Handles and loaded Modules are displayed per process when available Now has 47 columns of metadata for all processes. Owner/group/permissions are now preserved in Forensic Copyīetter exposed the function to compare shadow copies. VHD virtual disk & can be remounted back into OSF or manipulated with 3rd party tools.Īdded ability to supply multiple source paths when performing Forensic Copy L01 image formatsĪdded the ability for users to create Logical images from the Forensic Copy feature. GUI will show incrementing artefact count during the scanĪdded read-support for. The ability to reorganize and/or hide show certain columns by right clicking on the column title area to configure it on the File Details tab was added. Updates in Recent Activity for newer browsers (including Edge)įaster collection of Window Search terms in recent activity (reducing hours to minutes for the worst case)Īdded additional USB devices from SYSTEM\CurrentControlSet\Enum\USB in Recent activityĪdded USB first connected time from parsing New 'File Details' tab in several windows that displays the search results in a list view.Īdded OS X artefacts to Recent Activity feature for Mac drivesĪdded mobile backups, lists the backups found from iTunes (e.g. This can allow the button order to reflect the chronological order of specific forensics processed.Ĭheckboxes in several windows rather than multi-select with having to continuously hold select/ctrl. It is now possible to change the order of buttons in the left menu. New columns in the report have been added for password strength & length, which can be useful when checking for compliance with password policies.Īdded NTLM hash cracking to the common password check for the Windows login passwordĪdded NTLM hash rainbow table generation. (SHA512 hashing has been implemented in addition to SHA-1). Support for new MS Office 2013 encryption standards for DOCX, PPTX, etc. GPU accelerated hardware support for brute force password recovery on Office documents, PDF, Zip & RAR file. Specific rows in the password report can now be selected for export or adding to the case. New Configuration window has been added to allow the user to select what items are recovered, enter in an account password for offline decryption & select a dictionary for brute force attacks on the account password. Microsoft product keys are extracted from the Windows registry Outlook & Windows live mail passwords are now recovered & decrypted. Windows auto-logon password are now recovered & decrypted from registry. Wifi passwords are now recovered & decrypted from the registry and file system. Recent activity exported list is now limited to 10 items in the Trial version.Ĭhanged the maxium number of browser passwords displayed to 5 per browser for the Trial version. USB installation is now available only in the Pro version.Ĭhanged the maximum number of items that can be indexed (in create index) to 2500 for the Trial version Reduced the amount of memory used substantially during the forensic copy processįree version has been replaced by a 30 day trial Removed bell sound from gpu client, cpu client, and server and replaced with a different (chime) soundĪdded a clear log button and started displaying the number of files copied Improved the performance of adding new log entriesĪdded Openoffice (LibreOffice) extensions to select file dialog However, as a result, the case narrative is prevented from being edited from the New Case dialog procedure. Improved the performance of updating case flags by not re-drawing the lists for File Name Search, Mismatch Search, Deleted File Search, Index Search, File System BrowserĪllowed the HTMLeditor to be left opened from the "Edit Case Detail" dialog window. Improved the performance of adding items to case by performing the hash calculations all at once (rather than separately) When generating report, fixed incorrect links being generated when 'Copy files' is checked
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |