From a96f56511ebd0e194bd9f66cd7fa74e577359e70 Mon Sep 17 00:00:00 2001
From: Brian Carrier <carrier@sleuthkit.org>
Date: Tue, 8 May 2018 10:20:12 -0400
Subject: [PATCH] minor updates

---
 NEWS.txt              | 17 ++++++++++-------
 Running_Linux_OSX.txt |  1 +
 2 files changed, 11 insertions(+), 7 deletions(-)

diff --git a/NEWS.txt b/NEWS.txt
index de1a1e576e..73b199ef4f 100644
--- a/NEWS.txt
+++ b/NEWS.txt
@@ -1,23 +1,26 @@
 ---------------- VERSION 4.7.0  --------------
 New Features: 
 - A graph visualization was added to the Communications tool to make it easier to find messages and relationships.
-- A new Application content viewer provides custom views of media files, SQLite files, and Plists. 
-- A data source processor that runs Volatility was added to support ingesting memory images.
+- A new "Application" content viewer (lower right) that will contain file-type specific viewers (to reduce number of tabs).
+- New viewer for SQLite databases (in Application content viewer)
+- New viewer for binary PLists (in Appilcation content viewer)
+- L01 files can be imported as data sources.
+- Ingest filters can now use date range conditions for triage. 
+- Passwords to open password protected archive files can be entered (by right clicking on the file).
 - Reports (e.g., RegRipper output) generated by ingest modules are now indexed for keyword search.
-- Passwords to open password protected archive files can be entered.
 - PhotoRec carving module can be configured to keep corrupted files.
-- Filters to reduce files processed by ingest modules can have data range conditions.
-- L01 files can be imported as data sources.
-- Block size can be supplied for local drives and for images for which SleuthKit auto detect fails. 
+- Sector size can be specified for local drives and images when E01 is wrong or it is a raw image. 
+- New data source processor in Experimental module that runs Volatility, adds the outputs as files, and parses the reports to provide INTERESTING_FILE artifacts.
 - Assorted small enhancements are included.
 
 Bug Fixes:
-- Memory leaks and other issues revealed by fuzzing the SleuthKit have 
+- Memory leaks and other issues revealed by fuzzing the The Sleuth Kit have 
 been fixed.
 - Result views (upper right) and content views (lower right) stay in synch when switching result views.
 - Concurrency bugs in the ingest tasks scheduler have been fixed.
 - Assorted small bug fixes are included.
 
+
 ---------------- VERSION 4.6.0  --------------
 New Features: 
 - A new Message content viewer was added to make it easier to view email message contents. 
diff --git a/Running_Linux_OSX.txt b/Running_Linux_OSX.txt
index 386c4c5899..053c18f3eb 100644
--- a/Running_Linux_OSX.txt
+++ b/Running_Linux_OSX.txt
@@ -43,3 +43,4 @@ Autopsy depends on a specific version of The Sleuth Kit.  You need the Java libr
 * Limitations (Updated May 2018) * 
 - Timeline does not work on OS X
 - Video thumbnails are not generated (need to get a consistent version of OpenCV)
+- VHD and VMDK files not supported on OS X
-- 
GitLab