LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Weekly Edition

Return to the Security page

Recent Features

LWN.net Weekly Edition for May 24, 2012

A uTouch architecture introduction

LWN.net Weekly Edition for May 17, 2012

Tasting the Ice Cream Sandwich

Highlights from the PostgreSQL 9.2 beta

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

TASK 1.50 & Autopsy 1.60 release

[Posted July 23, 2002 by dennis]

From:  Brian Carrier <bcarrier@atstake.com>
To:  sectools@securityfocus.com
Subject:  TASK 1.50 & Autopsy 1.60 release
Date:  Mon, 22 Jul 2002 18:51:46 -0400

The @stake Sleuth Kit (TASK) 1.50 (with NTFS Support) and Autopsy 1.60
are now available.  


DESCRIPTION:
The @stake Sleuth Kit (TASK) and Autopsy Forensic Browser are an open
source alternative to the common Windows-based digital forensic tools.
Autopsy provides an investigator with an HTML-based graphical interface
that allows one to browse images from compromised systems in a "File
Manager"-like interface.  Windows and UNIX file systems can be analyzed
to view deleted files, create time lines of file activity, and perform
key word searches.

Unique Features:
- Add notes or comments to any file, directory, inode, MFT entry, or
  cluster.  The notes can be later viewed along with the object that
  the note refers to.  

- Non-intrusive remote analysis of a live UNIX system. The tools can be
  burnt onto a CD and run on a suspect system.  The Incident Responder
  analyzes the system with an HTML browser on his or her laptop. No file
  time stamps are modified during the analysis.

- Open design using "Best Practices" for Forensic Analysis and Incident
  Response:  
  - All tools are open source so that anyone can verify the code and
    customize them.
  - All files generated by Autopsy have an MD5 value calculated so
    that they can be verified as the investigation progresses.
  - No proprietary formats are used.  Raw partition images and standard
    tools such as 'strings' and 'grep' are used.
  - The graphical interface is separate from the command line file
    system tools so that one is always free to use the command line
    if the GUI does not do something that he or she wants to.
  - ASCII audit log of actions that are performed on the image. 

TASK is a collection of open source, command line tools based on The
Coroner's Toolkit (TCT) and TCTUTILs.  Using these tools, an investigator
can view the details of NTFS, FAT, FFS, and EXT2FS file systems.
TASK gives an investigator access to details that other tools do not,
which can be used for advanced file recovery.  TASK is the only open
source collection of tools for both Windows and UNIX file systems that
allow one to view both allocated and unallocated files.


DOWNLOAD & ADDITIONAL INFORMATION:
    TASK:     http://www.atstake.com/research/tools/task/index.html
    Autopsy:  http://www.atstake.com/research/tools/autopsy/index.html


MAILING LISTS:
Mailing lists have been established on SourceForge for user discussions
and future announcements.  

    http://sourceforge.net/mail/?group_id=55685

brian
(Log in to post comments)

Copyright © 2002, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds