Thursday, August 13, 2015

MetaDiver 2.1 has been released #metadata #data #dfir #infosec

I’m excited to announce that MetaDiver 2.1 has been released! This is close to a full rewrite with better scalability. The ability to review metadata in MetaDiver has been greatly improved. The back-end has been rewritten to use SQLite. Many new documents are now handled including email archives,  Windows Shortcuts including lnk and jumplists, legacy doc 97 and archives.

Changes in 2.1

-Backend rewrite to SQLite
-Email header support added: MSG, PST, EML, EMLX.
-Email extended MAPI added – some extended mapi header information being added
-Legacy office doc’s ’97 support
-Windows Shortcut parsing LNK and Jumplists enumeration
-Archive enumeration (zip, 7z, arj, rar, gzip, bzip2, iso, vhd, vhdx, vmdk, cab)
-Command line version (basic functionality)
-Improvements to error handling when file permission denied (Users like to select the entire partition, click and forget…)
-large dataset support using paging.
-openxml office mapping bug fixes
-exif: bug fixes
-exif: user comments decoding hex added
-logging rewrite
-fixes for IO handling reparse and permission denied when reading full drive.
-Review form: panel’s are now sizeable
-Review form: column width’s are remembered
-Case path added
-UI improvements
-various bug fixes


by Dave via EasyMetaData.com