Notifications

Clear all

[Tool] Autopsy 3.1 Released - Parallel Pipelines and Android

BasisTech · 2014-08-23T01:47:04Z

Free and open source Windows-based digital forensics software Autopsy 3.1 is out! Download it now http//www.basistech.com/digital-forensics/autopsy/ An overview of some of the big changes since 3.0.10 (big enough to warrant the first minor release)• Multi-threaded pipelines (configurable to take advantage of your beefy machine specs, we've significant performance improvements in our tests)• File type ingest module (magic bytes detection)• File extension mismatch ingest module (configurable extensions to signatures)• Android ingest module (contacts, call logs, messages)• KML report module (EXIF information from JPEGs to Google Earth)• Tags can be deleted (…long awaited)• Hash databases can be created and maintained (multi-select add to hash databases)In addition, a new module free for law enforcement will be available next week from Basis TechnologyLaw Enforcement Bundle C4ALL and ProjectVic Hash Database integrationSome other stuff in the works for Autopsy 3.1* Python module support (write your own modules in Python)*Advanced Timeline Visualization *Advanced Image Analysis and Categorization

Page 3 / 3 Prev

General (Technical, Procedural, Software, Hardware etc.)

Last Post by Bitstorm 11 years ago

24 Posts

8 Users

0 Reactions

4,519 Views

RSS

KungFuAction

(@kungfuaction)

Estimable Member

Joined: 13 years ago

Posts: 109

03/10/2014 9:53 pm

It probably makes sense to get some more details on your environment in order to help you, but I would suggest continuing the conversation on the dedicated forum for Autopsy support.

I'm just noting it here. I've written there, which is how I found their Wiki. Still doesn't work.

ReplyQuote

tl1000matze

(@tl1000matze)

New Member

Joined: 11 years ago

Posts: 1

02/11/2014 7:43 pm

Just curious. New here and new to Autopsy. I just downloaded it yesterday (Windows version) and from what I can tell, there is no imaging aspect of the program. What are people using to image devices for analysis with Autopsy?

For example encase forensic imager v7 or paladin by sumuri.

ReplyQuote

jaclaz

(@jaclaz)

Illustrious Member

Joined: 18 years ago

Posts: 5133

09/11/2014 1:13 am

Just curious. New here and new to Autopsy. I just downloaded it yesterday (Windows version) and from what I can tell, there is no imaging aspect of the program. What are people using to image devices for analysis with Autopsy?

Well, you would not want to make an image under Windows anyway (unless you have a suitable hardware write blocker).

You would otherwise use a "forensically oriented" Linux distro (that normally include suitable imaging programs) or build yourself a WinFE of some kind, example
http//reboot.pro/topic/19036-mini-winfe/
http//mistype.reboot.pro/mini-winfe.docs/readme.html
that includes a few imaging tools and provides structure for adding "external" ones (such as FTK imager in this case).

jaclaz

ReplyQuote

Bitstorm

(@bitstorm)

Trusted Member

Joined: 14 years ago

Posts: 53

09/11/2014 3:27 am

What about Python Modules, which the new version 3.1.1 supports. I'm not a coder, but how difficult would it be to integrate existing Python solutions (volatility framework, Willi Ballenthins EVTXtract)? Is that a rewrite of such solutions or there only some bridging/ connect work to be done? The answer would be very short if I understand the dev docu No Data content viewer modules in Python.

The dev docu can be found here http//sleuthkit.org/autopsy/docs/api-docs/3.1/
The Dev doc states that only report and ingest modules are supported with Python. I don't know the reason behind that limitation but having Data content viewer support Autopsy could get feature enhanced with stuff you do today with external tools. Either functionality is only based on unstructured strings or parsing of data is not available. That would benefit also timeline functionality which looks very good since 3.1.1.

Removing the Python Module limitation would get Autopsy convert to a killer forensic tool.

ReplyQuote

Page 3 / 3 Prev

Podcast: Well-Being In Digital Forensics And Policing: Insights From Hannah Bailey

Hannah Bailey shares her journey from frontline policin...

By Zoe , 4 hours ago
RE: Android Forensics

Hi, Try decompressing the file using zlib in python. ...

By Dexter4n6 , 22 hours ago
Interview: Neal Ysart, Co-Founder, The Coalition of Cyber Investigators

Neal Ysart shares how The Coalition of Cyber Investigat...

By Zoe , 1 day ago

8 Forums
15.7 K Topics
92.3 K Posts
259 Online
41.1 K Members

Forum Icons: Forum contains no unread posts Forum contains unread posts

Topic Icons: Not Replied Replied Active Hot Sticky Unapproved Solved Private Closed