Offline Cached Web Page Viewing
NetAnalysis® version 3.3 introduces a major change in the way we handle and process cached content. Previous versions of the application would rebuild cached web pages and convert them to local versions using locally extracted cached content. As Web Pages become more sophisticated, this method may not always produce the best results, hence the need to evolve.
With version 3.3, we no longer rebuild web pages using this methodology. Instead, we process the requests from our built-in browser component (which is based on Google Chrome) and provide the cached content directly from the browser's cache. Therefore, as the browser loads the page, it parses the various elements and requests the content it requires to render the page on screen. We take those requests and find the data in the browser's cache, serving it back to the browser. We have also introduced a Cache Monitor window so you can see what the browser is requesting from the cache. This means that the cache no longer has to be extracted and the web pages rebuilt before you view them.
This new methodology has also allowed us to effectively deal with client and server side redirects. When our HTTP response to the browser indicates the content is subject to a server side redirect, the browser can then re-request the content from the corresponding new cache location. Client side redirects are already dealt with by our browser component. This delivers a considerable enhancement to the ability of NetAnalysis® to display cached web pages.
We have added support for 223 new browser artefacts. We have also made some user interface enhancements and added new cache reading and extraction support:
New Filter Menus: Live Cached Web Pages (Ctrl + W), Live Cached Images and Live Files.
- New Filters for Secure Cookies and HTTP Only Cookies.
- New Cache Monitor window for monitoring cache extraction.
- Support for WebKit2 Network Disk Cache.
- Support for reading and extracting data from Apple Web Archive files.
The full list of changes can be found here: NetAnalysis® v3.3 Change Log.
New Browser Support
NetAnalysis® version 3.2 adds further support for mobile and desktop browsers. We have added new support for:
- Support for Sleipnir Mobile on iOS
- Support for Sleipnir Mobile on Android
- Apple Safari v15 Tabs on macOS and iOS
- Mime HTML indexing
- PNG export from Viewer
- Mime HTML export from Viewer
Opera Mini on Android Saved Pages
Microsoft Edge Custom Autofill
Mozilla Firefox Logins on Android and iOS
The full list of changes can be found here: NetAnalysis® v3.2 Change Log.
Introduction to NetAnalysis® v3.1
NetAnalysis® version 3.1 continues our quest to add further support for mobile browsers. This release adds support for eighteen new browsers, namely 7 Star Browser, Naver Whale on desktop and mobile platforms, Opera Mini on mobile platforms, Opera Touch on Android, Opera GX on mobile platforms, Dolphin Browser on Android, Brave on mobile platforms, Opera on mobile platforms, QQ Browser on mobile platforms and UC Browser on mobile platforms.
We have also added new artefacts for existing browsers, giving us a total of 142 new artefacts for this version. For a full list of changes, see NetAnalysis® v3.1 Change Log.
UC Browser on Android and iOS
UC Browser is a cross-platform web browser developed by mobile internet company UCWeb, a subsidiary of the Alibaba Group. It is primarily targeted at mobile platforms and is extremely popular in India, Indonesia and China. It also encrypts many of the databases used to store user data.
In this release of NetAnalysis®, we have enhanced our support for UC Browser on Android and iOS. We can now decrypt History, Most Recent Visited History, Search Data and Bookmarks.
Decrypting UC Login Data on Android
We have also added support for decrypting usernames and passwords.
With the release of HstEx® v5.1, we have added the ability to search and recover MFT entries containing resident Zone Identifier data. This provides us with a lot of information regarding the original file. The recovered data is easily read into NetAnalysis® for examination. The image below shows a number of recovered Zone Identifier entries. The Information panel shows the associated MFT attribute information along with the Zone Transfer data from the Zone.Identifier stream.
The full list of changes can be found here: NetAnalysis® v3.1 Change Log.
Version 3 is a major release of NetAnalysis® and adds over 200 new artefacts as well as new support for mobile and portable browsers. The user interface has been completely re-written and adds major improvements and new features in a number of key areas. We have improved the layout of the user interface, with the goal of improving productivity, and added support for light and dark themes. Our grids now boast powerful Excel-style column filtering with easy access string, number and date filtering. Another key feature is the built-in Properties Examiner with powerful examination, analysis and reporting of browser preferences.
In combination with HstEx® v5, NetAnalysis® is the most powerful, comprehensive, browser forensic analysis suite available. However, don't just take our word for it, take it for a spin and see the powerful features in action.
Our grids now support enhanced Excel-style column filters. The menus contain two tabs: Values and Filters. The Values tab allows the user to select specific values or value ranges. The Filter tab allows the user to create custom filters using comparison operators that match the data type. The video below shows the Filter for a Date column in action.
New Filter Editor
The Filter Editor allows the user to build complex filters with an unlimited number of filter conditions combined by logical operators. The visual styling of the Filter Editor has been improved to make it much easier to view, edit and build powerful data filters.
We have also enhanced the Progress Window with the same column filters. When processing data, it is now easy to filter rows containing a specific status. This makes it a simple process to review the log for warnings and other status values of interest.
New Properties Examiner
The Properties Examiner allows the user to view and perform detailed analysis on the various Preference values set by Mozilla and Chromium-based browsers. You can search, filter, group, sort and even print reports on the extensive property sets available. We have added support for saving and loading Property Filters to make it easier to identify items of interest. Various timestamp property values are automatically converted to Date/Time values and displayed in their own column. Property types are identified by a small icon before the Property Name.
Filtered Properties can easily be sent to a NetAnalysis® Report where the data can be exported in a number of different formats, including PDF.
Improved Search Index
The Search Index database is a powerful feature of NetAnalysis® and has been enhanced in this release. It allows the user to rapidly search across the text extracted from the input data and identify key items of interest. We have updated the search syntax to include wild-card characters. The image below shows how to use a wild-card search to identify all email addresses in the search index:
Zone Identifier ADS
NetAnalysis® v3 now checks for Zone.Identifier Alternate Data Streams when processing files. When a file is downloaded, a Zone.Identifier ADS is created and can contain the source URL of the download. The Information panel will show the various metadata properties for the download.