APFS. NOTE: API is likely to change.
• Limited APFS support added in libtsk and some of the command line tools.
  -- Encryption support is not complete.
  -- Black Bag Technologies submitted the initial PR. Basis Technology did some minor refactoring.
• Refactoring and minor fixes to logical imager
• Various bug fixes from Google fuzzing efforts and Jonathan B from Afarsec
• Fixed infinite NTFS loop from cyclical attribute lists. Reported by X.
• File system bug fixes from uckelman-sf on github

Database:

• DB schema was updated to support pools
• Added concept of JSON in Blackboard Attributes
• Schema supports cascading deletes to enable data source deletion

Java:

• Added Pool class and associated infrastructure
• Added methods to support deleting data sources from database
• Removed JavaFX as a dependency by refactoring the recently introduced timeline filtering classes.
• Added attachment support to the blackboard helper package.