Version 2.07 of The Sleuth Kit has been released. Several bugs have been fixed and the tool has been adopted to the latest versions of AFFlib and libewf . The package for the Microsoft Windows platform also has been updated.
Category "Lab"
Jens Kirschner released templates for WinHex editor and X-Ways Forensics to parse structures of ReiserFS 4.veröffentlicht. Among others the collection contains templates to parse the superblock, node header, item header and directory entries.
While copying storage media one usually documents certain information like vendor name, make, drive serial number and storage capacity. Tableau Disk Manager is a new software which can help to speed up the process.
Continue reading Tableau Disk Monitor.
Jesse Kornblum just released the first publicly available version of his new program SSdeep. SSdeep detects similarities between files based on hash values.
Continue reading SSdeep Version 1.1.
As previously noted, a binary reconstructed from a memory dump may not match with the original file on disk. This raises the question how hash creation and file authentication procedures must be changed in order to provide this functionality.
Continue reading Authenticating a Reconstructed Binary.
Version 2.05 of the Sleuth Kit has been released. It now supports NTFS compression for files and folders.
I recently reported the availability of a new version of MANDIANT First Response. The program looked interesting to me, so I promised to take a closer look. Now, here are the results.
Continue reading First Experience with First Response.
In a press release AccessData announces that version 2.0 of its Forensic Tool Kit (FTK) will be based on an Oracle database.
Continue reading FTK 2.0 will be based on Oracle Database.
NIST has released six hardware write block test reports.
Continue reading NIST tests write blockers.
