Brian Carrier
Brian Carrier
We are going to add in rules to flag when cloud storage / sync apps are found. These will be rules in the Interesting Files module. Here is our initial...
Make a thumbs.db /thumbcache parser as part of an ingest module that detects the files and creates derived files that contain the thumbnails. These thumbnails should then be processed by...
I'm making this issue to track progress on making a package for Linux. Last time this was discussed, there were some Java build issues that needed to be resolved. But,...
The Facebook app on Windows 10 uses SQLIte databases to store user info. An Autopsy ingest module could parse those databases and create associated artifacts. See http://computerforensicsblog.champlain.edu/2015/04/01/windows-10-facebook-forensics/
We are going to add in rules to flag when encryption apps are found. These will be rules in the Interesting Files module. Here is our initial list of apps:...
We should have a module that integrates an anit-virus solution. Files that are found to have viruses should have a TSK_MALWARE_DETECTED attribute added in the blackboard.
At a conference, someone requested a more powerful hex viewer in the lower right (content viewer) that allowed the user to highlight some data and it would do conversions like...
The keyword search module allows you to search for text, but not non-text values (i.e. a hex search). This feature is to add a new module to do so. Could...
I ran a regression test on some non-public images and compared with the previous release. The time stamps as reported by 'fls' and 'ils' are off by 4 hours. Because...
I compiled develop on my Mac and tried to run tsk_loaddb as part of a regression test script I have. $ ./tsk_loaddb test.img dyld[24410]: Missing symbol called zsh: abort. ./tsk_loaddb...