Features/Requests for Next Release of Autopsy

Autopsy Feature Requests
1

As the next release of Autopsy will happen soon here is a preview of what changes there are:

General

  • Update Java to version 17
  • Update Netbeans platform

Recent Activity Updates:

  • Check For Malicious Chrome Extensions

Ingest Module Updates:

  • Update aLeapp/iLeapp executables.
  • Inline Keyword Search

GUI Updates:

  • Add has attachments flag for email’s
  • Add ability to delete a logical file/path from logical file
    from the DSP before it is run.
  • Add ability to add timestamps when adding localfiles as a data source

Bugs:

  • Fix path for lnk files
  • Fix exporting of CSV files

Misc:

  • Update JNA Version
  • Update SQLite library version
  • Add export for Pasco

As we look at the next release what are features/requests that anyone is looking for. Here is your opportunity to help shape this great open source tool for the future. You can either reply to this topic or DM me. I will compile the list and report back what the requests are. All help is appreciated.

Mark

2 Likes
2

Hi Mark,

Thank you for your great work on this project.

I suggest the development team to take a look at open Pull Requests created by the community, some of them have very important fixes, but they are stale for months… From my side, they are:

The tackled issues can affect Autopsy and other tools depending on Sleuthkit library.

Best regards,
Luís Nassif

1 Like
3

Thanks, I will add this to the list.

4

Hi Luis,

All four (4) of your PR’s were just merged in so those should be all set. Thanks for submitting them.

Kind regards.

Mark

5

Hi, most of the machines we are examinig are from Microsoft or Apple, nevertheless, we have more and more Linux to do. We find Linux machines on VM (quite a lot, actually), or like one our the lab last, on machine system. And a lot of activists, or people who do not trust companies like Apple or Microsoft are using Linux. Don’t you all think we could think about a module to parse informations on Linux machines? Couldn’t it be interresting for the next Autopsy version?
Thanks for the great job done! Bravo les gars!

1 Like
6

That is a great idea. So to expand on that there could be a module that is part of recent activity that parses Linux artifacts. The question is then what artifacts. The current Chromium artifacts can be easily modified to look at Linux. Other artifacts could also be parsed as well. Just need a list of then that you are looking for.

Mark

7

Thanks @Mark_McKinnon. It’s nice to receive feedback on contributions from the project, it encourages contributors to continue contributing.

By the way, I submitted another one (#2834) to sleuthkit repo, very very small (just one line), if you have time to take a look.

Best regards,
Luís

8

Hi Mark,
I thought few things could help reporting as such as, for exemple, last modifications, install time, OS type (full one, and architecture), machine owner, language, machine name, users (number, names, …), last system shut down, time location (and summer/winter time), partitions structures and types, connected devices, bash history, recent activity, last docs, …
And of course the browsers, the emails, and all the stuff.
Thanks for the interest…

9

Will take a look at it, thanks for you contributions.