Brian Carrier just released a new version of his computer forensics tool kit *).
Changes on The Sleuth Kit (TSK):
- Bug Fixes
- Upgraded versions of AFFLIB and libewf to fix compile bugs.
- Extra warning messages are no longer printed when deleted FAT files cannot be recovered.
- Updates
- NTFS compressed file support (initial patch by I.D.E.A.L. Technology).
- Added more templates to sigfind.
- Added more DOS partition sanity checks.
- Changed method for displaying supported format types (kenshin).
- Modified library design and compile process.
You can download TSK from http://www.sleuthkit.org/sleuthkit/download.php.
*) The Sleuth Kit (TSK) is a collection of UNIX-based command line tools that allow you to investigate a computer. The current focus of the tools is the file and volume systems and TSK supports FAT, Ext2/3, NTFS, UFS, and ISO 9660 file systems.