Software update: Autopsy 4.14.0

The Sleuth Kit is a collection of forensic tools that can be used to take a closer look at the hard drive. It is possible to recover or partially view various deleted files. Autopsy is a graphical interface for this kit, and it runs on Linux, macOS and Windows. It is released under the Apache 2.0 license and is written in Java. For more information, please refer to this manual. The developers have released a new version with 4.14.0 as the version number. The following changes and improvements have been made in that version:

Specialized UIs:

• New File Discovery UI that allows you to search and filter for certain types of files. Works best with the Central Repository storing all of the hashes you’ve seen.
• New Map viewer that uses either Bing (when online) or offline map tiles.
• Communications UI shows country names for phone numbers and fixed bug in summary panel.
• Fixed bugs in timeline filtering.
• Refactored backend timeline filtering code based on The Sleuth Kit data model changes to remove JavaFX dependency.

Data Sources:

• Added limited support for APFS disk images. Does not include encrypted volumes or ones that span multiple disks. Uses contribution to The Sleuth Kit from Black Bag Technologies.
• New data source processor that parses “XRY File Exports”.

Content Viewers:

• Added a new “Context” viewer to show where a file came from. Currently shows what message a file was attached to or what URL a file was downloaded from.
• Added support to seek and change playback speed for videos in “Application” viewer.
• Improved support for Unicode HTML files in “Application” viewer.
• Added support for webp image files in “Application” viewer.

Ingest Modules:

• Keyword Search module uses Decodetect statistical encoding detection for plain text files. Fixes issues with incorrect detection of Japanese files.
• Embedded File Extractor module uses statistical analysis to determine encoding of file names in ZIP files. Fixes issues with ZIP files created on Windows Japanese computers.
• Solr (Keyword Search module) now uses Japanese-specific tokenization using Kuromoji.
• Fixed Shellbags module in RegRipper (used by Autopsy Recent Activity module) to fix parsing errors.
• Plaso module no longer generates an error if enabled for non-disk image data sources.
• Added support for message attachments that are stored as an external file system file. Expanded Email and Android modules to use this technique.

General:

• Fixed crashes by gstreamer when a video is selected.
• Added initial capability to delete a data source from a case (excludes data in the CR).
• Changed behavior of portable case menu item to automatically open the case and warn if it was already unpacked.
• Fixed bug that caused issues when case metadata had Unicode values.
• Added new Attachment APIs to the CommunicationsArtifactHelper class to support attachments stored as external file system files.