autopsy-4.6.0

New Features:

• A new Message content viewer was added to make it easier to view email message contents.
• A new Communications interface was added to make it easier to find messages and relationships.
• Hash sets can be centrally stored and shared in the Central Repository.
• New Encryption Detection module that will flag possibly encrypted files.
• Can more easily run Autopsy from a USB drive and leave few traces on target system.
• Tag definitions now have a "notable" property. The Central Repository uses this to mark files as notable.
• Large slack files are now file typed.
• The maximum number of Solr connections and ingest threads have increased.
• Periodic keyword search will dynamically change based on how long queries are taking.
• Users can change the amount of memory allocated to the application.
• The amount of memory required for processing keyword hits has been reduced.
• Layout of HTML reports has been modified make it easier to open.
• "Databases" was added to File Type by Extension view.
• Users can now enter more information about cases including examiner, organization, etc.
• New dialog to open multi-user cases that allows for searching.
• Auto ingest metrics are collected and displayed in dashboard.
• Auto ingest module that extracts disk images from archive files.
• Keyword search has been made more responsive to both search and ingest job cancellation.
• Number of log files to keep before rollover is now configurable.
• Preliminary changes to make Linux and OS X builds easier.

Bug Fixes:

• Memory leaks and other issues revealed by fuzzing the SleuthKit have
  been fixed.
• Memory issues caused by Tika are fixed (by upgrading to 1.17)
• Assorted small enhancements and bug fixes are included.

Autopsy 4.5.0

• Memory usage has been reduced to improve support for very large cases.
• New central repository feature has been added that allows you to correlate between cases and track if an item was previously identified as being "bad" or notable.
• Message attachments are now associated with the message (and not just the source file). These can be found in the data sources and messages parts of the tree.
• Credit card number search has added logic to reduce false positives based on number lengths.
• Virtual directory nodes in the tree view are distinguished in the Data Sources tree by the addition of a "V" to their icon. These are folders that Autopsy/TSK created.
• A new version of the automated ingest dashboard has been added to allow insight into pending, running and completed automated ingest jobs in automated ingest Examiner mode.
• All occurrences of "Known Bad" in the user interface have been changed to "Notable."
• Assorted small enhancements and bug fixes are included.

Autopsy 4.4.1

• Beta version of new central repository feature has been added for correlating artifacts across
  cases; results are displayed using an Interesting Artifacts branch of the Interesting Items tree and an Other Data Sources content viewer.
• Results viewer (top right area of desktop application) sorts are persistent and can be applied to either the table viewer or the thumbnail viewer.
• The View Source File in Directory context menu item now works correctly.
• Tagged image files in the HTML report are now displayed full-size.
• Case deletion is now done using a Case menu item and both single-user and general (not auto ingest) multi-user cases can be deleted.
• Content viewers (bottom right area of desktop application) now resize correctly.
• Some potential deadlocks during ingest have been eliminated.
• Assorted performance improvements, enhancements, and bug fixes.

Autopsy 4.4.0

autopsy-4.4.0

4.4.0 Release