Autopsy 4.1.0 has been released after a long drought. So, it has a longer list of features than usual. You can download it from sleuthkit.org.

Here is a quick summary of biggish features:

• New list view in the timeline module.  This view adds to the existing counts view (bar charts) and details view (clusters of events) to show a simple list of events. This is similar to the classic mactime output and interface from Autopsy 2. This was built with our contract with DHS S&T based on user feedback.
• VMWare virtual machine files (vmdk) and Microsoft Virtual Hard Drives (vhd) can be added as data sources. This means you can directly add a virtual machine as a disk image and analyze the contents as though it were an E01 or raw image.
• New ingest module detects vmdk and vhd files embedded in other data sources and adds them as data sources.  When virtual machine files are detected inside of a disk image, they will be extracted and added back in as data sources so that their contents will be analyzed in more depth.
• Text associated with blackboard artifacts is indexed and searched for keywords.  This means that you’ll get structured hits when your keywords are found in EXIF, web bookmarks, or call logs.
• File size and MIME type conditions can be specified for interesting files set membership rules. This allows you to, for example, flag files of a given type in certain folders. We’ll do a blog posting soon about using this module.
• Custom (user-defined) blackboard artifact and attribute types are displayed in the UI and included in reports.  Add-on modules in Autopsy could always make custom artifacts for the blackboard, but there was a big that they would not be shown in the tree. Now they are.  Just in time to make your modules for the OSDFCon contest.
• Assorted bug fixes and minor enhancements.

We’re going to get back into a 2-month release cycle so that we don’t do another 8 months (!) without a release.

You can download Autopsy from sleuthkit.org.  We’ll be covering some of these new features in our OSDFCon training.