Brian Carrierr released version 2.07 of his file system analysis tool The Sleuthkit:
There are a lot of updates and bug fixes. The summarized list is below. The executive summary is that there are new flags for ils to find orphan files and new flags for dls to specify allocation status.There were a lot of internal updates as well. There were a few NTFS bug fixes as well and a sorter fix for Cygwin.
Updates in version 2.07:
- Added ‚-p‘ flag to ils to find orphan files
- Added ‚-a‘ and ‚-A‘ flags to dls to specify allocation status
- Detect and prevent infinite loops in corrupt directories and FAT files.
- Updated AFFLIB, libewf, and file
- improved FAT dentry detection (check size)
- new internal fs_read_file()
- Windows visual studio files included with source code
- cleaned up error reporting code
- added caching to FAT code.
- Added a NULL check to fs_inode_free (Michael Cohen)
- Improved ifind_path code so that allocated names are given priority (Dave Collett)
Bug Fixes in version 2.07:
- NTFS compression bug with corrupt data
- sanity check to dcat_lib in case the requested number of blocks was too big.
- fs_data lookup bug fixes by Dave Collett.
- sorter does not clear path so it can run under Cygwin
- Memory leak fixes in FAT and NTFS.
You can download The Sleuthkit here