Sleuthkit 2.04 and Autopsy 2.07 published

Autopsy and Sleuthkit Logo

New versions from Sleuthkit & Autopsy.

Brian Carrier published new versions from his outstandig open source forensics tools.

Sleuthkit 2.04 has the following bugfixes and new features (taken from changelog):

  • Bug Fixes
    • Verbose statement in img_open could cause a crash (Wyatt Banks).
    • NTFS sanity check improvements (Wyatt Banks)
    • Indirect blocks for Ext2 and UFS were not found (reported by Bernhard Reiter)
    • File names in UFS and Ext may not be shown if first entry is unallocated (reported by John Langezaal)
  • Updates
    • Expert Witness (EnCase) image file support using libewf (Joachim Metz and Robert Jan Mora).
    • Advanced File Format image file support using AFFLIB (Simson Garfinkel).
    • ISO 9660 file system support (Wyatt Banks, Crucial Security)
    • mmls now displays the unpartitioned space at end of disk (suggested by Wyatt Banks).
    • New img_cat tool to output the raw contents of an image file.
    • Improved internal error handling for library usage.
    • New internal flag FS_FLAG_DATA_RES to show resident data during a file walk.
    • The file system byte offset is now passed to the file system code instead of imgtools, this allows for better library usage.

Autopsy 2.07 has the following bugfixes and new features (taken from changelog):

  • Bug Fixes:
    • incorrect variable name fix .
  • Updates
    • Support for Expert Witness and AFF file formats
    • Support for ISO9660 file systems
    • Hex view for file analysis

You can download Autopsy and Sleuthkit from .