IPED Digital Forensic Tool. It is an open source software that can be used to process and analyze digital evidence, often seized at crime scenes by law enforcement or in a corporate investigation by private examiners.
This release has a few fixes, they are listed below: #1293: Errors in multicases: rendering chats with attachments, bookmarking duplicates and exporting file properties (@lfcnassif) #1321: Inconsistent behavior of enableAutomaticExportFiles and CategoriesToExport/KeywordsToExport (@lfcnassif) #1288: Error generating multicase graph depending on current directory (@lfcnassif) #1292: Processing can hang in AudioTranscriptTask (@lfcnassif) - also on 3.18.x #1290: HexViewerPlus search for big hexadecimals not working (@gfd2020) - also on 3.18.x #1324: Fix audio:transcriptConfidence type as double (@lfcnassif) #1299: Clicking on an item in the gallery, sometimes trigger multiple events (@tc-wleite) - also on 3.18.x #1323: Rare mplayer processes left behind on Windows after processing finished (@lfcnassif) - also on 3.18.x
This release has a few fixes, they are listed below:
#661: Fix dynamic metadata types detection divergences in multicases (@lfcnassif) #1281: Aborting AIOOBE while indexing embedded virtual disk segments or huge files (@lfcnassif) #1278: Processing rarely aborting by ArrayIndexOutOfBoundsException from QRCodeTask (@lfcnassif) #1277: Searching in Hex Viewer not working (@lfcnassif) #1274: Error creating bookmarks from python scripts (@lfcnassif) #1288: Error generating multicase graph depending on current directory (@lfcnassif) #1273: Fix PythonScriptTask.py example and ExampleScriptTask.js (@lfcnassif) #1276: Fix ending white spaces in some localization strings (@lfcnassif)
This release contains important fixes, please see the ReleaseNotes.txt for the full changes, some of them are listed below: Fixes: #1262: Preview of device info, contacts & emails from UFDR evidences can be overridden with --append - also affects 3.18.x (@lfcnassif) #1249: Audio transcription can fail depending on audio encoding - also affects 3.18.x (@lfcnassif) #1246: Token normalization rules not being applied on wildcard/prefix/fuzzy/regex/range queries (@lfcnassif) #1250: New evidence location dialog stopped to be shown if evidence was moved (@lfcnassif) #1247: Hits panel not populated and hits not highlighted on Preview tab after a MultiTermQuery search (@lfcnassif) #1256: Some files from UFDR can not be opened when fast switching between them (@lfcnassif) #1255: Link files (application/x-lnk) are being parsed by RawStringParser instead of LNKShortcutParser (@lfcnassif) #1242: Error SQLITE_CONSTRAINT_PRIMARYKEY when importing hash sets that require a record merge (@tc-wleite) #1248: Out of memory when parsing contacts of whatsapp (@lfcnassif, @hauck-jvsh)
This release fixes a regression in 4.0.0-final reported by @aberenguel: #1223: Bookmark panel not being updated if [No Bookmarks] or Bookmarks root is selected (@lfcnassif) [4.0.0-final]
This release contains important fixes and a few enhancements. See the ReleaseNotes.txt for the full changes, we highlight some: News: #1127: Support for NIST CAID - Child Abuse Image Database - hash dataset (Wladimir Leite, Luís Nassif) #1211: Retry the MinIO upload (João Hauck, Luís Nassif) #1213: Decrease IPED VOSK minWordScore parameter (Luís Nassif) Fixes: #1199: Iped-search-app stops to open files from UFDR after fast switching between them (Luís Nassif) [4.0-beta] #1217: Inconsistent timezone conversion of Exif dates (Luís Nassif) [3.18.x, 4.0-beta] #1203: Aborting OutOfMemoryError while running QRCode detection (João Hauck, Luís Nassif) [4.0-beta] #1204: Error adding file to the database: TskCoreException: Could not find parent (Luís Nassif) [4.0-beta] #1209: False positives when detecting phone numbers in Graph module (Luís Nassif) [3.18.x, 4.0-beta] #1200: FaceRecognition feature doesn't work on Linux with default installation steps (Felipe Costa) [4.0-beta] #1007: IllegalArgumentException: cannot change field "XXX" from index options=DOCS_AND_FREQS_AND_POSITIONS to inconsistent index options=NONE (Luís Nassif) [4.0-beta] #994: Negative estimated time to finish processing (Luís Nassif) [4.0-beta]
Contributors: @FelipeFcosta @hauck-jvsh @lfcnassif @tc-wleite
We are pleased to announce the release of IPED-4.0.0-beta. Several structural and breaking changes were done, please see the Migration Guide. Many outstanding new features were added as well, check the ReleaseNotes.txt for the full changes. Between more than 100 improvements, we highlight some:
#361: Face recognition functionality (Luis Nassif & Rui Santana) #118: Centralized hash database, refactor importing and look up for different hashsets: NSRL, ProjectVic, LED, PhotoDNA, CSV (Wladimir Leite) #1136: Support Interpol ICSE CSAM hash database (Wladimir Leite) #248: Local audio transcription [Experimental] (Luis Nassif & Wladimir Leite) #451: Unified Timeline Table View and Event Filtering (Luis Nassif) #102: Processing of supported forensic/virtual disk images recursively (Luís Nassif) #515: Run OCR on HEIC, PSD, WEBP, WMF, EMF, SVG, JBIG2 and other non standard image types (Wladimir Leite & Luis Nassif) #238: Support for OpenStreetMaps/Bing maps using Leaflet library (Patrick Bernardina & Luis Nassif) #18: Refactor internationalization (Luis Nassif) #675: German translation (Dennis Schreiber & Luís Nassif) #1091: Italian translation (Flavio Tessitore) #1065: Recover deleted WhatsApp Chats, Messages and Contacts (Fábio Pfeifer, Luís Nassif, João Hauck) #1105: Support for WhatsApp version up to 2.22.9 (João Hauck, Luís Nassif) #486: Link WhatsApp attachments in Apple Warrant Returns Cellebrite Reports (Fábio Pfeifer) #150: Merge Whatsapp Android backups (João Hauck & Luís Nassif) #802: Add support to download and decode WhatsApp attachments (João Hauck, Luís Nassif) #538: Refactor module configuration (Luís Nassif) #120: Makes Configuration Profiles Hierarchical/Differential (Luis Nassif) #1067: Embed a portable python distribution (Luís Nassif) #483: Support parser implementations in python (Luis Nassif) #357: Optimize NSFWNudityDetectTask.py, run on videos and makes it easier to enable (Luis Nassif) #1081: Extract video frames as subitems to run OCR, image similarity, face detection, photoDNA, etc on them (Aristeu Junior, Luís Nassif, Wladimir Leite) #530: Increase ALTCOINS (criptocoins) Regexes and Validators (Fábio Pfeifer) #65: Store all email headers as metadata (Thales Rodrigues e Luis Nassif) #340: Object Storage Module using MinIO (Luis Nassif & João Hauck) #232: Upgrade to Sleuthkit-4.11.1: support for APFS unallocated areas (Luís Nassif) #825: Upgrade LIBVMDK to support splitted and differential images (Luís Nassif) #598: Upgrade LIBVHDI to support vhdx evidences (Luís Nassif) #180: Public API changes including translations to english (Luís Nassif) #827: Upgrade to java 11 LTS (Luis Nassif)
We give a big thank to all 4.0.0 version contributors:
André Berenguel @aberenguel Aristeu Júnior @arisjr Dennis Schreiber @mobab-th Fábio Pfeifer @fmpfeifer Flavio Tessitore @flates Guilherme Andreúce @streeg João Hauck @hauck-jvsh Leandro Oliveira @leosol Luís Filipe Nassif @lfcnassif Matheus Bichara @mbichara Patrick Bernardina @patrickdalla Rodrigo Carvalho @rodac5 Rui Santana @ruisantana Thales Rodrigues @thalespr Wladimir Leite @tc-wleite
Full Changelog: https://github.com/sepinf-inc/IPED/compare/3.18.2...4.0.0-beta
This release contains important fixes and a few enhancements. See the ReleaseNotes.txt for the full changes: News: #1064: Support new Telegram versions 8.5-8.7 (João Hauck) #1035: Decode base64 values from UFDR xml (Luís Nassif) #1049: Support more date formats when processing UFDR files from PA 7.54 (Luís Nassif) #1074: Optimize bookmarking when "Add duplicates (hash)" is selected (André Berenguel & Luís Nassif) #1042: Upgrade to latest OpenJDK 8 + JFX in 3.x branch (Luís Nassif) Fixes: #1056: TelegramParser plugin not working with iped.exe/java8 [3.18.13 regression] (Luís Nassif) #1032: OutOfMemoryError while generating PDFs thumbnails using internal conversion (Luís Nassif) #795: Missing DLL could cause OfficeViewer native window to be detached from main UI (Luís Nassif & André Berenguel) #1028: AIOOBE generating report from another report caused by chat attachments parents not exported (Luís Nassif) #1031: Upgrade Microsoft client-sdk to 1.19.0 to fix audio transcription failing on Linux (Luís Nassif) #1137: OCR on TIF images > 3 pages fails on environments without graphics device (Luís Nassif)
This release contains important fixes and libewf upgrade. See the ReleaseNotes.txt for the full details: News: #995: Upgrade to LIBEWF-20201230: partial Ex01 and Lx01 support (Luís Nassif) Fixes: #1001: TextViewer not displaying final text fragments of files [3.18.8 regression] (Luís Nassif) #973: Group participants aren't being extracted [regression 3.18.9] (João Hauck) #997: Messages from chats decoded from UFDRs may be duplicated and shown as attachments in preview [since 3.18-beta] (Luís Nassif) #986: Graph in multicases not generated when cases/multicase.txt parent folder is writeable [regression 3.18.5] (Luís Nassif) #993: Excessive memory consumption processing large E01 images (Wladimir Leite, Luís Nassif & André Berenguel) #996: Bookmarks not saved in user local temp if case is on network and readonly using ACLs (Luís Nassif)
Full Changelog: https://github.com/sepinf-inc/IPED/compare/3.18.13...3.18.14
This release contains bug fixes and a few enhancements, some listed below. See the ReleaseNotes.txt file for the full list.
PS: Don't use this release to resume a processing started by a previous version, since some related breaking changes were needed. You can use this version to append evidences and create multicases with previous 3.18.x versions cases.
News: #911: Support new Telegram version 8.4 (João Hauck) #341: Delete ignored subitem data from SQLite containers (Luís Nassif) #910: Open attachments from EML/MSGViewer externally using detected extension (Luís Nassif) Fixes: #905: EMLViewer opens the wrong attachment when images are inlined [3.18.8 regression] (Luís Nassif) #965: Some carved files from ignored subitems could not be processed/exported when using blind profiles (Luís Nassif) #921: Missing some metadata values when removing composite/duplicate keys (Luís Nassif) #941: Subitems or items from UFDR may point to inexistent parent when resuming processing (Luís Nassif) #792: Carved/Subitems may be added again to case when resuming processing with --continue (Luís Nassif) #892: Possible arbitrary JS code execution when viewing Telegram HTML reports (João Hauck & Luís Nassif) #894: Fix WhatsAppParser, SkypeParser, VCardParser and UFEDChatParser to encode untrusted strings (Luís Nassif & João Hauck) #942: Rare aborting ConcurrentModificationException when making partial index commits (Luís Nassif)
Full Diff: https://github.com/sepinf-inc/IPED/compare/3.18.12...3.18.13
This release contains some bug fixes, mainly for #881 regression affecting 3.18.10 & 3.18.11. Because all versions < 3.18.11 are vulnerable to the critical CVE-2021-44228 in log4j2 library, we still recommend all users to upgrade. Release notes below:
News: #887: Upgrade to Log4j-2.17.0 in 3.x branch (Luís Nassif) Fixes: #881: Subitems > 16MB or exported to HTML reports not opened by analysis app [3.18.10 regression] (Luis Nassif) #880: Exporting files to report fails depending on evidence type if it was moved (Luís Nassif) #872: Aborting NullPointerException in DocThumbTask (Luís Nassif)