The team has been working hard over the past several months on the architecture of IEF to leverage multi-core processors, support Mac file systems, and add more visualization. Everyone at Magnet is very excited to be releasing Version 6 of IEF! We are continuing to push the boundaries and have some very exciting things coming with v6.1 that will make IEF a must have tool for every forensic examiner on the planet.
Last year was busy as we iterated on v5, with our last release including features like Dropbox decryption support, Google Maps tile recovery, web video fragment recovery, and other useful artifacts/features.
Let me take a minute to highlight some of the features I’m really excited to be bringing to our customers in v6.
Mac OS X file system support: Previous versions of IEF did not support file systems other than NTFS/FAT and so with Mac images you were limited to a sector-level search. Now IEF natively parses images (no mounting or drivers required) and can parse HFS/HFS+ file systems along with Windows file systems. This allows for more control over which areas of the drive are searched, more information around where artifacts are found, and better handling of files that are fragmented or containing data that is not easy to carve. We’ve also added more support for Mac specific artifacts, including Safari webpage rebuilding, Adium chat, iChat, and Amule. This is just the beginning with our Mac support and we will continue to add new artifacts based on customer requests and market trends.
Timeline feature: This new feature has been in development for some time now and we’re excited to reveal it. IEF Timeline will display recovered artifacts visually allowing you to see spikes in a user’s online activity, or the absence of activity. You can drill-down to specific time frames and isolate certain artifacts that are of interest. It really needs to be seen to appreciate the investigative value that it can bring to your examinations. You can also import/export .TLN files which allows for sharing of data between forensic products. Click here to see a short video.
Virtual Machine image support: IEF now natively supports .vmdk, .vdi, .vhd, and .xva image files, along with the standard forensic image formats: .E01/Ex01, .L01/Lx01, dd/001.
Multithreading: Tired of seeing forensic products use only one of your 32 CPU cores? Now IEF can take advantage of multi-core CPUs, resulting in very large speed increases.
New Artifacts: A number of new artifacts have been added or improved in v6. Some of the notables include: 360 Safe browser (a Chinese browser that is essentially a mash-up of IE and Chrome), QQ Chat (popular Chinese chat program with over 712M active users), Bing & Google Toolbars, Xbox360 Internet Explorer History (a forensic first!), and enhanced Limewire/Frostwire/Limerunner/Luckywire and Gigatribe support.
We’ve also added a sophisticated HTML carving engine that can recover web page fragments from Craigslist, Backpage, Plenty of Fish, and Ashley Madison websites. This new engine will allow us to continue to add web page fragment recovery for other popular sites that regularly find their way into investigations.
If you are already an IEF user, please upgrade via the Customer Portal or use the inline updater now available with IEF. To download a trial of IEF, please click here.
Finally, we are proud to announce that Internet Evidence Finder has been nominated for the Forensic4cast
“Computer Forensic Software of the Year” award! Our thanks go out to all those who nominated us.
Thanks for your continued support!
Jad and the Magnet Team