FTimes is a system baselining and evidence collection tool. Its primary purpose is to gather and/or develop topographical information and attributes about specified directories and files in a manner conducive to intrusion and forensic analysis. It was designed to support the following initiatives: content integrity monitoring, incident response, intrusion analysis, and computer forensics.
|Operating Systems||POSIX AIX Windows Mac OS X BSD FreeBSD Linux Solaris|
Release Notes: The code was cleaned up and refined as necessary. Several bugs have been fixed. This release includes updated support for file hooks and introduces KL-EL-based XMagic. Consequently, the minimum required version of libklel has been rasied to 1.1.0, which has a library version of 2:0:1. File system support for SquashFS was added.
Release Notes: Code was cleaned up and refined as necessary. Several bugs have been fixed. This release includes support for SHA256 hashes, include/exclude filters, and a number of additional file systems (DATAPLOW_ZFS, NTFS-3G, NWCOMPAT, UDF). HashDig utilities have been updated to support SHA1 and SHA256 hashes, and the following tools have been been added to the project: ftimes-crv2dbi.pl, ftimes-dig2dbi.pl, hashdig-find.pl, and tarmap. Documentation is now built at compile time, so the build system must have the tools needed to perform that task.
Release Notes: Generally, code was cleaned up and refined as necessary. Several bugs have been fixed. The main focus of this release was to improve XMagic by adding new test modes, types, and operators. In particular, 16 new XMagic types and 8 new test operators have been added. Additionally, XMagic has crossed over into dig mode. Now, it is possible to use magic incantations on all the blocks in a given file. Together, these enhancements represent a significant jump forward in XMagic technology. Finally, ftimes-crv2raw.pl has been added to the project.
Release Notes: Generally, code was cleaned up and refined as necessary. Several bugs have been fixed. Externally, there have been number of important changes. SHA1 hashes are now a standard file attribute. Compressed snapshots can now be compared directly. XMagic now includes regular expression file typing (via PCRE). HashSymbolicLinks is now on by default. Support for the following file systems has been added: NWFS, RAMFS, VZFS, and XFS. Put mode has been removed. Several of the companion utilities and the test harness have been improved. ftimes-cmp2dbi.pl has been added to the project.
Release Notes: Generally, code was cleaned up and refined as necessary. Several bugs have been fixed. The default installation directory has changed. New controls have been added. Regular expression and case insensitive digs are now supported. Support for additional file systems has been added. A test harness has been added, along with tests to validate MD5 hashes using sample vectors provided and used by NIST. Internally, the main improvements are MD5 performance and the addition of large file support. The companion utilities have been improved.