Daily Blog #298: ANJP New Beta Release

ANJP New Beta Release by David Cowen - Hacking Exposed Computer Forensics Blog

Hello Reader,
         I normally announce new beta releases on the Forensic Lunch and then just write up whats new in a mailing to the beta testers, but seeing as how the beta is almost over I thought I'd make a post out of it. Each version we put out adds more features we've never thought of previously, or didn't think we could do so quickly.

This release we are adding the following:

New Features
  • Bug fixes that effect log2timeline formatting, and exports.
  • Select the events you want to run.
  • Event processing improvements.
  • Add file lists to search for files in MFT via the new Event Selection window.
    • ​File lists are added as an MFT event.
    • The file list can be searched for as insensitive, or sensitive with each file name in the list treated as a string, or a perl regex, and you have the option to search against just the names or the full path names.
  • Options for Cluster Size and MFT Entry Size (if these are not correct, path name enumeration for full path will be skewed during the LogFile Processing. Default is Cluster Size of 4096 and Entry Size of 1024)
  • Column names are displayed with easy to understand names in report view.
  • Filter options in the report view (you can also right click a value in a cell and click 'Filter By Value' for a short cut).

Events Included
LogFile:
  • File Creations
  • File Deletions
  • File Renames and Moves
  • LNK File Deletions
  • Prefetch Deletions
  • Executable Renames
  • Executables in Temp Directories
  • CD Burn Artifacts

USN:
  • Creations
  • Deletions
  • Renames
  • LNK Deletions
  • Prefetch Deletions
  • Executable Renames
  • Executables in Temp Directories


For future releases we are working on:
  • GUI Rule creator/validator
  • Support for multiple mfts/logfiles/usns for one custodian
  • Support for live systems
  • MySQL Support
  • MSSQL Support
  • Oracle Support
  • PostgresSQL Support
  • Full disk image access via http://search.cpan.org/~wsdookadr/Tsk/
        Expect some blog posts on the usage of this in the future, we are funding the development of this perl XS implementation of libtsk and giving it back to the community as an open source CPAN module.

and more! We have a lot of plans to really turn this into one of your core tools in the toolkit while trying not to overlap the functionality that you are already using. You can voice your support by buying a license in the future.

Sound interesting? Signup for the beta here and download a copy.
 https://docs.google.com/forms/d/1GzOMe-QHtB12ZnI4ZTjLA06DJP6ZScXngO42ZDGIpR0/viewform?usp=send_form
 Existing beta testers you can expect to receive the link in your email this afternoon!

Also Read: Daily Blog #297

Post a Comment