Some notable new features include the update of our internal HTML Viewer, as well as adding some valuable new functionality to aid with evidence processing and productivity.
New Browser Support
We have added support for the following browsers:
The developers describe Basilisk as "development software" and states "it should be considered more or less beta at all times; it may have some bugs and is provided as-is, with potential defects". It was initially released in November 2017 for Microsoft Windows and Linux.
Cốc Cốc Browser
Cốc Cốc browser is a web browser primarily focused on the Vietnamese market. It is available for Windows and macOS operating systems and supports both the English and Vietnamese languages. It is developed by Vietnamese company Cốc Cốc and based on the Chromium open source code. Cốc Cốc is the second most popular browser in Vietnam, with a market share of 16.89%, according to data from StatCounter.
QQ Browser (QQ浏览器) is a chromiumChromium-based web browser for Android, Windows, macOS, and iOS platforms. It is developed by Chinese Internet giant Tencent. The application offers a number of features such as tabbed windows and integration with chat platforms. QQ browser version 9.0 was the first released version which used the chromium Chromium source code (Chromium v43). Prior to this QQ Browser was based on the Trident engine.
Microsoft has added a feature to its Edge browser to make it easy to sweep aside all the tabs the user has open into a collection that can be restored at any time. We have now added support to NetAnalysis® for viewing these Swept Tab entries (see below).
The Recovery Guid GUID shown above is a unique identifier which relates to Recovery Store entries (Tab Session ID). In the screen capture below, you can see we have created a filter looking for records that contain the Swept Tab Recovery Guid GUID in the Information field. This filter returns three records which can be seen below.
Another area we have improved, in this release, is the processing of the download information object for Microsoft browsers. We have greatly improved the processing of corrupt and partially recovered data through HstEx® and added support for all known versions of the download object (including those version versions released in beta and pre-release products).
We have also reformatted the output displayed in the Information panel, to make it clearer and easier to understand (see the screen capture below for an example).
Microsoft Edge Typed URLs
Microsoft Edge v42 changed the location of Typed URLs from the Registry to a table within the spartan.edb database. We have added support for importing Typed URL data from the new location.
Microsoft Edge Cookies
With the release of Microsoft Edge v40, the structure of the table relating to cookie entries completely changed. The older table structure contained information pointing to an externally stored cookie file which was located in the file system. The new cookie table structure brought the actual cookie information into the database table, negating the need to save this information to an external file.
We have added support for importing Cookie data from the new location.
Microsoft Edge HSTS Entries
We have added support for the import of data from the HstsEntry tables. This data relates to HTTP Strict Transport Security (HSTS) and is a web security policy mechanism that helps to protect websites against protocol downgrade attacks and cookie hijacking. It allows web servers to declare that web browsers (or other complying user agents) should interact with it using only secure HTTPS connections, and never via the insecure HTTP protocol.
Netscape HTML Bookmark File Description
We have added some additional functionality to our processing of Netscape HTML Bookmark files. If you are unfamiliar with this file type, it is a common format, shared by many browsers, for the import/export of bookmarks and "favorite" entries.
In addition to extracting image and favicon files (which will be displayed in the Viewer panel), we extract the description portion of the entry so it can be added to the search index. The actual text data can be viewed from the Index panel (as shown below), and can be searched via our Search Index feature.
Internal HTML Viewer