Friday, December 28, 2012

Elcomsoft has a new release

ElcomSoft Distributed Password Recovery 2.99.351 has been released.

To learn more visit


Passware has a new version

Passware Forensic 12.1 has been released.

To read more about Passware Forensic visit

For purchase and training visit


Black Bag has a new version of BlackLight

BlackLight 2012 4.1 has been released.

Some of the new features include:
  • Enhanced Skype Analysis
    • View Skype chat and voice communiations
    • Sort evidence by Skype account name, participant, and other key application artifacts
  • Side-by-side Evidence Analysis
    • Open multiple BlackLight windows to compare evidence
  • More Advanced Filters
  • VMWare virtual machine recognition and data processing!
  • Time Machine (Time Capsule) data import and hard link resolution
  • Comprehensive iOS 6 and OS 10.8.2 support
  • Others
To view more about BlackLight visit


Micro Systemation has released a new version of XRY

XRY 6.4.2 has been released.

The big change here is Windows 7 64bit support

For more information visit


Cellebrite has two updates

UFED Touch has been released.

UFED Physical Analyzer 3.6.1 has been released.

These are maintenance updates. 
The UFED Touch update is to resolve the following:
  • UFED Touch unit presented inaccurate start/end date and time of the extraction itself in the UFD/HTML/XML reports generated as apart of the extraction.  
  • Restoration of the UI languages available in the UFED Touch settings
The UFED Physical Analyzer update resolves the following:
  • Ability to export contact pictures with XML and UFDR Reports
  • iPhone decoding improvements of deleted MMS, SMS, and iMessages

For more information please visit

For purchase and training visit


(Also note that the UFED Classic application number was updated to the same "version" of the UFED touch to avoid multiple number schemes.)

Tableau has a new Firmware Update

Tableau Firmware updater 6.98 has been released.

Remember the Firmware Updater is used for most of the Tableau devices.

There is no way to update the updater.  You need to uninstall the updater and install the newer version.

In looking through the list of items updated since the last updater release in April, the following Tableau tools have updates:
  • T3458is Forensic Bridge
  • T34589is Forensic Bridge (UltraBay II)
  • T35689iu Forensic Combo Bridge
  • TD2 Forensic Disk Duplicator 2   v3.26
You may need to reboot following this install.

Fore more information visit

For purchase and training visit


Access Data has a new version of FTK Imager

FTK Imager 3.1.2 has been released.

This update has improved the detection of handling og corrupt$I30 index allocations.

If you are having trouble using the image mounting function of FTK Imager use the following steps:
  • As an adminsitrator, open a command prompt
    • In Run, type CMD.  Right-click on the command prompt and select run as administrator
  • Type "sc delete cbdisk" without the quotations
  • Type "sc delete cbdisk2" without the quotations
  • Reboot the computer
  • This will update the drivers for Imager
For more information visit

FTK Imager is a free tool.  If you are not using it, you should consider looking into it.


Guidance Software Releases a new version of EnCase

EnCase 7.05.02 has been released.

Updates include:
  • Enhanced McAfee ePolicy Orchestrator (ePO) Support
  • The SAFE has been updated to version 7d2
  • USGCB Compliance
  • More Encryption Support
The encryption support includes:
  Vendor     Product     Supported Versions     64-bit Support  
  Check Point     Check Point Full Disk Encryption (formerly Pointsec PC)     6.3.1 up to 7.4     Yes  
  CREDANT     Mobile Guardian     5.2.1, 5.3, 5.4.1, 5.4.2, 6.1 through 6.8     No  
  GuardianEdge     Encryption Plus/Anywhere     7 and 8     No  
  GuardianEdge     Hard Disk Encryption     9.2.2, 9.3.0, 9.4.0, 9.5.0, 9.5.1     Yes  
  McAfee     EndPoint Encryption (formerly SafeBoot)     4.5.6 (for Windows and Macintosh computers)     No  
  Microsoft     BitLocker and BitLocker To Go     Vista 7, Server 2008     Yes  
  Sophos     SafeGuard Easy and Enterprise (formerly Utimaco)     4.5, 5.5, 5.6     Yes (only for SafeGuard Easy, not for Enterprise)  
  Symantec     PGP Whole Disk Encryption     9.8, 9.9, 10, 10.1, 10.2     Yes  
  Symantec     Endpoint Encryption     7.0.2, 7.0.3, 7.0.4, 7.0.5, 7.0.6, 7.0.7, 7.0.8, 8.0     Yes  
  WinMagic     SecureDoc Full Disk Encryption     4.5, 4.6     No  

For more information please visit

For training visit


Monday, December 10, 2012

X-Ways forensics has some new releases

X-Ways Forensics 16.8 has been released

X-Ways Investigator 16.8 has been released

X-Ways WinHex 16.8 has been released

The X-Ways website doesn't give much in new release update notes, but to read more visit


Magnet Forensics has a new release

Magnet Forensics releases Internet Evidence Finder (IEF) 5.7.1

New features include:
  • Improved un-partitioned space search for mounted images
  • Enhanced support for eMule, Skype, Chatsync, Safari History, and JPG Pictures
  • More
To read more visit


Cellebrite has a new release.

Cellebrite has some new releases

UFED Touch Firmware has been released.

UFED Physical Analyzer 3.6 has been released

New support includes:
  • More support for Samsung Galaxy SIII family
  • Android 4.2.x Logical, File System, and Physical support
  • Nokia BB5 Physical extraction from an additional 21 locked and unlocked devices
  • More
To read more visit

To purchase visit


Micro Systemation has a new version

XRY 6.4.1 has been released

Quite a bit has been added with this release including but not limited to:
  • MTK Android physical support
  • Blackberry Physical support
  • Nokia BB5 Physical support
  • MTK Chinese chipset Physical support
  • iOS 6 deleted message recovery
  • Windows Phone 7 and 8 Logical File system support
  • More
To read more visit


Guidance Software releases a new EnCase 6

EnCase 6.19.7 has been released

It seems the big change is that EnCase 6.19.7 can read the electronic license for EnCase 7.  No need for multiple dongles!

They have also fixed an issue with Outside In when creating a transcript of a fragment of a deleted and overwritten file from unallocated space.

There are also a few know issued when working with Office 2007.  Guidance recommends using Office 2010.

To read more visit

To purchase visit


New F-Response Release

F-Response 4.0.5 has been released

Some of the enhancements include:
  • Improved cloud connector
  • Better support for current Linux distributions
  • Support for FreeBSD 64bit
  • Windows 8 Support for all tools
  • 64bit COM objects
  • More
To read more visit

To purchase visit

As a side note, if you have never used F-Response you are missing a potential case saver.

This is one of the tools I recommend every forensic toolkit has.

F-Response makes network acquisitions simple, and effective.  Do yourself and your clients a favor and check these guys out!


New Access Data releases.

MPE+ 5.1.2 has been released

DNA / PRTK 7.0 has been released

MPE+ 5.1.2 has the following updates:
  • Enhanced iOS support
  • Addition of 200 MediaTek Chinese phones
  • Enhanced driver support with Galaxy SII and iOS driver access
  • UNIX date conversion within Hex interpreter
  • PLIST files from iOS devices are displayed regardless of extension.
  • More...
DNA / PRTK enhancements include:
  • GPU units can now be used!!
  • This works on Microsoft Windows computers with CUDA-enabled GPUs
    • I'm looking forward to trying it!
To read more release notes please visit

For purchase please visit