Tuesday, September 05, 2006

What's new

Thought I'd take a moment to post some new items that I've run across, just this morning...

First, I was checking email this morning and I found that I had a comment to an older post to my blog about Brian Carrier's The Sleuth Kit...a while back I'd mentioned that I had it running on my XP system. I did that by following the instructions listed here (at the very bottom). Well, it turns out that as of 1 Sept, there are Windows executables of the tools available. This is something I definitely need to try out! Thanks to Brian for providing these. If you're going to run it, though, make sure to read the readme files that come with the archive, so that you understand the limitations of the tools.

You might also want to check out Zeitline, a forensic timeline editor from CERIAS. Zeitline is based on Java/Swing.

The listing over at E-Evidence.info was updated yesterday, and there's a lot of neat stuff listed. I love checking this site out every month, as it takes me about a month to get completely through everything.

Addendum 6 Sept: A couple of sites have picked up on the new TSK tools compiled for Windows (Andreas, SANS). I emailed Brian yesterday because after looking at Autopsy, it's clear that I would still need to compile Autopsy via Cygwin. So, for now, installing the entire thing via Cygwin is probably the way to go.


Anonymous said...

You forgot to mention Andreas Schuster's PTFinder update, with support for output in XML.

- Rossetoecioccolato.

H. Carvey said...


I didn't forget.