The Sleuth Kit V-4.0.0 Beta 1 Released.

The Sleuth Kit is a C++ library and collection of open source file system forensics tools that allow you to, among other things, view allocated and deleted data from NTFS, FAT, FFS, EXT2, Ext3, HFS+, and ISO9660 images.—————- VERSION 4.0.0 ————–
New Features:
– Added multithreaded support
– Added C++ wrapper classes
– Added JNI bindings / Java data model classes
– 3314047: Added utf8-specific versions of ‘toid’ methods for img,vs,fs types
– 3184429: More consistent printing of unset times (all zerso instead of 1970)
– New database design that allows for multiple images in the same database
– GPT volume system tries other sector sizes if first attempt fails.
– Added hash calculation and lookup to AutoDB and JNI.
– Upgraded SQLite to 3.7.9.
– Added Framework in (windows-only)
– EnCase hash support
– Libewf v2 support (it is now non-beta)
– First file in a raw split or E01 can be specified and the rest of the files
  are found.
– mactime displays times as 0 if the time is not set (isntead of 1970)

Bug Fixes:
– Relaxed checking when conflict exists between DOS and GPT partitions. Had a Mac image that was failing to resolve which partition table to use.

4.0.0 (beta 1: May 30, 2012)
This release adds the new analysis framework, C++ classes, Java bindings, and other things that make it easier to build end-to-end forensics systems.

  • Framework with first set of basic modules (hash calculation, hash lookup, entropy calculation, RegRipper, ZIP file extraction, extraction via name signatures, etc.) — Windows-only
  • Multithreaded support
  • C++ wrapper classes
  • JNI bindings and data model classes
  • All non-set times are displayed as 0 instead of 1970.
  • Support for libewf v2
  • Only first file in split or E01 needs to be specified.
  • EnCase Hashset support in hash tools.
  • New table schema for loaddb database that supports more data types (carved, local files, etc.).

Download Version :
Windows : – (8.3 MB)
– (2.5 MB)
Unix/Linux : sleuthkit-4.0.0b1.tar.gz (2.8 MB)
Find Other Version |
Read more in here :