C/C++ Code:

• First release of new logical imager tool
• VHD image writer fixes for out of space scenarios

Java:

• Expand Communications Manager API
• Performance improvement for SleuthkitCase.addLocalFile()

C/C++ Code:

• Acquisition details are set in DB for E01 files
• Fix NTFS decompression issue (from Joe Sylve)
• Image reading fix when cache fails (Joe Sylve)
• Fix HFS+ issue with large catalog files (Joe Sylve)
• Fix free memory issue in srch_strings (Derrick Karpo)

Java:

• Fix so that local files can be relative
• More Blackboard artifacts and attributes for web data
• Added methods to CaseDbManager to enable checking for and modifying tables.
• APIs to get and set acquisition details
• Added methods to add volume and file systems to database
• Added method to add LayoutFile for allocated files
• Changed handling of JNI handles to better support multiple cases

C/C++ Code:

• HFS boundary check fix

Java Code:

• New artifacts and attributes defined
• Fixed bug in SleuthkitCase.getContentById() for data sources
• Fixed bug in LayoutFile.read() that could allow reading past end of file

Case Database Schema

• New fields for hash values and acquisition details in case database
• Store "created schema version" in case database

This release has no changes to the command line tools or C/C++ libraries. It is being done only to support the Autopsy 4.9.1 release.

Java Code:

• Increase max statements in database to prevent errors under load
• Have a max timeout for SQLite retries

C/C++ Code:

• Hashdb bug fixes for corrupt indexes and 0 hashes
• New code for testing power of number in ExtX code

Java Code:

• New class that allows generic database access
• New methods that check for duplicate artifacts
• Added caches for frequently used content

Database Schema:

• Added Examiner table
• Tags are now associated with Examiners
• Changed parent_path for logical files to be consistent with FS files.

C/C++ Code:

• Various compiler warning fixes
• Added small delay into image writer to not starve other threads

Java:

• Added more locking to ensure that handles were not closed while other threads were using them.
• Added APIs to support more queries by data source
• Added memory-based caching when detecting if an object has children or not.

C/C++ Code:

• Lots of bounds checking fixes from Google's fuzzing tests. Thanks Google.
• Cleanup and fixes from uckelman-sf and others
• PostgreSQL, libvhdi, & libvmdk are supported for Linux / OS X
• Fixed display of NTFS GUID in istat - report from Eric Zimmerman.
• NTFS istat shows details about all FILE_NAME attributes, not just the first. report from Eric Zimmerman.

Java:

• Reports can be URLs
• Reports are Content
• Added APIs for graph view of communications
• JNI library is extracted to name with user name in it to avoid conflicts

Database:

• Version upgraded from to 8.0 because Reports are now Content

New Features

• New Communications related Java classes and database tables.
• Java build updates for Autopsy Linux build
• Blackboard artifacts are now Content objects in Java and part of tsk_objects table in database.
• Increased cache sizes.
• Lots of bounds checking fixes from Google's fuzzing tests. Thanks Google.
• HFS fix from uckelman-sf.

New Features:

• Support for LZVN compressed HFS files (from Joel Uckelman)
• Use sector size from E01 (helps with 4k sector sizes)
• More specific version number of DB schema
• New Local Directory type in DB to differentiate with Virtual Directories
• All blackboard artifacts in DB are now 'content'. Attachments can now be children of their parent message.
• Added extension as a column in tsk_files table.

Bug Fixes:

• Faster resolving of HFS hard links
• Lots of fixes from Google Fuzzing efforts.

New Features:

• usnjls tool for NTFS USN log (from noxdafox)
• Added index to mime type column in DB
• Use local SQLite3 if it exists (from uckelman-sf)
• Blackboard Artifacts have a shortDescription metho

Bug Fixes:

• Fix for highest HFS+ inum lookup (from uckelman-sf)
• Fix ISO9660 crash
• various performance fixes and added thread safety checks