Autopsy: Autopsy 4.10.0

Autopsy 4.10.0 – New Features:

• Central Repository
• • Case Manager shows data source details
  • SSID, MAC address, IMEI, IMSI, and ICCID can be stored and correlated on
  • SSID, MAC address, IMEI, IMSI, and ICCID values from past cases are flagged if they are seen again in the current case.
  • File types can be specified when searching for common files with past cases.
  • Results from finding common files with past cases is now organized by case instead of by number of occurrences.
  • The Central Repository can now be searched for a specific value (hash, email, etc.)Central Repository
• The E01 Verifier ingest module was renamed to Data Source Integrity module and it will:
  • Calculate hashes if none exist for a non-E01 data source
  • Validate hashes if they are defined
• MD5, SHA1, or SHA256 hash values of raw data sources can now be specified when they are added.
• Added the ability for examiners to select the time zone for displaying dates.
• Tesseract OCR text extraction for keyword search now supports languages other than
  English, if language packs are installed.
• Custom headers and footers can now be added to HTML reports.
• New report module to export basic file data in CASE/UCO format.
• Ingest filter rules (for triage) can now specify a list of extensions (such as “jpg, jpeg, png”) instead of needing to make a rule for each extension.
• Image Gallery
• • Refactored to ensure database was fully closed when case was closed.
  • No longer pre-populate DrawableDB database.
  • Added caching to reduce time required to insert files after analysis.

Autopsy 4.10.0 – Bug Fixes:

• Duplicate interesting item and EXIF metadata artifacts are no longer created
  when you run the modules that generate them more than once.
• The Application content viewer now displays SQLite table column names even
  when the table is empty.
• Assorted small bug fixes are included.