|
1 | 1 | ---------------- VERSION 4.6.0 -------------- |
2 | | -- A new Message content viewer has been added to the content viewers section of |
3 | | -the main application window to provide an examiner with tabs for looking at: |
4 | | -message headers; content as raw text, HTML, or RTF; and attachments. |
5 | | -- A new Communications tool has been added to the Tools menu to supply an |
6 | | -examiner with a separate three part view consisting of: a filtered, tabular |
7 | | -display of the various accounts (email, Facebook, Twitter, etc.) discovered by |
8 | | -the ingest modules, a tabular view of the messages exchanged between the |
9 | | -accounts, and a Message content viewer for the individual messages. |
10 | | -- Hash sets may now be stored either locally or in the Central Repository. |
11 | | -- An ingest module that uses file entropy to flag possibly encrypted files has |
12 | | -been added as a core file-level ingest module. |
13 | | -- The file names and organization of HTML reports have been changed to make it |
14 | | -easier to find and open these reports outside of the application. |
15 | | -- The version of Tika used by the application has been upgraded to version 1.17 |
16 | | -and the amount of memory consumed by Tika has been reduced significantly by |
17 | | -configuring it to use the new SAX parsers exclusively. |
18 | | -- A live triage feature has been added that copies the application executable to |
19 | | -a USB drive that can then be used for live analysis of another system. |
| 2 | +New Features: |
| 3 | +- A new Message content viewer was added to make it easier to view email message contents. |
| 4 | +- A new Communications interface was added to make it easier to find messages and relationships. |
| 5 | +- Hash sets can be centrally stored and shared in the Central Repository. |
| 6 | +- New Encryption Detection module that will flag possibly encrypted files. |
| 7 | +- Can more easily run Autopsy from a USB drive and leave few traces on target system. |
| 8 | +- Tag definitions now have a "notable" property. The Central Repository uses this to mark files as notable. |
| 9 | +- Large slack files are now file typed. |
| 10 | +- The maximum number of Solr connections and ingest threads have increased. |
| 11 | +- Periodic keyword search will dynamically change based on how long queries are taking. |
| 12 | +- Users can change the amount of memory allocated to the application. |
| 13 | +- The amount of memory required for processing keyword hits has been reduced. |
| 14 | +- Layout of HTML reports has been modified make it easier to open. |
| 15 | +- "Databases" was added to File Type by Extension view. |
| 16 | +- Users can now enter more information about cases including examiner, organization, etc. |
| 17 | +- New dialog to open multi-user cases that allows for searching. |
| 18 | +- Auto ingest metrics are collected and displayed in dashboard. |
| 19 | +- Auto ingest module that extracts disk images from archive files. |
| 20 | +- Keyword search has been made more responsive to both search and ingest job cancellation. |
| 21 | +- Number of log files to keep before rollover is now configurable. |
| 22 | +- Preliminary changes to make Linux and OS X builds easier. |
| 23 | + |
| 24 | +Bug Fixes: |
20 | 25 | - Memory leaks and other issues revealed by fuzzing the SleuthKit have |
21 | 26 | been fixed. |
22 | | -- The number of application log files generated before log rollover is now |
23 | | -user-configurable to enable retention of more logs to better support enterprise |
24 | | -installations that are running auto ingest. |
25 | | -- Preliminary build file and code changes aimed at supporting easy creation of |
26 | | -Linux and OS-X binary distribution packages are in place. |
27 | | -- Better typing of larger slack files has been added to the file type detection |
28 | | -ingest module. |
29 | | -- The maximum number of Solr connections and the maximum number of |
30 | | -file ingest threads allowed have both been increased. |
31 | | -- The default setting for JVM memory for 64-bit Windows installations has been |
32 | | -increased to 4 GB, and the user can adjust the JVM memory setting via the |
33 | | -Application options panel. |
34 | | -- The embedded file extractor now uses Tika for new form MS Office documents, |
35 | | -which dramatically reduces the memory required for processing Excel spreadsheets. |
36 | | -- The amount of memory required for processing keyword hits has been reduced. |
37 | | -- Periodic keyword search during ingest now has logic to dynamically increase |
38 | | -the interval between searches when searches are taking longer than the |
39 | | -user-configured periodic search interval to complete, thus preventing continuous |
40 | | -searching. |
41 | | -- Keyword search has been made more responsive to both search and ingest job |
42 | | -cancellation. |
43 | | -- The use of the terminology "known bad" has been replaced by "notable." |
44 | | -- Tag definitions now have a "notable" property indicating that tagged content |
45 | | -and results should be marked as notable in the Central Repository. |
46 | | -- Users can now enter more information about cases including examiner contact |
47 | | -info, organization info, and notes. |
48 | | -- A new "Databases" category has been added to the Views, File Types, By |
49 | | -Extension ree. |
50 | | -- Examiner mode for an enterprise installation no longer requires a restart and |
51 | | -a single dialog that lists all multi-user cases is provided; selecting a row in |
52 | | -the dialog and beginning to type opens a search box that allows an examiner to |
53 | | -search for cases by name, etc., and the columns in the tabular view presented by |
54 | | -the dialog can be reordered or hidden. |
55 | | -- An auto ingest data source processor that extracts data sources from archive |
56 | | -files specified as data sources via auto ingest job manifests has been added. |
57 | | -- Auto ingest job metrics are collected and can be displayed for a |
58 | | -user-specified time period using a button on either the auto dashboard or the |
59 | | -auto ingest control panel. |
60 | | -- Sorting by columns has been added to both the auto ingest control panel and |
61 | | -the auto ingest dashboard. |
62 | | -- The row highlight color for tagged items in the Results table view has been |
63 | | -changed for better visibility. |
| 27 | +- Memory issues caused by Tika are fixed (by upgrading to 1.17) |
64 | 28 | - Assorted small enhancements and bug fixes are included. |
65 | 29 |
|
| 30 | + |
66 | 31 | ---------------- VERSION 4.5.0 -------------- |
67 | 32 | - Memory usage has been reduced to improve support for very large cases. |
68 | 33 | - The central repository and correlation engine introduced in version 4.4.1 have |
|
0 commit comments