Announcements

New updates and improvements to Forensic Email Collector

  1. 3.75.1.13

    FEC Release

    ✔️ Switched default servers for Yahoo and AOL to work around limits imposed by these providers.

    ✔️ Added a new built-in acquisition profile for DreamHost.

    2

  2. 3.75.1.12

    FEC Release

    ✔️Support for acquiring the Audit Log during EWS acquisitions in response to recent changes from Microsoft.

    ✔️Support for additional EWS item subclasses.

    Like

  3. 3.75.1.10

    FEC Release

    ✔️Maintenance release that addresses an issue where an extra slash at the end of the project path could be perceived as a deviation from the original project path and prevent FEC from manually resuming a project.

    Like

  4. 3.75.1.9

    FEC Release

    Read release notes

    🆕 Introduced Credential Manager

    1

    Credential Manager

    Allow management of credentials in existing acquisition projects to support the following workflows: Replace a Remote Authenticator token with a new one This can be useful if the authentication token is accidentally invalidated by the end-user during the acquisition and has to be replaced without starting the acquisition over. Change the target account password/app password Similarly, for acquisitions involving legacy username/password authentication, make it possible to change the password in an acquisition project in case the end-user accidentally revokes the app password that was provided. Clear Credentials Make it possible to clear the credential cache in an acquisition project at any time, preventing FEC from being able to authenticate with the target mailbox in the future. Automatically Close Acquisition Projects When an acquisition finishes successfully (i.e., there are no remaining items that could be acquired), automatically clear the credential cache of the acquisition project.

    Arman Gungor
    Released

    0

    🔥Support for Resource Key locked Drive attachments

    ✔️Added option to automatically detect low disk space and send an optional notification email when disk space is critically low

    ✔️Output PST EntryID capture

    1

    Reflect Output PST EntryIDs in Downloaded Items Log

    When the PST output option is selected, include the EntryID of each item written to the output PST in the Downloaded Items Log. This will help correlate items within an output PST with the list of items in Downloaded Items log for metadata overlays, mailbox remediation with Obliterator, etc.

    Arman Gungor
    Released

    0

    🔥Improved Post-Acquisition Actions page

    ✔️It is now possible to clear permanent error flags from items with permanent errors

    ✔️Hash preference on the output page is now retained during navigation

    ✔️Improved logging during Drive attachment & revision acquisition

    ✔️Added UTC label to Date column in the Gmail API in-place search preview window

    ✔️An additional file is no longer created when FEC has to fall back to a secondary Drive attachment acquisition strategy

    ✔️Acquisitions in which no items were identified for collection are now clearly identified in email notifications and end of acquisition messages.

    ✔️An additional safety check is now performed to ensure that the original output path in an acquisition project matches the active path when a project is resumed after the fact.

    ✔️Numerous minor performance and user interface improvements

    Like

  5. 3.70.1.8

    FEC Release

    This is a maintenance release that addresses a very rare case that could prevent a Gmail API in-place search from being executed due to an unexpected Gmail API response.

  6. 3.70.1.5

    FEC Release

    ✔ Introduced differential acquisitions.

    ✔ Added Access Role to data points captured during Google Calendar acquisitions.

    ✔ Added Permissions to data points captured during Google Drive acquisitions.

    ✔ Added option to generate a storage quota report for the target user for Gmail / Google Workspace acquisitions.

    ✔ Switched to .Net Framework 4.6.2.

    ✔ Improved support for phrase searches in Graph API.

    ✔ Numerous other performance and user interface improvements.

    Like

  7. 3.62.3.0

    FEC Release

    ✔ Improved the handling of absolute paths during Drive attachment/revision packaging.

    ✔ FEC application shortcut is now stored inside a Metaspike folder within the Start Menu—next to FEI’s and Obliterator’s shortcuts if installed. Due to this change, we recommend that you uninstall any existing FEC installations in order to keep your list of installed applications organized. Deactivating the license is not needed.

    ✔ Other minor GUI and performance improvements.

    Like

  8. 3.62.2.0

    FEC Release

    ✔ Extended support for shortcut type Drive items.

    ✔ Improved accuracy of Drive attachment identification.

    ✔ Unified Query Builder now adjusts the search queries that it constructs based on the limitations of some IMAP servers.

    ✔ Extended FEC’s built-in provider list with additional IMAP hosts.

    ✔ Fixed an issue where the order of the drag & dropped trusted timestamping files could negatively affect timestamp verification within FEC.

    ✔ Other minor GUI and performance improvements.

    Like

  9. Remote Authenticator 1.50.2

    Remote Authenticator Release

    ✔ Holding down the left Control key while clicking the AUTHENTICATE button now allows the user to bypass automatic provider detection. Useful in scenarios where current MX records do not accurately reflect the target email provider.

    ✔ Extended target email address validation to cover more exotic email address types.

    ✔ Updated Microsoft’s and Google’s OAuth libraries.

    ✔ Added examples to Microsoft’s consumer accounts in the UI to provide more clarity to end-users.

    ✔ Minor GUI improvements.

    Like

  10. 3.61.4.0

    FEC Release

    Read Release Notes

    ✔ Added support for trusted timestamping of acquisition logs and verification of timestamped logs as per RFC 3161. Additional details can be found here.

    ✔ Added Port Tester to test whether network ports FEC commonly uses are open on the device where FEC is run.

    ✔ Capitalization differences between the target email address and Remote Authenticator token email address are now tolerated for Gmail / Google Workspace acquisitions.

    ✔ Added support for the SHA-512 cryptographic hash algorithm.

    ✔ Improved S/MIME decryption of improperly formatted messages.

    ✔ Folder tree view now includes the authenticated email address when it is different than the target email address.

    ✔ OAuth authenticated email address is now logged in FEC’s Acquisition Log.

    ✔ Numerous other performance and user interface improvements.

    Like