Mobius Forensic Toolkit

Release 0.5.24 published

Dec 3rd, 2015 by Eduardo Aguiar

This release adds new classes both to the C++ API and to the Python API. Minor improvements have been made and a few bugs have been fixed. See the ChangeLog:

  • C++ API: new class mobius::io::uri
  • C++ API: new class mobius::io::reader (abstract class)
  • C++ API: new class mobius::io::seekable_reader (abstract class)
  • C++ API: new class mobius::io::file_descriptor_reader
  • C++ API: new class mobius::io::file_reader
  • C++ API: new class mobius::io::uri_reader
  • C++ API: new class mobius::datetime::date
  • C++ API: new class mobius::datetime::time
  • C++ API: new class mobius::datetime::datetime
  • C++ API: new class mobius::datetime::timedelta
  • C++ API: new functions at mobius::datetime::conv_iso_string.h
  • C++ API: new functions at mobius::datetime::conv_julian.h
  • C++ API: new functions at mobius::datetime::conv_nt_timestamp.h
  • C++ API: new functions at mobius::datetime::conv_unix_timestamp.h
  • C++ API: mobius::hash_crc32 using precalculated CRC table
  • C++ API: new class mobius::crypt::cipher_base (abstract class)
  • C++ API: new class mobius::regex
  • C++ API: mobius/exception_posix.h for errno based exceptions
  • python API: new package mobius.io
  • python API: new class mobius.io.uri_reader
  • part-model: use sqlite3 database
  • cellphone-agent: datetime parsing bug fixed
  • data-sourcerer: check if datasource is available on populate_metadata

Release 0.5.23 published

Oct 6th, 2015 by Eduardo Aguiar

This release adds new classes both to the C++ API and to the Python API. Minor improvements have been made and a few bugs have been fixed. See the ChangeLog:

  • C++ API: new class mobius::unittest
  • C++ API: new class mobius::bytearray
  • C++ API: new class mobius::crypt::hash_base (abstract class)
  • C++ API: new class mobius::crypt::hash_crc32
  • C++ API: new class mobius::crypt::hash_zip
  • C++ API: new class mobius::crypt::cipher_block (abstract class)
  • C++ API: new class mobius::crypt::cipher_block_mode (abstract class)
  • C++ API: new class mobius::crypt::cipher_block_mode_ecb
  • C++ API: new class mobius::crypt::cipher_block_mode_cbc
  • C++ API: new class mobius::crypt::cipher_des
  • C++ API: new class mobius::crypt::cipher_stream (abstract class)
  • C++ API: new class mobius::crypt::cipher_rc4
  • C++ API: new class mobius::crypt::cipher_zip
  • C++ API: new class mobius::application
  • C++ API: code compatible with C++11
  • python API: new wrapper class mobius.crypt.hash_zip
  • python API: new wrapper class mobius.crypt.cipher_rc4
  • python API: new wrapper class mobius.crypt.cipher_zip
  • python API: new wrapper class mobius.crypt.cipher_des
  • hive-report: use mobius.crypt.cipher_rc4
  • hive-report: use mobius.crypt.cipher_des
  • hive-report: new report "encrypted volumes" lists Folder Locker 6 volumes
  • hive-pstore: use mobius.crypt.cipher_des
  • hive-turing: use mobius.crypt.cipher_rc4
  • hive-turing: use mobius.crypt.cipher_des
  • turing-model: use mobius.crypt.cipher_des

New tutorial available: Cracking Windows passwords with MobiusFT and JTR

Sep 23rd, 2015 by Eduardo Aguiar

This tutorial was previously available as a section of the Mobius Forensic Toolkit tutorial. Click here to see it.

Release 0.5.22 published

Sep 7th, 2015 by Eduardo Aguiar

This release introduces the Mobius Forensic Toolkit API, an API written in C++ with Python bindings. Minor improvements have been made and a few bugs have been fixed. See the ChangeLog:

  • C++ API: new mobius::tsk classes to access libtsk
  • python API: wrapper for mobius::tsk
  • new installation method using configure, make and make install
  • mediator.py: moved to mobius package
  • emule-agent: new report "shared folders"
  • emule-agent: handle tags 0x34 and 0x35
  • emule-agent: fix BLOB decoding
  • emule-agent: specific policies for dreamule and emule config
  • emule-agent: check if AC_SearchStrings.dat exists before opening
  • hive-report: catch exceptions at get_computer_name function
  • hive-report: add Wow6432Node subkeys to the Installed Program report
  • datasource-physical-device: fix retrieve_metadata for disks that have empty serial numbers
  • imagefile-ewf: fix amount of bytes read in decode_hash_section
  • engelbart: class UIManager implemented

Release 0.5.21 published

Oct 7th, 2014 by Eduardo Aguiar

This release introduces the eMule Agent extension, an extension to parse eMule artifacts. Minor improvements have been made and a few bugs have been fixed. See the ChangeLog:

  • new extension emule-agent
  • new extension engelbart
  • hive-report: new report "Ares accounts"
  • hive-report: new report "last mounted devices"
  • hive-report: installed program handles UNIX install datetime
  • hive-report: installed program also retrieves from NTUSER.dat uninstall subkeys. Suggested by Clemente Paix√£o
  • gigatribe-agent: datetime decoder fixed
  • gtk-ui: service ui.start moved to engelbart extension
  • gtk-ui: service ui.stop moved to engelbart extension
  • gtk-ui: service ui.flush moved to engelbart extension
  • gtk-ui: deprecated service ui.render-icon removed
  • gtk-ui: service ui.new-icon-from-data set deprecated
  • gtk-ui: service ui.new-icon-from-file set deprecated
  • skype-agent: REPORT_ICON_DATA replaced by report.run icon
  • emule-agent: REPORT_ICON_DATA replaced by report.run icon
  • ice: REPORT_ICON_DATA replaced by report.run icon
  • report-wizard: TRASH_BIN_ICON replaced by dnd.delete icon
  • ice: use image_buffer instead of ui.render-icon
  • category-manager: use image_buffer instead of ui.render-icon
  • engelbart: new service ui.new-factory
  • extension-manager: use image_buffer instead of ui.new-icon-from-data
  • date-code: copyright (c) 2014

New Homepage

Jul 26th, 2014 by Eduardo Aguiar

Due to the shutdown of freecode.com, I had to hastily make this homepage. For now on, every announcement about the project will be posted here. It is a work in progress, and suggestions are welcome.

Release 0.5.20 published

Jul 23, 2014 by Eduardo Aguiar

This release introduces the CellPhone Agent extension, an extension to browse Cellebrite's report.xml files. Minor improvements have been made and a few bugs have been fixed. See the ChangeLog:

  • new extension cellphone-agent
  • report-model: new service report.run-dialog
  • report-model: verbatim generates '%' instead of '%%'
  • report-model: do not generate duplicated methods in .py
  • gtk-ui: forbid treeitem DND onto itself
  • gtk-ui: case treeview icon cache implemented
  • gtk-ui: do not expand selected item when item.children is modified
  • skype-agent: "generate report" option
  • skype-agent: account view disables DND when not selected
  • skype-agent: account tile image repositioned
  • ice: use service report.run-dialog
  • sdi-window-manager: call to on_widget_started eliminated
  • partition-viewer: scan only partition-system components
  • partition-agent: update item.children only if it detects partitions
  • partition-agent-dos: keep item.children when building components
  • turing: test dictionary option fixed