applications/system

sleuthkit - The Sleuth Kit (TSK)

Website: http://www.sleuthkit.org
License: CPL and IBM and GPLv2+
Description:
The Sleuth Kit (TSK) is a collection of UNIX-based command line tools that
allow you to investigate a computer. The current focus of the tools is the
file and volume systems and TSK supports FAT, Ext2/3, NTFS, UFS,
and ISO 9660 file systems

Packages

sleuthkit-4.6.4-1.fc26.i686 [1.7 MiB] Changelog by Lawrence R. Rogers (2018-11-09):
- Release 4.6.4-1
	Java Code:
		Increase max statements in database to prevent errors under load
		Have a max timeout for SQLite retries
sleuthkit-4.6.3-1.fc26.i686 [1.7 MiB] Changelog by Lawrence R. Rogers (2018-10-14):
- Release 4.6.3-1
	C/C++ Code:
		Hashdb bug fixes for corrupt indexes and 0 hashes
		New code for testing power of number in ExtX code
	Java Code:
		New class that allows generic database access
		New methods that check for duplicate artifacts
		Added caches for frequently used content
	Database Schema:
		Added Examiner table
		Tags are now associated with Examiners
		Changed parent_path for logical files to be consistent with FS files.
sleuthkit-4.6.2-2.fc26.i686 [1.7 MiB] Changelog by Lawrence R. Rogers (2018-10-03):
- Release 4.6.2-2
	Built with Java support. Release number is greater than the release for Fedora 28 and 27.
sleuthkit-4.6.0-3.fc26.i686 [1.7 MiB] Changelog by Lawrence R. Rogers (2018-03-28):
- Release 4.6.0-3
	Moved sleuthkit-4.6.0.jar from sleuthkit-devel package to sleuthkit package.
sleuthkit-4.6.0-2.fc26.i686 [1.2 MiB] Changelog by Lawrence R. Rogers (2018-02-28):
- Release 4.6.0-2
	Removed patches from PyTSK.
sleuthkit-4.6.0-1.fc26.i686 [1.2 MiB] Changelog by Lawrence R. Rogers (2018-02-21):
- Release 4.6.0-1
	- New Features
		- New Communications related Java classes and database tables.
		- Java build updates for Autopsy Linux build
		- Blackboard artifacts are now Content objects in Java and part of tsk_objects table in database.
		- Increased cache sizes.
		- Lots of bounds checking fixes from Google's fuzzing tests.  Thanks Google.
		- HFS fix from uckelman-sf.
sleuthkit-4.5.0-1.fc26.i686 [1.2 MiB] Changelog by Lawrence R. Rogers (2017-10-15):
- Release 4.5.0-1

	- New Features:
		- Support for LZVN compressed HFS files (from Joel Uckelman)
		- Use sector size from E01 (helps with 4k sector sizes)
		- More specific version number of DB schema
		- New Local Directory type in DB to differentiate with Virtual Directories
		- All blackboard artifacts in DB are now 'content'. Attachments can now be children of their parent message.
		- Added extension as a column in tsk_files table.

	- Bug Fixes:
		- Faster resolving of HFS hard links
		- Lots of fixes from Google Fuzzing efforts.
sleuthkit-4.4.2-1.fc26.i686 [1.2 MiB] Changelog by Lawrence R. Rogers (2017-08-07):
- Release 4.4.2-1

	- New Features:
		- usnjls tool for NTFS USN log (from noxdafox)
		- Added index to mime type column in DB
		- Use local SQLite3 if it exists (from uckelman-sf)
		- Blackboard Artifacts have a shortDescription metho

	- Bug Fixes:
		- Fix for highest HFS+ inum lookup (from uckelman-sf)
		- Fix ISO9660 crash
		- various performance fixes and added thread safety checks
sleuthkit-4.4.1-1.fc26.i686 [1.8 MiB] Changelog by Lawrence R. Rogers (2017-05-30):
- Release 4.4.1-1
	- New Features:
		-- Can create a sparse VHD file when reading a local drive with new
		   IMAGE_WRITER structure. Currently being used by Autopsy, but no TSK
		   command line tools.

	- Bug fixes:
		-- Lots of cleanup and fixes. Including:
			-- memory leaks
			-- UTF8 and UTF16 cleanup 
			-- Missing NTFS files (in fairly rare cases)
			-- Really long folder structures and database inserts

Listing created by Repoview-0.6.6-1.el6