A momentary lapse of reason in the Current Versions Post...

Sorry for any inconvenience.  An update while in Mexico on a computer running a Spanish OS caused the Current Versions post to break down.  It has now been fixed and updated with the newest releases once again.  

Remember that the first post (Current Versions) is an updated list of the current versions of multiple tools!

Thanks,
Hew

Guidance Software Releases EnCase Portable 3.1.1

EnCase Portable 3.1.1 has been released to work with the new functions of EnCase 7.03

www.guidancesoftware.com

New hash libraries for EnCase 7.03

There has been a new release of the NSRL hash library

The new release is 2.90GB and has a hash of:

• DEAEDA24413ADC057236A707544A552A

EnCase 7.03 has been released!

EnCase 7.03 is here!

According to Guidance Software the following changes have been made:

• There is now an option for a seperate processor dongle.  This will allow an examiner to use a second computer to aid in the processing of cases.  It states that you can queue processes on a seperate machine while you examine already processed evidence.
• Evidence Processor is 2-3 times as fast.  (I hope so!)
• Indexing Text in both File Slack and Unallocated Space.
• System Info in the processor now supports NetShare and USB Registry information.
• Support for Google Chrome Artifacts has been added!! (Finally!)
• You can now process from the local view and the network preview.  You no longer need to acquire a case to process it.  Indexing is not supported with this feature yet.
• A Review package option has been added where you can export search results into an easily opened web browser tool.  (This will hopefully make sharing results a bit simpler.)  An important part of this is that the recipient can review and make tags that can be imported back into EnCase for you to see.
• The Text and Hex tabs will now show search hits!  You don't have to use the Transcript tab only now!
• EnCase 7.03 now allows Enterprise functionality involving the SAFE and servlets. 
• The ability to rescan previewed drives has been added.
• You now have the ability to view the status of remote devices as they are being acquired.
• A few default text styles have been added.
• Support for EXT 4 Linux Software RAID arrays
• iOS 5 Beta support

Numerous items have been fixed.  Please see the EnCase 7.03 release notes to see everything.  I will mention a few that I have encountered:

• When acquiring a physical device, only the first logical partition is acquired.
• The default error granularity for memory acquisitions is 64, causing large sections of memory to be missed in memory acquisitions.  (I'm not sure what it has been changed to.  I will report on this when I see!)
• Time zone names are not saving and loading correctly.
• Evidence Processor's file carver module creates multiple identical records.
• Windows 7 Thumbcache files do not display in Pictures/Doc tabs.  (I am taking this to mean that EnCase 7.03 now supports the thumbcache files.  I will report on this when I have a chance to play with it.)

Things that I have not seen in the release notes:

I have not seen that they allow multiple passes with the source processer. 
I did not see anything about a fix for when EnCase crashes when a partition is rebuilt.

If you have any other questions, please send a post and I will try to answer them over the weekend.

Please check EnCase out at www.guidancesoftware.com

Check me out at www.h11dfs.com

JADSoftware Has released Internet Evidence Finder 5.2

JAD Software has released a new Internet Evidence Finder!

For those of you unaware of this tool, I highly recommend it.  It is great for carving out email, and chat logs from numerous browsers.

The new release notes include:

• Skype Message Carving from the newer SQLite logs
• Safari Web History carving has been added.  This is awesome because now IEF carves from, Internet Explorer, Firefox, Chrome, Sfari, and Opera!
• The new Triage version searches on a low level to avoid changing axxess times of files it has searched.  JAS is also claiming to have the ability to erase any trace of dongle evidence in the System Hive.

I am looking forward to trying this tool out and will report back when I know more!

Check JAD Software out at www.jadsoftware.com

Hew

New Cellebrite Release

Cellebrite has released the Application version 1.1.9.3!

This release sees the support of Android 2.3.x for physical extractions.

Unlock Pattern decoding from an Android image file. 

And more.

Check it out at www.cellebrite.com

AccessData FTK 4.0 Release

AccessData has officially relaased their FTK 4.0.

There has also been new releases for both the Oracle and the Postgre KFF

http://accessdata.com/support/adownloads

Tableau Firmware Update

Tableau has released a new firmware updater.

v6.87 has been released.

This update is for models T8, T35e, TDW1, and the TD1.

www.tableau.com

It has been one month!

I have been online with this Blog for one month now.  It has been a lot more enjoyable than I had hoped.  It gives me an excuse to constantly be reading the new updates and visiting the various vendor's websites.

As a reminder to everyone, the first entry back on 09-Jan-2012 is an up to date list of the current versions of various tools.  As stated in that post, please contact me if there are other tools you want to be on the list.

With regards,
Hew

www.h11dfs.com

Cellebrite Physical Analyzer New Version

UFED Physical Analyzer 2.4.2.1 has been released.

New release notes:

• Decoding of blackberry physical extraction
• Opening and Decoding of iPhone
• MMS decoding of LG CDMA VM-510 physical extraction
• SMS decoding of Sanyo 6760 physical extraction

www.cellebrite.com

Cellebrite Physical Analyzer Success

Today I had an iPhone 4S (CDMA) that I needed to image.  It was locked and the password was unknown.  Cellebrite Physical Analyzer was able to crack the password, and get a physical dump of the phone in under two (2) hours.

Physical analyzer is becoming stronger and stronger with each new release.  I am excited to see what new abilities will be available in the near future!

www.h11dfs.com

Logicube Updates

A new Forensic Dossier Software has been released.

Version 2.2.1RC02

Chinese Language Packs added
Logicube also states that other bugs have been fixed.

A new Talon Enhanced Software has been released

Version 1.1.1RC02

Chinese Language Packs added
Logicube also states that other bugs have been fixed.

This is a step in the right direction for Logicube.  Finally a foreign language pack has been added to the tool, hopefully with more to soon follow!

www.logicube.com