Announcement

Collapse
No announcement yet.

OSForensics V3.3 beta release

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • OSForensics V3.3 beta release

    Update: The final V3.3 is now out. You can find the V3.3 OSForensics release here.

    We are pleased to announce the release of OSForensics V3.3 beta 3, 20/Jan/2016.

    The main focus of this release is speed improvements, indexing capacity improvements and supporting additional file types during the indexing process.

    DOWNLOAD LINK
    http://www.osforensics.com/download.html

    WHAT'S NEW
    Compared to the current V3.2 release here are list of the changes in V3.3.

    Create Signature
    • E-mail files are no longer saved as temporary files when creating a hash of the file. This improves the speed when creating a signature.
    • Fixed wrong directory path being displayed especially when hashing large files.
    • Fixed performance bug when hashing NTFS compressed files. Caused a 20x slowdown reading compressed files.

    Compare Signature
    • When comparing file attributes, mask out the extra attributes used by OSForensics Forensics mode (eg. FILE_ATTRIBUTE_ATTR_MODIFY). This gives a more accurate list of modified files.

    Drive Preparation
    • Added WAIT icon to drive refresh, so user can see when refresh is complete.

    Email Viewer
    • When parsing DBX e-mail files in forensics mode, a temporary copy of the file is no longer created. This saves some time opening the file.

    File Indexer
    • 12x increased unique words capacity (from 16 million base words to 200 million). Allows more documents to be indexed in a single index.
    • Approximate 5x faster Forensics Mode indexing. This resulted from better caching, better parsing of the MFT and new low overhead methods of getting file attributes.
    • Improved JPG, PNG image indexing speed with new methods of calling exiftool. Performance is approximately 5x faster on photographic images.
    • Fixed bugs with indexing of archives (zip, tar, 7z, etc.) in Forensics Mode.
    • Added support for ZIP files using non-DEFLATE methods (e.g. IMPLODE)
    • Improved file type identifications and attempted indexing methods. At lot fewer warnings and errors should now be logged when indexing.
    • Fixed 64-bit bugs with 7z64.dll
    • Fixed corrupt messages e.g. "Error: Cannot delete output file: ... ". Sometimes this error was caused by indexing E-mails that contained malware. The antivirus (AV) solutions running on machines would detect the malware on extraction of attachments from the E-mail and unexpectedly delete the temporary file, causing a cascade of errors. We have a work around for the errors, but active AV solutions can still prevent indexing of files containing malware. Which can be a good or bad thing depending on your point of view.
    • Fixed failing to open .gz and .tar.gz files from forensic mode mounted drive
    • Fixed bugs with failing to extract files from certain problematic ZIPs and attempting every file (with magic and extraction and indexing) causing 3 error messages per file in the Zip file. Corrupted Zip files should no longer produce this cascade of errors.
    • Fixed crash bug with truncated MP3 files
    • Fixed OLE parsing bug when loading corrupted MSG Email file
    • Improved memory estimation of indexing, to better judge if there is sufficient RAM available to start the indexing job. No point starting an indexing job only to die half way through it.

    File Name Search
    • Fixed 'Current Folder' not being correctly displayed

    File System Browser
    • Display "(Sparse)" for the "Starting LCN" column of sparse files
    • Fixed incomplete folder size being displayed when folder size calculation is cancelled midway (eg. when items are being sorted)
    • Speed improvement when calculating folder sizes in forensics mode. Approx 3x faster depending on collection of files.

    Internal Viewer
    • File info: For reparse points the linked path is now displayed
    • No longer displays message box when failing to open file
    • Hex viewer, Display error message in the status bar when failing to open file

    Mismatch Search
    • Fixed 'Current Folder' not being correctly displayed

    Password Recovery
    • Fixed crash when writing an entry to the log

    Recent Activity
    • Fixed a shellbag retrieval crash in Windows 10
    • Fixed a jumplist crash in Windows 10
    • Fixed a bug preventing some jumplist items from being retrieved
    • Changed "Stream Number" jumplist item name to "Entry ID"
    • Fixed an offset bug when getting the name of a shellbag item in Windows 10 which caused names with invalid characters to appear
    • Updated function that retrieves Windows desktop search terms. The database format recently changed in Win10 and broke older releases of OSF.

    ESEDB viewer
    • Updated the Extensible Storage Engine database (ESEDB) viewer to support the new Win10 file structure.

    Search Index
    • Updated search engine code to support new increased capacity index format with extended unique words.

    Thumbnail View
    • Improved performance of loading photographic image thumbnails in forensics mode. Is approx 10x faster.
    • Improved speed + memory usage when drawing thumbnails. Especially noticeable when scrolling the display, which should now be smoother.

    Drive imaging
    • Fixed error "Unable to read end of drive". This occurred when imaging a volume (e.g. Drive F, when the size of the file system (e.g. NTFS) is smaller than the volume size. The imaging process will now continue beyond the end of the file system to read the entire volume.

    Misc
    • Fixed some memory leaks found by the leak checker

    Licensing & pricing
    • In the free edition of the software,
      • The indexing process will be restricted to 10,000 files or E-mails.
      • The search results from an index will be limited to 250 files per search.
      • Only 10 items to be added to each Case file.
      • Only the first 10 passwords from each browser type will be listed in the passwords function

    • Pricing will increase to $799 for a single license in 2016. But upgrades to V3.3 from V3.2 will be free so you can get in now at the current low price. Volume discounts still apply. Maintenance will be $299.

    Installer
    • The installer package is now signed with an Extended Validation coding signing certificate. This avoids some SmartScreen installation warnings in Windows 10, like Windows "prevented an unrecognised app from starting".

    Known bugs
    • In beta 3 there are no open bugs that we are aware of. Not to say there are no bugs. Just that as of today, 20/Jan/16, we don't know of any.

    Free Upgrades
    • V3.3 will be a free upgrade for anyone who purchased OSF in the 6 months prior to the final OSF V3.3 release date (or those who have current support and maintenance).

    And more
    See the What's New page for a full list of changes.


    If you find any bugs, or strange behaviour in the V3.3 release. Please let us know.
Working...
X