Change log 3.1.1 (Nov 4, 2014)
– New time line feature
– New Interesting Files module
– Added support for Python modules
– Updated HTML report
– Media Content viewer uses blackboard artifacts and detects PNG by sig.
– New logo
– Bug Fixes:
– Adding local disk errors
– ZIP files inside of RAR files are properly extracted
Autopsy® is a digital forensics platform and graphical interface to The Sleuth Kit® and other digital forensics tools. It can be used by law enforcement, military, and corporate examiners to investigate what happened on a computer. You can even use it to recover photos from your camera’s memory card
Autopsy features :
– Timeline Analysis: Displays system events in a graphical interface to help identify activity.
– Keyword Search: Text extraction and index searched modules enable you to find files that mention specific terms and find regular expression patterns.
– Web Artifacts: Extracts web activity from common browsers to help identify user activity.
– Registry Analysis: Uses RegRipper to identify recently accessed documents and USB devices.
– LNK File Analysis: Identifies short cuts and accessed documents
– Email Analysis: Parses MBOX format messages, such as Thunderbird.
– EXIF: Extracts geo location and camera information from JPEG files.
– File Type Sorting: Group files by their type to find all images or documents.
– Media Playback: View videos and images in the application and not require an external viewer.
– Thumbnail viewer: Displays thumbnail of images to help quick view pictures.
– Robust File System Analysis: Support for common file systems, including NTFS, FAT12, FAT16, FAT32, HFS+, ISO9660 (CD-ROM), Ext2, Ext3, and UFS from The Sleuth Kit.
– Hash Set Filtering: Filter out known good files using NSRL and flag known bad files using custom hashsets in HashKeeper, md5sum, and EnCase formats.
– Tags: Tag files with arbitrary tag names, such as ‘bookmark’ or ‘suspicious’, and add comments.
– Unicode Strings Extraction: Extracts strings from unallocated space and unknown file types in many languages (Arabic, Chinese, Japanese, etc.).
Download Version :
autopsy-3.1.1-64bit.msi (298.1 MB)
autopsy-3.1.1-32bit.msi (294.1 MB)
source : http://www.sleuthkit.org/autopsy/index.php
Our Post Before : http://seclist.us/update-autopsy-forensic-browser-for-windows-v-3-1-0.html