sleuthkit - The Sleuth Kit (TSK)

License: CPL and IBM and GPLv2+
The Sleuth Kit (TSK) is a collection of UNIX-based command line tools that
allow you to investigate a computer. The current focus of the tools is the
file and volume systems and TSK supports FAT, Ext2/3, NTFS, UFS,
and ISO 9660 file systems


sleuthkit-4.1.2-1.fc16.x86_64 [270 KiB] Changelog by Lawrence R. Rogers (2013-09-25):
- Release 4.1.2-1
	- Fixed more visual studio projects to work on 64-bit

	- added method to Image to perform sanity check on image sizes.

	- Fixed compile error on Linux etc.

	---------------- VERSION 4.1.1 --------------
	- Added FILE_SHARE_WRITE to all windows open calls.
	- removed unused methods in CRC code that caused compile errors.
	- Added NTFS FNAME times to time2 struct in TSK_FS_META to make them 
	  easier to access -- should have done this a long time ago!
	- fls -m and tsk_gettimes output NTFS FNAME times to output for timelines.
	- hfind with EnCase hashsets works when DB is specified (and not only index)
	- TskAuto now goes into UNALLOC partitions by default too. 
	- Added support to automatically find all Cellebrite raw dump files given
	  the name of the first image. 
	- Added 64-bit windows targets to VisualStudio files.
	- Added NTFS sequence to parent address in directory and directory itself.
	- Updated SQLite code to use sequence when finding parent object ID.

	- Java bindings JAR files now have native libraries in them. 
	- Logical files are added with a transaction
sleuthkit-4.1.0-1.fc16.x86_64 [266 KiB] Changelog by Lawrence R. Rogers (2013-06-17):
- Release 4.1.0-1
	- Added YAFFS2 support (patch from viaForensics).
	- Added Ext4 support (patch from kfairbanks)
	- changed all include paths to be 'tsk' instead of 'tsk3'

	- Added Linux and MAC support.
	- Added L01 support.
	- Added APIs to find files by name, path and extension.
	- Removed deprecated TskFile::getAttributes methods.
	- moved code around for AutoBuild tool support.

	Java Bindings:
	- added DerivedFile datamodel support
	- added a public method to Content to add ability to close() its tsk handle before the object is gc'd
	- added faster skip() and random seek support to ReadContentInputStream
	- refactored datamodel by pushing common methods up to AbstractFile
	- fixed minor memory leaks
	- improved regression testing framework for java bindings datamodel
sleuthkit-3.2.3-1.fc16.x86_64 [186 KiB] Changelog by Brian Carrier 3.2.3-1 (2011-10-10):
- Release 3.2.3-1
	New Features:
	- new TskAuto method (handleNotification()) that gets verbose messages that allow for debugging when the class makes decisions.
	- DOS partitions are loaded even if an extended partition fails to load
	- new TskAuto::findFilesInFs(TSK_FS_INFO *) method
	- Need to only specify first E01 file and the rest are found
	- Changed docs license to non-commercial
	- Unicode conversion routines fix invalid UTF-16 text during conversion
	- Added '-d' to tsk_recover to specify directory to recover

	Bug Fixes:
	- Added check to fatfs_open to compare first sectors of FAT if we used backup boot sector and verify it is FAT32.
	- More checks to make sure that FAT short names are valid ASCII
	- 3406523: Mactime size sanity check
	- 3393960: hfind reading of Windows input file
	- 3316603: Error reading last blocks of RAW CD images
	- Fixed bugs in how directories and files were detected in TskAuto
	Built to use libewf-alpha, the Version 2 interface

Listing created by Repoview-0.6.6-1.el6