Announcement

Collapse
No announcement yet.

OSF V1.2 Alpha / Beta release

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • OSF V1.2 Alpha / Beta release

    We are pleased to announce a beta release of V1.2 of OSF. We are expecting to get the final release done within the next week or two.

    Current Version
    Update 31/Aug/2012: It's done, V1.2 is no longer in beta. You can get the final release from the download page.

    Download Page
    http://www.osforensics.com/download.html

    What's New
    The following is a summary of what has changed in V1.2 compared to V1.1.

    Major changes
    • Support for Apple Mac file systems. Including HFS+ as used in Mac, iPhone, iPod and iPad. So it is now possible to view & investigate files from a Mac or iPhone on your windows machine with OSForensics. Includes changes to,
      • Indexer
      • File viewer
      • Raw disk viewer
      • Device manager

    • Support for Linux file systems. Including EXT2, EXT3, EXT4. Includes changes most modules in OSF.
    • SQLite database viewer is now included in the OSF package. This is useful for looking into database files created by several applications on the iPhone and also by Firefox.
    • Added support for APM partition scheme (Apple Partition Map)
    • Updated RecentActivity Module to display Browser information for when querying Unbutu machines images.
    • Added firefox form history retriveal to the recent activity
    • Made CSV import into hash sets a significantly more robust and added better documentation.
    • Changed regular expression searching in search index to use a slower algorithm, but it is more able to execute complex regexes.
    • Deleted file search now supports hash set lookup and displays icons for status.
    • Internal file viewer supports right-click functionality for deleted files (Open/Hash lookup/Add to case)


    Minor changes
    • Changed progress bar in Create Index to complete with 100% instead of 0%
    • Fixed Registry Viewer to use custom file selection dialog. Making it easier to view registry files with directly accessing an image file.
    • Help file updates
    • Fixed vmdk crash bug
    • Added a maximum limit for # of items in cache to prevent allocation of an abnormally large amount of RAM at startup by Thumbnail view.
    • Fixed handle/memory leaks causing potential crash in Thumbnail view.
    • Fixed crash when closing OSF when search is running in raw disk viewer
    • Changed double click of thumbnail in Image tab of "Search Index" to open in internal viewer
    • Extended vshadow executable timeout to 2 minutes for slow machines
    • Fixed a crash when a case with no indexes was selected and the "Browse Index" tab was clicked on.
    • Fixed a possible crash when using the scroll wheel in the recent activity window
    • Added cookie name and content to CSV export of cookies
    • Added cookie content to information displayed in the recent activiy window and included in the TXT and HTML exports
    • Fixed bug opening fileset from hash lookup dialog after first sorting
    • Can now sort by whether or not the file is in the hash set in deleted file search
    • The 'Include Special Characters' checkbox in the hex viewer settings is now functional
    • Changed 2GB max file size limit for indexing to 4GB
    • Fixed possible crash when adding file to case in free version in deleted files module
    • Fix possible crash problem when indexing PST files.
    • Fixed icons in "File List" tab for OSF devices



  • #2
    No support for .E01 images yet ??

    Comment


    • #3
      They have been supported for some time now, at least when they were using FAT32 or NTFS as the file system.

      This release will add support for HFS+, EXT2/3/4 in .E01 and .AFF images (as well as raw dd images)

      Comment


      • #4
        Alpha 2 is now available. Download details in the initial post (above) have been updated.

        Differences from Alpha 1 are,
        - Bug fix for indexing of drive images using direct access with multiple partitions where the 1st partition isn't being indexed.
        - Changes to support WinPE for a up coming self boot option.

        Comment


        • #5
          Alpha 2 is crashing while opening and email message from an index search. The error indicated to send the dump file in the OSforensics folder. Is that the file you want? It's just shy of 90MB.

          Comment


          • #6
            It is probably it yes. How big is it if you zip it up?

            What type of file was it (.PST, .EML, .MBOX, etc..)?

            What would be better however would be to get a copy of the E-mail archive file that didn't open. (e.g. inbox.pst). Reproducing the problem here with the original file if going to be a much more efficient debugging method than a crash dump. Crash dumps only help about 30% of the time, where as there is probably near 100% chance it can be fixed once we can reproduce the problem.

            Comment


            • #7
              You can FTP upload the crash dump to us. It will be too big for E-mail.

              We have anonymous ftp at,
              ftp://www.passmark.com
              You can drop things into the incoming folder.

              Note that you can't list files or download files from the incoming folder, but you should still be able to upload when using a real FTP client (not a browser).

              Comment


              • #8
                Alpha 3 has just be released.

                The download link above has been updated.

                Changes from the last Alpha are,

                • Fix for stemming of German words in index. This bug prevented some German words with accents being searchable if stemming was enabled.
                • Fixed crash bug with "type to find" in "Browse Index" tab. Previously scrolling the word list in the dictionary browse index function using key presses could cause a crash.
                • Several fixes for OSX file system support, including mounting of physical OSX drives.
                • Can now image drives to .E01, .AFF format, in addition to dd format. The compression level can now also be selected (None, Fast compression, Best compression).
                • Can now image partitions without drive letters or without recognized file systems.

                Comment


                • #9
                  Beta 1 has just be released.

                  The download link above has been updated.

                  Changes from the Alpha are,

                  • Additional advanced indexing options to allow the user to select the type of content to be indexed. The user can now, for example, choose to just index document meta data without indexing the document content.
                  • Sector number and byte offset are now displayed in the list of caved files in the undeleted files module.
                  • Sorting by bookmarks is now available from the File name search function.
                  • The normally hidden NTFS MFT Modify Date field is now exposed. You can see it as an extra column in the File System browser for example. Note that this is a different value from the "Modified date" that is normally associated with a file and displayed in Windows Explorer.
                  • The time line function in the File Name Search module can now generate a timeline based on different sets of dates. e.g. you can do a time line on file creation date or modified date. Previously the timeline always used modified date.
                  • From the Manage Case module it is now possible to right click on a bookmark and add the bookmarked file directly to the case.
                  • In the drive imaging function there is now a new Restore Image tab. This tab allows a disk image to to restored back to a physical drive. This might be useful if you want to attempt to boot a disk image from a physical drive.
                  • From the search index module you can now right click on a word in the Browse Index tab and search for the word in the index and add it to the case in a single step.
                  • You can now export a list of words from the index as CSV via the Browse Index tab.

                  Comment


                  • #10
                    All very handy additions.

                    Comment


                    • #11
                      Beta 2 has just be released.

                      The download link above has been updated. This mainly a collection of minor bug fixes on the new functionality introduced in V1.2

                      Changes from the Beta 1 are,

                      • New Indexer builds fixes bugs with indexing of filenames and titles when they are disabled in config. In Beta 1 file names were indexed even if the user asked for them not to be indexed.
                      • Fixed a number of bugs with adding bookmarked files to the case via right click on bookmark from the manage case window.
                      • Allowed multi-select when adding bookmarked files to case. Previously only 1 file could be done at a time.
                      • Allowed multi-select when changing bookmark colors. Previously only 1 bookmark could be done at a time.
                      • Added Export to CSV options to history tab in search index
                      • Changed list on search index history tab to allow multiple selection.
                      • Fixed a possible crash when switching to the search index / browse index tab after opening a case with no indexes, the previously open index could still be displayed.
                      • Fixed a crash when typing a letter when the listview in Browse Index tab had focus but the open case had no indexes.
                      • Fixed progress bar being at 100% when initializing indexing sessions after the first one (was not being initialized at start of indexing, only start of window creation)
                      • File system browser - sorting by column click now works for access date and any extra date fields (if applicable, depending on file system and mount method)
                      • Internal viewer - Added extra date fields to 'File Info' tab for "Attribute Modify Date" in HFS and NTFS MFT Modify Date.
                      • File Name Search - When results are filtered via timeline, the date filter used is displayed above the tabs.
                      • File Name Search - Configuration window now has filters for 'Access Date' and any extra date fields (if applicable)
                      • File Name Search - Added new sorting criteria (access date and extra date field) to combo box
                      • Added support for hidden "Attribute Modify Date" field in Apple Mac HFS file system.

                      Comment


                      • #12
                        Beta 3 has just be released.

                        The download link above has been updated. This was just a single bug fix.

                        Changes from the Beta 2 are,

                        • Bug fix in the case management window that prevented items in the case being opened. This was a new bug accidentally introduced in Beta 2.

                        Comment


                        • #13
                          I don't think it is working quite right.

                          For instance, I have several lists saved in .html and .csv formats. Double clicking on the file opens the document in the internal viewer instead of a web browser or a spreadsheet program. There is no right click option to choose the application I want to use to open the list.

                          For "Files" the double click behavior is the same as for Lists = the internal viewer. However, I have the option in right click to choose to open the file with an external viewer.

                          Comment


                          • #14
                            Same for emails. Double clicking opens up the regular internal viewer, not the email viewer.

                            Comment


                            • #15
                              You are correct, this is not ideal.
                              We'll fix it up.

                              Comment

                              Working...
                              X