#669704 autopsy: package new upstream release 3.0.0b2 (now 2.24 from 2010)

#669704#5
Date:
2012-04-21 09:43:59 UTC
From:
To:
Please package new upstream release:

http://sourceforge.net/projects/autopsy/files/

#669704#10
Date:
2013-03-06 22:43:10 UTC
From:
To:
Thank you for maintaining this package. Could you package the latest
upstream release?

The following releases have occured since this bug was originally filed:
---------------- VERSION 3.0.4 --------------

New features:
- Results and files can be tagged with custom tags and reported on them.
- New notification area for error reporting (bottom right).

Improvements:
- Tweaked memory settings to eliminate out-of-memory errors.
- Faster application launch time.
- Netbeans RCP upgrade from 7.2.1 to 7.3
- Upgrade from Java 6 to Java 7

Bugfixes:
- fixed DLL dependency version issue causing Autopsy not to launch on
some systems
- fixed bug when keyword search ingest would search also images
previously ingested, creating duplicate results
- fixed crash and hang in html and excel report generation, due to
special characters present
- fixed cancellation when creating file or result bookmark
- fixed text not being extracted and searched from all MS Office
documents  (such as docx, xlsx and pptx extensions)
- fixed Exif meta-data extraction in Exif ingest module
---------------- VERSION 3.0.3 -------------- *Note: Due to major changes in Keyword search module indexing this release is not fully backward compatible. As a workaround, you will need to rebuild index by re-running Keyword Search ingest on Cases created with previous versions. Improvements: - Upgrade to Solr4.0 / Tika 1.2: Improved performance and highlighting - Remake of reporting UI and functionality - Significant increase in reporting speed - New option to keep the most specific file viewer (default) or the lastly used viewer active. Bugfixes: - Fixed bug that caused the ends of large amounts of text to not be indexed (occurs mostly in unallocated space). - Fix scrolling to first keyword hit when Text View is first loaded - Imported keyword lists are now always enabled for ingest by default
---------------- VERSION 3.0.2 -------------- New features: - Extraction of all unallocated blocks as a single file - Results bookmarks with comments and basic bookmark reporting - Hashkeeper hash database support Improvements: - File Ingest: minimized file queuing time and memory usage, also improving ingest stability - Jump to arbitrary page in Thumbnail View - Add Image Wizard - better work-flow, better device size reporting, info on currently processed directory - Reporting: reorganized columns, sorted by 1st column, added logo, better styling Bugfixes: - fixed periodic keyword search during ingest, when it would only search max. 2 times - fixed Downloads "target" in Recent Activity - fixed missing hash and keyword search hits in reports - fixed deselecting NSRL database for hash ingest
---------------- VERSION 3.0.1 -------------- New features: - Physical and logical disk devices discovery in Add image wizard Improvements: - Significant performance improvements when adding images. - Slight improvements in UI performance for large number of results. - Improved stability when running ingest on multiple images. - Removed limit on number of results displayed. - Thumbnail viewer - added paging and removed limit of images. - Better HTML report navigation, handling large reports better. - Netbeans RCP upgrade from 7.2 to 7.2.1 - Build scripts enhancements to include module version tracking. Bugfixes: - Fixed reading content from multiple file attributes (NTFS, HFS). - Add Extract action to Unalloc content file nodes (per file). - Fixes bugs with case re-opening. - UI fix for keyword search box when case is changed. - Enable user to select any image file extension when opening image. - Thunderbird parser module fixes. - Reporting fixes: added missing artifacts (keyword search, hash hits, file bookmarks).
---------------- VERSION 3.0.0 -------------- New features: - Using Sleuthkit 4.0.0 - Integrated plugin installer. - New options menu to globally access module options. - Added custom ingest module loader and ingest module auto-discovery Improvements: - Updated ingest framework APIs. - Merged the main modules into Autopsy-Core and Autopsy-CoreLibs. - Improved logging infrastructure. - Improved configuration infrastructure. - Keyword search: upgraded Lucene from 34 to 36. - Build system improvements. - Updated documentation. Bugfixes: - UI selection fix in Content and Result viewer - UI fixes in Hash Database and Keyword Search options. - Excel report export produced corrupt files sometimes. - Fix for Keyword Search sometimes not property initializing when application starts. 3.0.0b5 (September 12, 2012) New features: - Added international string extraction from unknown file types. - Removed size limitations of large files for keyword searching. - Added full html parsing and extraction (including comments, scripts, meta tags, etc). - Added support for indexing and searching disk images that have no volume and file system. - Solr (3.6.1) and Tika (1.0) upgrade. - Search a file by hash GUI feature and search other files with same hash. - Web search query text extraction from popular search engines. - Exif metadata extraction from jpeg files. - Netbeans RCP platform upgrade (7.2). - Basic file bookmarks support. - Body file report. - Improved UI. - Updated Ingest Module API. Bugfixes: - Keyword search memory usage improvements. - Directory tree now shows which directories have no children before user clicks. - Fixed bug when recent cases would not get updated. - Fixed a bug when sometimes a case would get deleted. - Fixed occasional Media View crashes. 3.0.0b4 (June 29, 2012) Funded by US Army Intelligence Center of Excellence (USAICoE): New Features: - MBOX parsing - Better lnk file parsing Bug Fixes: - Included needed jar file for Recent Activity (Issue #52). - Fixed error handling from ingest (Issue #53).
#669704#15
Date:
2014-03-13 14:44:00 UTC
From:
To:
Hello,

since there has not been any progress on this bug for over a year (and
no new versions for the package itself for over 3.5 years, despite
upsteam activity), I kindly ask the Debian Forensics team to adopt the
autopsy package, if resources permit. The current maintainer has stated
a lack of time to maintain it in Bug#669705 (almost two years ago), but
hasn't given it up for adoption yet.

The DF team already maintains sleuthkit, and its new version is not
compatible anymore with the available autopsy version (both in testing
and unstable). E.g., sleuthkit now resides in /usr/share/tsk and not
/usr/share/tsk3.3 , and several binaries provided by sleuthkit dropped
the "-sleuthkit" suffix (e.g., icat-sleuthkit was renamed to icat).
Since upstream is the same for both packages, using the newest upstream
release of autopsy should solve this inconsistencies.

I am subscribed to the bug, if there is any help or preparation work
that can be done as a non-DM, don't hesitate to contact me.

Kind regards and thanks for your work,
Fabian

#669704#20
Date:
2014-03-13 15:21:07 UTC
From:
To:
Hello again,

after a bit more research, it seems the new 3.x branch of autopsy is
windows only unfortunately. It seems the last linux version was indeed
2.24 .

I will look into which modifications are necessary to get it to run with
the current sleuthkit.

Kind regards,
Fabian

#669704#25
Date:
2014-03-14 14:14:53 UTC
From:
To:
Hy Fabian,

Thanks a lot for your message. I contacted Lorenzo (current autopsy
maintainer) in february and I will evaluate the autopsy, in two or
three weeks.
The intent is put autopsy under Forensics Team and Lorenzo agrees. The
main problem is the new autopsy versions were tested by the upstream
over Windows only. So, I need to check it in Debian.

I will send news soon. Have a nice day!

Regards,

Eriberto


2014-03-13 11:44 GMT-03:00 Fabian Grünbichler
<fabian.gruenbichler@tuwien.ac.at>:

#669704#30
Date:
2022-06-17 17:27:10 UTC
From:
To:
The current version is 4.19, and has a new home,
https://github.com/sleuthkit/autopsy.  There is a downloadable version for
Linux at https://www.autopsy.com/download/, and some semi-encouraging news
about using it on Linux:

Here's the start of BUILDING.txt

                  Last Updated: 5 August 2020

This file outlines what it takes to build Autopsy from source.

Note that it currently only works out-of-the-box on Windows.  We
are working on getting the process working under non-Windows systems.
It generally works, but needs some custom mangling to find the
correct C libraries.

So if the fact there wasn't a Linux version was the hangup, perhaps that helps.




- -- System Information:
Debian Release: 11.3
  APT prefers stable-security
  APT policy: (500, 'stable-security'), (500, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 5.10.0-15-amd64 (SMP w/8 CPU threads)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE,
TAINT_UNSIGNED_MODULE
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not
set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages autopsy depends on:
ii  binutils   2.35.2-2
ii  perl       5.32.1-4+deb11u2
ii  sleuthkit  4.10.1+dfsg-1

autopsy recommends no packages.

autopsy suggests no packages.
-----BEGIN PGP SIGNATURE-----

iQFSBAEBCgA8FiEEreS674/HIyV9gBfdnAYPmOsbK2AFAmKsuUkeHHJvc3Nib3ls
YW5Ac3RhbmZvcmRhbHVtbmkub3JnAAoJEJwGD5jrGytgLP8H/1tOdnNS4jH+CZ96
i9R3T/u272C8v04e5NmAIpJtsyrg2Ew+lPIG3sgLXDe5QBgu5+DpjptWchGSubN5
Dj6t+Hgh+VuuWj1ycW1AMDpMf14dHFQBNCR8zXBec3PAwPKO6dKZ2W5HBAI5k/31
BSJYIzISP2FA0O5HoD0pOHpxr7wB2P1/LxE7XTghWhGP2d8KXWEg/AYjomBGo5or
1dHl35wuf2Q+iUN3K3TahR4LK5h7lvTCcsxr7tiJH0Ia0GK29FVSKIq6R7h0/4nm
vmolcz/77rhIOa96+HkTUhlX/TY6oEBMm2AZ5MrfZ9UCssVeYkOv7c1GgKZfUFoC
jy0NclA=
=yZg2
-----END PGP SIGNATURE-----