Nova Versão do Autopsy – 4.10.0

Ontem, dia 15 de janeiro de 2019 foi lançada a nova versão do Autopsy 4.10.0 – O Autopsy® é um programa fácil de usar, baseado em GUI, que permite analisar com eficiência discos rígidos e smart phones. Ele possui uma arquitetura de plug-in que permite encontrar módulos complementares ou desenvolver módulos personalizados em Java ou Python.

Para nós, falantes da da língua portuguesa, uma boa novidade que é que o tesseract permite agora outros idiomas para busca de imagens com OCR.

Novidades:

• Central Repository
  • Case Manager shows data source details
  • SSID, MAC address, IMEI, IMSI, and ICCID can be stored and correlated on
  • SSID, MAC address, IMEI, IMSI, and ICCID values from past cases are flagged if they are seen again in the current case.
  • File types can be specified when searching for common files with past cases.
  • Results from finding common files with past cases is now organized by case instead of by number of occurrences.
  • The Central Repository can now be searched for a specific value (hash, email, etc.)
• The E01 Verifier ingest module was renamed to Data Source Integrity module and it will:
  • Calculate hashes if none exist for a non-E01 data source
  • Validate hashes if they are defined
• MD5, SHA1, or SHA256 hash values of raw data sources can now be specified when they are added.
• Added the ability for examiners to select the time zone for displaying dates.
• Tesseract OCR text extraction for keyword search now supports languages other than English, if language packs are installed.
• Custom headers and footers can now be added to HTML reports.
• New report module to export basic file data in CASE/UCO format.
• Ingest filter rules (for triage) can now specify a list of extensions (such as “jpg,jpeg,png”) instead of needing to make a rule for each extension.
• Image Gallery
  • Refactored to ensure database was fully closed when case was closed.
  • No longer pre-populate DrawableDB database.
  • Added caching to reduce time required to insert files after analysis.

Correções:

• Duplicate interesting item and EXIF metadata artifacts are no longer created when you run the modules that generate them more than once.
• The Application content viewer now displays SQLite table column names even when the table is empty.
• Assorted small bug fixes are included.