- A graph visualization was added to the Communications tool to make it easier to find messages and relationships.
- A graph visualization was added to the Communications tool to make it easier to find messages and relationships.
- A new Application content viewer provides custom views of media files, SQLite files, and Plists.
- A new "Application" content viewer (lower right) that will contain file-type specific viewers (to reduce number of tabs).
- A data source processor that runs Volatility was added to support ingesting memory images.
- New viewer for SQLite databases (in Application content viewer)
- New viewer for binary PLists (in Appilcation content viewer)
- L01 files can be imported as data sources.
- Ingest filters can now use date range conditions for triage.
- Passwords to open password protected archive files can be entered (by right clicking on the file).
- Reports (e.g., RegRipper output) generated by ingest modules are now indexed for keyword search.
- Reports (e.g., RegRipper output) generated by ingest modules are now indexed for keyword search.
- Passwords to open password protected archive files can be entered.
- PhotoRec carving module can be configured to keep corrupted files.
- PhotoRec carving module can be configured to keep corrupted files.
- Filters to reduce files processed by ingest modules can have data range conditions.
- Sector size can be specified for local drives and images when E01 is wrong or it is a raw image.
- L01 files can be imported as data sources.
- New data source processor in Experimental module that runs Volatility, adds the outputs as files, and parses the reports to provide INTERESTING_FILE artifacts.
- Block size can be supplied for local drives and for images for which SleuthKit auto detect fails.
- Assorted small enhancements are included.
- Assorted small enhancements are included.
Bug Fixes:
Bug Fixes:
- Memory leaks and other issues revealed by fuzzing the SleuthKit have
- Memory leaks and other issues revealed by fuzzing the The SleuthKit have
been fixed.
been fixed.
- Result views (upper right) and content views (lower right) stay in synch when switching result views.
- Result views (upper right) and content views (lower right) stay in synch when switching result views.
- Concurrency bugs in the ingest tasks scheduler have been fixed.
- Concurrency bugs in the ingest tasks scheduler have been fixed.
- Assorted small bug fixes are included.
- Assorted small bug fixes are included.
---------------- VERSION 4.6.0 --------------
---------------- VERSION 4.6.0 --------------
New Features:
New Features:
- A new Message content viewer was added to make it easier to view email message contents.
- A new Message content viewer was added to make it easier to view email message contents.
