Log Forensics for Autopsy 1.3

Log Forensics for Autopsy consists of two Jython modules for The Sleuth Kit's Autopsy.

Tested in Autopsy 4.6.0.

Developed by Luís Andrade and João Silva under the guidance of Patrício Domingues and Miguel Frade.

Changelog:

1.3. (12th July 2018)

• Added Windows version to Reported programs.
• New UI for the file ingest module.
• User can now add, (de) activate, remove, clear, and save RegExs.
  • The file ingest module will search for these RegExs in .log files.
  • Each RegEx is validated on entry.
  • Counts occurrences per file.
  • Individual artifact for each custom RegEx.
• User can now disable the IP RegEx.
• RegEx information added to report (missing statistics).

1.2.

Changed chart positions, so there are no overlapping charts.
Added logging for execution times.
Refactoring.
Removal of useless files for the Zenodo version (.pyc, $py.class, Git files).
Separated log file artifacts, now each format has its own artifact (Ad hoc logs, WER files, etc).

1.1.

DFXML now saves as UTF-8 from the start, to avoid errors when generating the report because of certain characters.
Changed the position of some charts in the Excel report.
Removed the 'Windows log' attribute since it had no value.

1.0.

Initial LFA version