Release 0.5.31 published
The C++ API's module mobius::filesystem navigates through the file systems using libtsk. Big performance improvement to the module mobius::imagefile::ewf. Minor improvements have been made and a few bugs have been fixed. See the ChangeLog file for a complete list of changes. Other changes are:
- C++ API: new module mobius::disk
- C++ API: new class mobius::filesystem::entry
- C++ API: new class mobius::metadata
- Python API: new module mobius.disk
- Python API: new class mobius.filesystem.entry
- configure.ac: libtsk is now mandatory
- gtk-ui: lazy update implemented to viewselector
- New tool dirfs implemented
Release 0.5.30 published
The new C++ API's module mobius::filesystem detects and retrieves metadata from Ext2/3/4, HFS+ and HFSX, ISO-9660, NTFS and VFAT filesystems. Minor improvements have been made and a few bugs have been fixed. See the ChangeLog file for a complete list of changes. Other changes are:
- New extension filesystem-viewer shows all filesystems detected from disks and their metadata
- C++ API: new function mobius::filesystem::get_filesystems
- C++ API: new function mobius::filesystem::get_filesystem_metadata
- Python API: new function mobius.api.get_filesystems
- Python API: new generic dataholder class api_dataholder
- New tool filesystem_scan implemented
Release 0.5.29 published
This release adds support to DOS partitions, GPT partitions and Apple Partition Map partitions. Minor improvements have been made and a few bugs have been fixed. See the ChangeLog file for a complete list of changes. Other changes are:
- C++ API: new module mobius::partition
- C++ API: added support to DOS partition system
- C++ API: added support to GPT partition system
- C++ API: added support to APM partition system
- python API: new package mobius.api
- datasource-physical-device: uses mobius.api.device and get_devices
- datasource-physical-device: does not need package python_gudev anymore
- tools: new partition_table tool
Release 0.5.28 published
This release features many C++ API new implementations: support to both MD5 hash and to Adler-32 CRC has been added, as well as write support to EWF imagefiles. Minor improvements have been made and a few bugs have been fixed. See the ChangeLog file for a complete list of changes. Other changes are:
- new extension gtk-report-dialog
- datasource-model: does not set empty attributes
- new ewf_decoder tool
- C++ API: new module mobius::imagefile::ewf
- C++ API: new module mobius::codec
- C++ API: new hash function mobius::crypt::hash_md5
- C++ API: new hash function mobius::crypt::hash_adler32
- C++ API: several new functions implemented into datetime module
- C++ API: new template class mobius::crypt::hash_functor evaluates hashes in parallel to reading or writing data
Release 0.5.27 published
This release features the lshw-agent extension, which reads an output from the command lshw -xml and creates notebooks/computer items and their components, such as network cards, harddisks, graphic cards. Minor improvements have been made and a few bugs have been fixed. See the ChangeLog file for a complete list of changes. Other changes are:
- C++ API: new module mobius::core
- C++ API: new module mobius::decoder
- C++ API: new module mobius::database
- C++ API: imagefile_ewf handles 64-bit number of sectors
- C++ API: application class compatible with XDG Base Directory Specification
- config dir now default to $HOME/.config/mobiusft
- Python API: new class mobius.core.application
- Extensions use base64.b64decode instead of string.decode
- hive: detects NTUSER.DAT on Win10
- tools: new tool device_list
- tools: new tool disk_list
Release 0.5.26 published
This release adds imagefile classes both to the C++ API and to the Python API, supporting raw, split, talon, solo, dossier and ewf files. Minor improvements have been made and a few bugs have been fixed. See the ChangeLog file for a complete list of changes. Other changes are:
- C++ API: new string functions
- C++ API: zlib_compress and zlib_decompress functions
- new extension hive-shareaza-report
- new extension hive-gigatribe-report
- new hive report: Shareaza General Info
- new hive report: Shareaza User Folders
- new hive report: Shareaza Protocols
- new hive report: Shareaza Search History
- attribute-viewer: retrieve item's children on DND
- tools: new tool imagefile_info
- tools: new tool imagefile_convert
Release 0.5.25 published
This release adds new classes both to the C++ API and to the Python API. Minor improvements have been made and a few bugs have been fixed. See the ChangeLog:
- C++ API: charset conversion functions implemented (mobius/charset.h)
- C++ API: new class mobius::io::resource
- C++ API: new class mobius::io::file
- C++ API: new class mobius::io::folder
- C++ API: new class mobius::io::reader
- C++ API: new class mobius::io::writer
- C++ API: new class mobius::system::group
- C++ API: new class mobius::system::user
- python API: new class mobius.io.file
- python API: new class mobius.io.folder
- python API: new class mobius.io.reader
- python API: new class mobius.io.writer
- part-catalogue: show confirmation dialog before inserting new part
- imagefile-ewf: handle disk section
- imagefile-ewf: handle done section
- uri extension eliminated
- uri-file extension eliminated
- configure.ac: fixed bug when libtsk is not available.
Release 0.5.24 published
This release adds new classes both to the C++ API and to the Python API. Minor improvements have been made and a few bugs have been fixed. See the ChangeLog:
- C++ API: new class mobius::io::uri
- C++ API: new class mobius::io::reader (abstract class)
- C++ API: new class mobius::io::seekable_reader (abstract class)
- C++ API: new class mobius::io::file_descriptor_reader
- C++ API: new class mobius::io::file_reader
- C++ API: new class mobius::io::uri_reader
- C++ API: new class mobius::datetime::date
- C++ API: new class mobius::datetime::time
- C++ API: new class mobius::datetime::datetime
- C++ API: new class mobius::datetime::timedelta
- C++ API: new functions at mobius::datetime::conv_iso_string.h
- C++ API: new functions at mobius::datetime::conv_julian.h
- C++ API: new functions at mobius::datetime::conv_nt_timestamp.h
- C++ API: new functions at mobius::datetime::conv_unix_timestamp.h
- C++ API: mobius::hash_crc32 using precalculated CRC table
- C++ API: new class mobius::crypt::cipher_base (abstract class)
- C++ API: new class mobius::regex
- C++ API: mobius/exception_posix.h for errno based exceptions
- python API: new package mobius.io
- python API: new class mobius.io.uri_reader
- part-model: use sqlite3 database
- cellphone-agent: datetime parsing bug fixed
- data-sourcerer: check if datasource is available on populate_metadata
Release 0.5.23 published
This release adds new classes both to the C++ API and to the Python API. Minor improvements have been made and a few bugs have been fixed. See the ChangeLog:
- C++ API: new class mobius::unittest
- C++ API: new class mobius::bytearray
- C++ API: new class mobius::crypt::hash_base (abstract class)
- C++ API: new class mobius::crypt::hash_crc32
- C++ API: new class mobius::crypt::hash_zip
- C++ API: new class mobius::crypt::cipher_block (abstract class)
- C++ API: new class mobius::crypt::cipher_block_mode (abstract class)
- C++ API: new class mobius::crypt::cipher_block_mode_ecb
- C++ API: new class mobius::crypt::cipher_block_mode_cbc
- C++ API: new class mobius::crypt::cipher_des
- C++ API: new class mobius::crypt::cipher_stream (abstract class)
- C++ API: new class mobius::crypt::cipher_rc4
- C++ API: new class mobius::crypt::cipher_zip
- C++ API: new class mobius::application
- C++ API: code compatible with C++11
- python API: new wrapper class mobius.crypt.hash_zip
- python API: new wrapper class mobius.crypt.cipher_rc4
- python API: new wrapper class mobius.crypt.cipher_zip
- python API: new wrapper class mobius.crypt.cipher_des
- hive-report: use mobius.crypt.cipher_rc4
- hive-report: use mobius.crypt.cipher_des
- hive-report: new report "encrypted volumes" lists Folder Locker 6 volumes
- hive-pstore: use mobius.crypt.cipher_des
- hive-turing: use mobius.crypt.cipher_rc4
- hive-turing: use mobius.crypt.cipher_des
- turing-model: use mobius.crypt.cipher_des
New tutorial available: Cracking Windows passwords with MobiusFT and JTR
This tutorial was previously available as a section of the Mobius Forensic Toolkit tutorial. Click here to see it.
Release 0.5.22 published
This release introduces the Mobius Forensic Toolkit API, an API written in C++ with Python bindings. Minor improvements have been made and a few bugs have been fixed. See the ChangeLog:
- C++ API: new mobius::tsk classes to access libtsk
- python API: wrapper for mobius::tsk
- new installation method using configure, make and make install
- mediator.py: moved to mobius package
- emule-agent: new report "shared folders"
- emule-agent: handle tags 0x34 and 0x35
- emule-agent: fix BLOB decoding
- emule-agent: specific policies for dreamule and emule config
- emule-agent: check if AC_SearchStrings.dat exists before opening
- hive-report: catch exceptions at get_computer_name function
- hive-report: add Wow6432Node subkeys to the Installed Program report
- datasource-physical-device: fix retrieve_metadata for disks that have empty serial numbers
- imagefile-ewf: fix amount of bytes read in decode_hash_section
- engelbart: class UIManager implemented
Release 0.5.21 published
This release introduces the eMule Agent extension, an extension to parse eMule artifacts. Minor improvements have been made and a few bugs have been fixed. See the ChangeLog:
- new extension emule-agent
- new extension engelbart
- hive-report: new report "Ares accounts"
- hive-report: new report "last mounted devices"
- hive-report: installed program handles UNIX install datetime
- hive-report: installed program also retrieves from NTUSER.dat uninstall subkeys. Suggested by Clemente Paixão
- gigatribe-agent: datetime decoder fixed
- gtk-ui: service ui.start moved to engelbart extension
- gtk-ui: service ui.stop moved to engelbart extension
- gtk-ui: service ui.flush moved to engelbart extension
- gtk-ui: deprecated service ui.render-icon removed
- gtk-ui: service ui.new-icon-from-data set deprecated
- gtk-ui: service ui.new-icon-from-file set deprecated
- skype-agent: REPORT_ICON_DATA replaced by report.run icon
- emule-agent: REPORT_ICON_DATA replaced by report.run icon
- ice: REPORT_ICON_DATA replaced by report.run icon
- report-wizard: TRASH_BIN_ICON replaced by dnd.delete icon
- ice: use image_buffer instead of ui.render-icon
- category-manager: use image_buffer instead of ui.render-icon
- engelbart: new service ui.new-factory
- extension-manager: use image_buffer instead of ui.new-icon-from-data
- date-code: copyright (c) 2014
New Homepage
Due to the shutdown of freecode.com, I had to hastily make this homepage. For now on, every announcement about the project will be posted here. It is a work in progress, and suggestions are welcome.
Release 0.5.20 published
This release introduces the CellPhone Agent extension, an extension to browse Cellebrite's report.xml files. Minor improvements have been made and a few bugs have been fixed. See the ChangeLog:
- new extension cellphone-agent
- report-model: new service report.run-dialog
- report-model: verbatim generates '%' instead of '%%'
- report-model: do not generate duplicated methods in .py
- gtk-ui: forbid treeitem DND onto itself
- gtk-ui: case treeview icon cache implemented
- gtk-ui: do not expand selected item when item.children is modified
- skype-agent: "generate report" option
- skype-agent: account view disables DND when not selected
- skype-agent: account tile image repositioned
- ice: use service report.run-dialog
- sdi-window-manager: call to on_widget_started eliminated
- partition-viewer: scan only partition-system components
- partition-agent: update item.children only if it detects partitions
- partition-agent-dos: keep item.children when building components
- turing: test dictionary option fixed