NetAnalysis® Version 3.4
Release Notes for NetAnalysis Version 3.4
We are pleased to announce the release of NetAnalysis v3.4, which includes several new features and improvements to enhance your digital investigation capabilities. With over 90 new browser artefacts, this means that investigators can now uncover even more valuable evidence to help them solve their cases.
- Added support for Microsoft Edge navigation history, allowing you to extract and analyse navigation activity from this popular web browser.
- Increased support for mobile browsers on iOS and Android, enabling you to more effectively investigate mobile devices.
- Added over 90 new browser artefacts, giving you greater insight into user activity.
- Improved identification of items of interest in our browser preferences viewer, helping you to quickly find relevant evidence.
- Improved handling of bookmark interchange format, making it easier to extract and analyse bookmark data.
- Made minor UI changes to assist investigators in quickly finding evidence.
- Improved handling of Chromium and Mozilla-based browsers, providing you with more accurate results.
We are confident that NetAnalysis v3.4 will be an invaluable tool for investigators looking to recover and analyse browser artefacts. We can't wait to see the impact it will have on the digital forensic community. We hope these new features and improvements will help you to conduct more comprehensive and effective digital investigations. As always, please don't hesitate to reach out to our support team if you have any questions or feedback.
The full list of changes can be found here: Change Log v3.4
Release Notes for HstEx® Version 5.4
Don't forget to review the release notes for HstEx® which can be found here: HstEx v5.4 Release Notes.
NetAnalysis® Version 3.3
Offline Cached Web Page Viewing
NetAnalysis® version 3.3 introduces a major change in the way we handle and process cached content. Previous versions of the application would rebuild cached web pages and convert them to local versions using locally extracted cached content. As Web Pages become more sophisticated, this method may not always produce the best results, hence the need to evolve.
With version 3.3, we no longer rebuild web pages using this methodology. Instead, we process the requests from our built-in browser component (which is based on Google Chrome) and provide the cached content directly from the browser's cache. Therefore, as the browser loads the page, it parses the various elements and requests the content it requires to render the page on screen. We take those requests and find the data in the browser's cache, serving it back to the browser. We have also introduced a Cache Monitor window so you can see what the browser is requesting from the cache. This means that the cache no longer has to be extracted and the web pages rebuilt before you view them.
This new methodology has also allowed us to effectively deal with client and server side redirects. When our HTTP response to the browser indicates the content is subject to a server side redirect, the browser can then re-request the content from the corresponding new cache location. Client side redirects are already dealt with by our browser component. This delivers a considerable enhancement to the ability of NetAnalysis® to display cached web pages.
We have added support for 223 new browser artefacts. We have also made some user interface enhancements and added new cache reading and extraction support:
New Filter Menus: Live Cached Web Pages (Ctrl + W), Live Cached Images and Live Files.
- New Filters for Secure Cookies and HTTP Only Cookies.
- New Cache Monitor window for monitoring cache extraction.
- Support for WebKit2 Network Disk Cache.
- Support for reading and extracting data from Apple Web Archive files.
The full list of changes can be found here: NetAnalysis® v3.3 Change Log.
Release Notes for HstEx® Version 5.3
Don't forget to review the release notes for HstEx® which can be found here: HstEx v5.3 Release Notes and Change Log.
NetAnalysis® Version 3.2
Release Notes for NetAnalysis® Version 3.2
NetAnalysis® version 3.2 adds further support for mobile and desktop browsers. We have added new support for:
- Support for Sleipnir Mobile on iOS
- Support for Sleipnir Mobile on Android
- Apple Safari v15 Tabs on macOS and iOS
- Mime HTML indexing
- PNG export from Viewer
- Mime HTML export from Viewer
Opera Mini on Android Saved Pages
Microsoft Edge Custom Autofill
Mozilla Firefox Logins on Android and iOS
The full list of changes can be found here: NetAnalysis® v3.2 Change Log.
Release Notes for HstEx® Version 5.2
Don't forget to review the release notes for HstEx® which can be found here: HstEx v5.2 Release Notes.
NetAnalysis® Version 3.1
Release Notes for NetAnalysis® Version 3.1
NetAnalysis® version 3.1 continues our quest to add further support for mobile browsers. This release adds support for eighteen new browsers, namely 7 Star Browser, Naver Whale on desktop and mobile platforms, Opera Mini on mobile platforms, Opera Touch on Android, Opera GX on mobile platforms, Dolphin Browser on Android, Brave on mobile platforms, Opera on mobile platforms, QQ Browser on mobile platforms and UC Browser on mobile platforms.
We have also added new artefacts for existing browsers, giving us a total of 142 new artefacts for this version. For a full list of changes, see NetAnalysis® v3.1 Change Log.
UC Browser on Android and iOS
UC Browser is a cross-platform web browser developed by mobile internet company UCWeb, a subsidiary of the Alibaba Group. It is primarily targeted at mobile platforms and is extremely popular in India, Indonesia and China. It also encrypts many of the databases used to store user data.
In this release of NetAnalysis®, we have enhanced our support for UC Browser on Android and iOS. We can now decrypt History, Most Recent Visited History, Search Data and Bookmarks.
Decrypting UC Login Data on Android
We have also added support for decrypting usernames and passwords.
With the release of HstEx® v5.1, we have added the ability to search and recover MFT entries containing resident Zone Identifier data. This provides us with a lot of information regarding the original file. The recovered data is easily read into NetAnalysis® for examination. The image below shows a number of recovered Zone Identifier entries. The Information panel shows the associated MFT attribute information along with the Zone Transfer data from the Zone.Identifier stream.
The full list of changes can be found here: NetAnalysis® v3.1 Change Log.
Release Notes for HstEx® Version 5.1
Don't forget to review the release notes for HstEx® which can be found here: HstEx v5.1 Release Notes.
NetAnalysis® Version v3.0
Release Notes for NetAnalysis® Version 3.0
Version 3 is a major release of NetAnalysis® and adds over 200 new artefacts as well as new support for mobile and portable browsers. The user interface has been completely re-written and adds major improvements and new features in a number of key areas. We have improved the layout of the user interface, with the goal of improving productivity, and added support for light and dark themes. Our grids now boast powerful Excel-style column filtering with easy access string, number and date filtering. Another key feature is the built-in Properties Examiner with powerful examination, analysis and reporting of browser preferences.
In combination with HstEx® v5, NetAnalysis® is the most powerful, comprehensive, browser forensic analysis suite available. However, don't just take our word for it, take it for a spin and see the powerful features in action.
Our grids now support enhanced Excel-style column filters. The menus contain two tabs: Values and Filters. The Values tab allows the user to select specific values or value ranges. The Filter tab allows the user to create custom filters using comparison operators that match the data type. The video below shows the Filter for a Date column in action.
New Filter Editor
The Filter Editor allows the user to build complex filters with an unlimited number of filter conditions combined by logical operators. The visual styling of the Filter Editor has been improved to make it much easier to view, edit and build powerful data filters.
We have also enhanced the Progress Window with the same column filters. When processing data, it is now easy to filter rows containing a specific status. This makes it a simple process to review the log for warnings and other status values of interest.
New Properties Examiner
The Properties Examiner allows the user to view and perform detailed analysis on the various Preference values set by Mozilla and Chromium-based browsers. You can search, filter, group, sort and even print reports on the extensive property sets available. We have added support for saving and loading Property Filters to make it easier to identify items of interest. Various timestamp property values are automatically converted to Date/Time values and displayed in their own column. Property types are identified by a small icon before the Property Name.
Filtered Properties can easily be sent to a NetAnalysis® Report where the data can be exported in a number of different formats, including PDF.
Improved Search Index
The Search Index database is a powerful feature of NetAnalysis® and has been enhanced in this release. It allows the user to rapidly search across the text extracted from the input data and identify key items of interest. We have updated the search syntax to include wild-card characters. The image below shows how to use a wild-card search to identify all email addresses in the search index:
Zone Identifier ADS
NetAnalysis® v3 now checks for Zone.Identifier Alternate Data Streams when processing files. When a file is downloaded, a Zone.Identifier ADS is created and can contain the source URL of the download. The Information panel will show the various metadata properties for the download.
To review the full list of changes for this release, please see: Change Log v3.0.
Release Notes for HstEx® Version 5.0
Don't forget to review the release notes for HstEx® which can be found here: HstEx v5.0 Release Notes.