LiFTeR: Changes for sleuthkit
- September 6, 2023: sleuthkit{,-devel,-libs}-4.12.1-100.{fc36,fc37,fc38,el7,el8,amzn2}.x86_64.rpm and sleuthkit{,-devel,-libs}-4.12.1-100.el9.{x86_64,aarch64}.rpm -
The Sleuth Kit (TSK) is a library and collection of command line tools that allow you to investigate volume and file system data.
- May 31, 2023: sleuthkit{,-devel,-libs}-4.12.0-100.{fc35,fc36,el7,el8,amzn2}.x86_64.rpm and sleuthkit{,-devel,-libs}-4.12.0-100.el9.{x86_64,aarch64}.rpm -
The Sleuth Kit (TSK) is a library and collection of command line tools that allow you to investigate volume and file system data.
- May 18, 2022: sleuthkit{,-devel,-libs}-4.11.1-2.1.{fc33,fc34,fc35,el7,el8,el9,amzn2}.x86_64.rpm -
The Sleuth Kit (TSK) is a library and collection of command line tools that allow you to investigate volume and file system data.
The only change was to update the revision number due to the relase of revision 2 for Fedora 36.
- November 19, 2021: sleuthkit{,-devel,-libs}-4.11.1-1.1.{fc32,fc33,fc34,fc35,el7,el8}.x86_64.rpm -
The Sleuth Kit (TSK) is a library and collection of command line tools that allow you to investigate volume and file system data.
- August 4, 2021: sleuthkit{,-devel,-libs}-4.11.0-1.1.{fc32,fc33,fc34,el7,el8}.x86_64.rpm -
The Sleuth Kit (TSK) is a library and collection of command line tools that allow you to investigate volume and file system data.
- March 26, 2021: sleuthkit{,-devel,-libs}-4.10.2-1.1.{fc31,fc32,fc33,el7,el8}.x86_64.rpm -
The Sleuth Kit (TSK) is a library and collection of command line tools that allow you to investigate volume and file system data.
- December 4, 2020: sleuthkit{,-devel,-libs}-4.10.1-1.3.{fc31,fc32,fc33,el7,el8}.x86_64.rpm -
The Sleuth Kit (TSK) is a library and collection of command line tools that allow you to investigate volume and file system data.
This release attempts to correct an issue with the Sleuth Kit was build with the incorrect version of the Java Development packages.
Note that release 1.3 copies the /usr/share/java/sleuthkit-4.10.1.jar file to the correct place for Autopsy as found in LiFTeR which is /usr/autopsy/autopsy/modules/ext/sleuthkit-4.10.1.jar
If your version of Autopsy is installed in a different place, you will need to copy /usr/share/java/sleuthkit-4.10.1.jar to that place manually.
- November 25, 2020: sleuthkit{,-devel,-libs}-4.10.1-1.1.{fc31,fc32,fc33,el7,el8}.x86_64.rpm -
The Sleuth Kit (TSK) is a library and collection of command line tools that allow you to investigate volume and file system data.
- September 12, 2020: sleuthkit{,-devel,-libs}-4.10.0-1.1.{fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm and sleuthkit{,-devel,-libs}-4.10.0-1.1.{fc31,el7,el8}.x86_64.rpm -
The Sleuth Kit (TSK) is a library and collection of command line tools that allow you to investigate volume and file system data.
- May 8, 2020: sleuthkit{,-devel,-libs}-4.9.0-1.1.{fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm and sleuthkit{,-devel,-libs}-4.9.0-1.1.{fc31,el7,el8}.x86_64.rpm -
The Sleuth Kit (TSK) is a library and collection of command line tools that allow you to investigate volume and file system data.
- February 14, 2020: sleuthkit{,-devel,-libs}-4.8.0-1.1.{fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm and sleuthkit{,-devel,-libs}-4.8.0-1.1.{fc31,el7}.x86_64.rpm -
The Sleuth Kit (TSK) is a library and collection of command line tools that allow you to investigate volume and file system data.
Note that CentOS/RHEL 6 is no longer being udpated.
- August 23, 2019: sleuthkit{,-devel,-libs}-4.6.7-1.1.{fc25,fc26,fc27,fc28,fc29,fc30,el6}.{i686,x86_64}.rpm and sleuthkit{,-devel,-libs}-4.6.7-1.1.el7.x86_64.rpm -
The Sleuth Kit (TSK) is a library and collection of command line tools that allow you to investigate volume and file system data.
- June 14, 2019: sleuthkit{,-devel,-libs}-4.6.6-1.1.{fc25,fc26,fc27,fc28,fc29,fc30,el6}.{i686,x86_64}.rpm and sleuthkit{,-devel,-libs}-4.6.6-1.1.el7.x86_64.rpm -
The Sleuth Kit (TSK) is a library and collection of command line tools that allow you to investigate volume and file system data.
This version was built with a higher revision than that provided by Fedora.
- May 10, 2019: sleuthkit{,-devel,-libs}-4.6.6-1.{fc24,fc25,fc26,fc27,fc28,fc29,fc30,el6}.{i686,x86_64}.rpm and sleuthkit{,-devel,-libs}-4.6.6-1.el7.x86_64.rpm -
The Sleuth Kit (TSK) is a library and collection of command line tools that allow you to investigate volume and file system data.
See here for the changes since the last version (4.6.5) released to this repository.
- February 1, 2019: sleuthkit{,-devel,-libs}-4.6.5-1.{fc24,fc25,fc26,fc27,fc28,fc29,el6}.{i686,x86_64}.rpm and sleuthkit{,-devel,-libs}-4.6.5-1.el7.x86_64.rpm -
The Sleuth Kit (TSK) is a library and collection of command line tools that allow you to investigate volume and file system data.
See here for the changes since the last version (4.6.3) released to this repository.
- November 16, 2018: sleuthkit{,-devel,-libs}-4.6.4-1.{fc23,fc24,fc25,fc26,fc27,fc28,fc29,el6,el7}.{i686,x86_64}.rpm - The Sleuth Kit (TSK) is a
library and collection of command line tools that allow you to investigate volume and file system data.
See here for the changes since the last version (4.6.3) released to this repository.
- October 19, 2018: sleuthkit{,-devel,-libs}-4.6.3-1.{fc23,fc24,fc25,fc26,fc27,fc28,el6,el7}.{i686,x86_64}.rpm - The Sleuth Kit (TSK) is a
library and collection of command line tools that allow you to investigate volume and file system data.
See here for the changes since the last version (4.6.2) released to this repository.
- October 5, 2018: sleuthkit{,-devel,-libs}-4.6.2-2.{fc23,fc24,fc25,fc26,fc27,fc28,el6,el7}.{i686,x86_64}.rpm - The Sleuth Kit (TSK) is a
library and collection of command line tools that allow you to investigate volume and file system data.
See here for the changes since the last version (4.6.0) released to this repository.
- March 30, 2018: sleuthkit{,-devel,-libs}-4.6.0-3.{fc22,fc23,fc24,fc25,fc26,fc27,el6,el7}.{i686,x86_64}.rpm - The Sleuth Kit (TSK) is a
library and collection of command line tools that allow you to investigate volume and file system data.
See here for the changes since the last version (4.5.0) released to this repository.
In this release, the file /usr/share/java/sleuthkit-4.6.0.jar was moved from sleuthkit-devel to sleuthkit.
- March 1, 2018: sleuthkit{,-devel,-libs}-4.6.0-2.{fc22,fc23,fc24,fc25,fc26,fc27,el6,el7}.{i686,x86_64}.rpm - The Sleuth Kit (TSK) is a
library and collection of command line tools that allow you to investigate volume and file system data.
See here for the changes since the last version (4.5.0) released to this repository.
- January 5, 2018: sleuthkit{,-devel,-libs}-4.5.0-1.{fc22,fc23,fc24,fc25,fc26,fc27,el6,el7}.{i686,x86_64}.rpm - The Sleuth Kit (TSK) is a
library and collection of command line tools that allow you to investigate volume and file system data.
See here for the changes since the last version (4.4.2) released to this repository.
- October 6, 2017: sleuthkit{,-devel,-libs}-4.4.2-1.{fc21,fc22,fc23,fc24,fc25,fc26,el6,el7}.{i686,x86_64}.rpm - The Sleuth Kit (TSK) is a
library and collection of command line tools that allow you to investigate volume and file system data.
See here for the changes since the last version (4.4.1) released to this repository.
- June 14, 2017: sleuthkit{,-devel,-libs}-4.4.1-1.{fc20,fc21,fc22,fc23,fc24,fc25,el6,el7}.{i686,x86_64}.rpm - The Sleuth Kit (TSK) is a
library and collection of command line tools that allow you to investigate volume and file system data.
See here for the changes since the last version (4.4.0) released to this repository.
- April 7, 2017: sleuthkit{,-devel,-libs}-4.4.0-1.{fc20,fc21,fc22,fc23,fc24,fc25,el6,el7}.{i686,x86_64}.rpm - The Sleuth Kit (TSK) is a
library and collection of command line tools that allow you to investigate volume and file system data.
See here for the changes since the last version (4.3.0) released to this repository.
- July 22, 2016: sleuthkit{,-devel,-libs}-4.2.0-4.{fc20,fc21,fc22,fc23,fc24,el6,el7}.{i686,x86_64}.rpm - The Sleuth Kit (TSK) is a
library and collection of command line tools that allow you to investigate volume and file system data.
This release was brought up to current with the version of code in github dated 2016-07-18.
Also, the code for srch_strings was reverted to the 4.1.3 version, fixing the double free error.
- May 9, 2016: sleuthkit{,-devel,-libs}-4.2.0-4.{fc20,fc21,fc22,fc23,el6,el7}.{i686,x86_64}.rpm - The Sleuth Kit (TSK) is a
library and collection of command line tools that allow you to investigate volume and file system data.
This release was brought up to current with the version of code in github dated 2015-10-07.
Also, the code for srch_strings was reverted to the 4.1.3 version, fixing the double free error.
These packages have been installed in the forensics-test repository.
To use this repository, you will need to enable it with this command: sudo yum-config-manager --enable forensics-test.
Note: if you install libewf-2014060801 you will need this version of The Sleuth Kit.
- October 9, 2015: sleuthkit{,-devel,-libs}-4.2.0-2.{fc17,fc18,fc19,fc20,fc21,el6,el7}.{i686,x86_64}.rpm - The Sleuth Kit (TSK) is a library and collection of command line tools that allow you to investigate volume and file system data. This release was brought up to current with the version of code in github dated 2015-10-07. Also, the code for srch_strings was reverted to the 4.1.3 version, fixing the double free error.
- September 25, 2015: sleuthkit{,-devel,-libs}-4.2.0-1.{fc17,fc18,fc19,fc20,fc21,el6,el7}.{i686,x86_64}.rpm - The Sleuth Kit (TSK) is a library and collection of command line tools that allow you to investigate volume and file system data. See here for the list of changes in this release.
- Apr 17, 2015: sleuthkit{,-devel,-libs}-4.1.3-6.{fc17,fc18,fc19,fc20,fc21,el6,el7}.{i686,x86_64}.rpm - The Sleuth Kit (TSK) is a library and collection of command line tools that allow you to investigate volume and file system data. The changes from the previous version - 4.1.3-5 - was to add a patch to support pytsk for CentOS/RHEL 7. All other versions were updated to this release for consistency.
- November 21, 2014: sleuthkit{,-devel,-libs}-4.1.3-5.{fc17,fc18,fc19,fc20,el6,el7}.{i686,x86_64}.rpm - The Sleuth Kit (TSK) is a library and collection of command line tools that allow you to investigate volume and file system data. The changes from the previous version - 4.1.3-3 - was to add a correct fix for java bindings. Note that the version provided by Fedora - 4.1.3-4 - does not provide this support in the binary packages they provide nor can that support be added using their source packages.
- Support for Fedora 21 x86_64 architecture - The repository now supports Fedora 21 for the x86_64 CPU architecture. The cert-forensics-tool-release has been installed in the cert repository and all other packages have been installed in the forensics-test repository. As root, you will need to enable this repository in the /etc/yum.repos.d/cert-forensics-tools.repo file.
To install the CERT-Forensics-Tools package, it was necesary to run sudo yum erase protobuf-c first.
This repository was built with the Fedora 21 development repository and the Fedora 21 testing updates repository. When Fedora 21 is released, the CERT Forensics Tools repository will be entirely rebuilt using that distribution and support for the i686 architecture will be added at that time. If you find any problem with the packages in the CERT Linux Forensics Tools Repository, please send email to:
- April 7, 2014: sleuthkit{,-devel,-libs}-4.1.3-3.{fc17,fc18,fc19,fc20,el5,el6}.{i686,x86_64}.rpm - The Sleuth Kit (TSK) is a library and collection of command line tools that allow you to investigate volume and file system data. The changes from the previous version - 4.1.3-1 - are the following:
- Patch to support pytsk.
- Rebuilt with libewf-20140216
- February 12, 2014: sleuthkit{,-devel,-libs}-4.1.3-1.{fc17,fc18,fc19,fc20,el5,el6}.{i686,x86_64}.rpm - The Sleuth Kit (TSK) is a library and collection of command line tools that allow you to investigate volume and file system data. Here are the changes since 4.1.2:
- Fixed bug that could crash UFS/ExtX in inode_lookup
- More bounds checking in ISO9660 code
- Image layer bounds checking
- Update version of SQLITE-JDBC
- Changed how java loads navite libraries
- Config file for YAFFS2 spare area
- New method in image layer to return names
- Yaffs2 cleanup
- Escape all strings in SQLite database
- SQlite code uses NTTFS sequence number to match parent IDs
- November 8, 2013: sleuthkit{,-devel,-libs}-4.1.2-1.{fc15,fc16,fc17,fc18,el5,el6}.{i686,x86_64}.rpm - The Sleuth Kit (TSK) is a library and collection of command line tools that allow you to investigate volume and file system data. Here are the changes since 4.1.0:
- Core
- Fixed more visual studio projects to work on 64-bit
- Added FILE_SHARE_WRITE to all windows open calls
- Removed unused methods in CRC code that caused compile errors
- Added NTFS FNAME times to time2 struct in TSK_FS_META to make them easier to access -- should have done this a long time ago!
- fls -m and tsk_gettimes output NTFS FNAME times to output for timelines
- hfind with EnCase hashsets works when DB is specified (and not only index)
- TskAuto now goes into UNALLOC partitions by default too
- Added support to automatically find all Cellebrite raw dump files given the name of the first image
- Added 64-bit windows targets to VisualStudio files
- Added NTFS sequence to parent address in directory and directory itself
- Updated SQLite code to use sequence when finding parent object ID
- Java
- Added method to Image to perform sanity check on image sizes
- Java bindings JAR files now have native libraries in them
- Logical files are added with a transaction
- fiwalk
- Fixed compile error on Linux etc
- July 10, 2013: sleuthkit{,-devel,-libs}-4.1.0-1.{fc15,fc16,fc17,fc18,el5,el6}.{i686,x86_64}.rpm - The Sleuth Kit (TSK) is a library and collection of command line tools that allow you to investigate volume and file system data. Here are the changes since 4.0.2:
- Core
- Added YAFFS2 support (patch from viaForensics).
- Added Ext4 support (patch from kfairbanks)
- changed all include paths to be 'tsk' instead of 'tsk3' (IMPORTANT FOR ALL DEVELOPERS!)
- Framework
- Added Linux and MAC support.
- Added L01 support.
- Added APIs to find files by name, path and extension.
- Removed deprecated TskFile::getAttributes methods.
- moved code around for AutoBuild tool support.
- Java Bindings
- added DerivedFile datamodel support
- added a public method to Content to add ability to close() its tsk handle before the object is gc'd
- added faster skip() and random seek support to ReadContentInputStream
- refactored datamodel by pushing common methods up to AbstractFile
- fixed minor memory leaks
- improved regression testing framework for java bindings datamodel
- February 8, 2013: sleuthkit{,-devel,-libs}-4.0.2-1.{fc15,fc16,fc17,fc18,el5,el6}.{i686,x86_64}.rpm - The Sleuth Kit (TSK) is a library and collection of command line tools that allow you to investigate volume and file system data. Here are the changes since 4.0.1:
- New Features
- Added fiwalk tool from Simson. Not supported in Visual Studio yet.
- Bug Fixes
- Fixed fcat to work on NTFS files (still doesn't support ADS though).
- Fixed HFS+ support in tsk_loaddb / SQLite -- root directory was not added.
- NTFS code now looks at all MFT entries when listing directory contents. It used to only look at unallocated entries for orphan files. This fixes an image that had allocated files missing from the directory b-tree.
- NTFS code uses sequence number when searching MFT entries for all files.
- Libewf detection code change to support v2 API more reliably (ID: 3596212).
- NTFS $SII code could crash in rare cases if $SDS was multiple of block size.
- Framework
- Added new API to TskImgDB that returns the base name of an image.
- Numerous performance improvements to framework.
- Removed requirement in framework to specify module extension in pipeline configuration file.
- Added blackboard artifacts to represent both operating system and network service user accounts.
- Java Bindings
- added more APIs to find files by name, path and where clause
- added API to get currently processed dir when image is being added,
- added API to return specific types of children of image, volume system, volume, file system.
- moved more common methods up to Content interface
- deprecated context of blackboard attributes,
- deprecated SleuthkitCase.runQuery() and SleuthkitCase.closeRunQuery()
- fixed ReadContentInputStream bugs (ignoring offset into a buffer, implementing available() )
- methods that are lazy loading are now thread safe
- Hash class is now thread-safe
- use more PreparedStatements to improve performance
- changed source level from java 1.6 to 1.7
- Throw exceptions from C++ side better
- November 27, 2012: sleuthkit{,-devel,-libs}-4.0.1-1.{fc14,fc15,fc16,fc17,el5,el6}.{i386,x86_64}.rpm - The Sleuth Kit (TSK) is a library and collection of command line tools that allow you to investigate volume and file system data. Here are the changes since 3.2.3:
- New Features:
- Can open raw Windows devices with write mode sharing.
- More DOS partition types are displayed.
- Added fcat tool that takes in file name and exports content (equivalent to using ifind and icat together).
- Added new API to TskImgDB that returns hash value associated with carved files.
- Performance improvements with FAT code (maps and dir_add)
- Performance improvements with NTFS code (maps)
- Added AONLY flag to block_walk
- Updated blkls and blkcalc to use AONLY flag -- MUCH faster.
- Bug Fixes:
- Fixed mactime issue where it could choose the wrong timezone that did not follow daylight savings times.
- Fixed file size of alternate data streams in framework.
- Incorporated memory leak fixes and raw device fixes from ADF Solutions.
- October 19, 2012: sleuthkit{,-devel,-libs}-4.0.0-1.{fc14,fc15,fc16,fc17,el5,el6}.{i386,x86_64}.rpm - The Sleuth Kit (TSK) is a library and collection of command line tools that allow you to investigate volume and file system data. Here are the changes since 3.2.3:
- New Features:
- Added multithreaded support
- Added C++ wrapper classes
- Added JNI bindings / Java data model classes
- 3314047: Added utf8-specific versions of 'toid' methods for img,vs,fs types
- 3184429: More consistent printing of unset times (all zerso instead of 1970)
- New database design that allows for multiple images in the same database
- GPT volume system tries other sector sizes if first attempt fails.
- Added hash calculation and lookup to AutoDB and JNI.
- Upgraded SQLite to 3.7.9.
- Added Framework in (windows-only)
- EnCase hash support
- Libewf v2 support (it is now non-beta)
- First file in a raw split or E01 can be specified and the rest of the files are found.
- mactime displays times as 0 if the time is not set (isntead of 1970)
- Changed behavior of 'mactime -y' to use ISO8601 format.
- Updated HFS+ code from ATC-NY.
- FAT orphan file improvements to reduce false positives.
- TskAuto better reports errors.
- Upgrade build projects from Visual Studio 2008 to 2010.
- Bug Fixes:
- Relaxed checking when conflict exists between DOS and GPT partitions. Had a Mac image that was failing to resolve which partition table to use.
- October 12, 2011: sleuthkit{,-devel,-libs}-3.2.3-1.{fc12,fc13,fc14,fc15,el5,el6}.{i386,x86_64}.rpm - The Sleuth Kit (TSK) is a library and collection of command line tools that allow you to investigate volume and file system data. See the included NEWS.txt for a list of changes. Note that this version has been built using Version 2 of the libewf API.
- June 14, 2011: sleuthkit-{,devel,libs,debuginfo}-3.2.2-1.{fc11,fc12,fc13,fc14,fc15,el5}.{i686,x86_64}.rpm - The Sleuth Kit (TSK) is a library and collection of command line tools that allow you to investigate volume and file system data.
- March 1, 2011: sleuthkit-{,devel,libs,debuginfo}-3.2.1-1.fc1{1,2,3,4}.{i686,x86_64}.rpm - The The Sleuth Kit (TSK) is a library and collection of command line tools that allow you to investigate volume and file system data.
- November 11, 2010: sleuthkit-{,devel,libs,debuginfo}-3.2.0-1.fc1{1,2,3,4}.{i686,x86_64}.rpm - The The Sleuth Kit (TSK) is a library and collection of command line tools that allow you to investigate volume and file system data.
- July 23, 2010: sleuthkit-{,devel,libs,debuginfo}-3.1.3-1.fc1{0,1,2,3}.{i686,x86_64}.rpm - The Sleuthkit (TSK) is a library and collection of command line tools that allow you to investigate volume and file system data.
- June 11, 2010: sleuthkit-{,devel,libs,debuginfo}-3.1.2-1.fc1{0,1,2,3}.{i686,x86_64}.rpm - The Sleuthkit (TSK) is a library and collection of command line tools that allow you to investigate volume and file system data.
- October 9, 2015: sleuthkit{,-devel,-libs}-4.2.0-2.{fc17,fc18,fc19,fc20,fc21,el6,el7}.{i686,x86_64}.rpm - The Sleuth Kit (TSK) is a library and collection of command line tools that allow you to investigate volume and file system data. This release was brought up to current with the version of code in github dated 2015-10-07. Also, the code for srch_strings was reverted to the 4.1.3 version, fixing the double free error.