Thursday, May 4, 2017

MetaDiver 3.0 beta is released #dfir #infosec #metadata

I’m happy to announce the first beta release of MetaDiver 3.0!

About: MetaDiver is a utility to slice and dice files and recover metadata from various types of files such as emails, documents, pictures, videos and music among many files. With MetaDiver you will find detailed metadata that many tools either do not find.

It has been a year since the last version release! That’s a long time but, a lot of great things have happened in my life over the past year… and I had a lot of things i wanted to improve in MetaDiver before I put out a new release. It has been the classic scope creep. The look and feel may not be very different at first look but you will quickly notice the difference. Hopefully all of those late nights coding after work was worth it and you find MetaDiver as useful as we do in our lab.

Feedback: If you have thoughts and suggestions I’ve put together a feedback form. Please give me helpful feedback!

Change: The new version 3 has some great new features including:

  • Keyword searching added – now you can load keywords then process the metadata. Hits will display in a column “Search hits”
  • 3rd party UI controls for better user experience when reviewing metadata
  • Rewrite of the processing engine and much of the codebase with two focuses.
    • #1 SPEED – I’ve clocked it on software raid1 at 380 MB/s
    • #2 MEMORY – Memory utilization is way down
  • Replaced homebrew logging with apache log4net
  • Removed dependency on win32 shell for item type detection
  • Tika known document types (globs) are processed by default and other unknown file types are handled by the Tika engine unless user checks the box for “process unknown file types”.
  • Added picture review in review window
  • Added GPS exif review in the new picture tab in review window
  • Added the ability to click a buttom to bring GPS coordinates up in online map
  • All known document types and media are now fed into tika (custom doc types will be handled by metadiver parsers)
  • Forensic artifact Windows shortcuts and Jumplists are handled by shellify for now. ~Possibly switching to Lecmd codebase in 3.1
  • Various bug fixes and other enhancements

Please fill out the feedback form so I can get an idea of what you like, how you use MetaDiver, and what you’d like to have added

Download: You can download metadiver 3.0 (beta 1) here

Enjoy!

Dave


by Dave via EasyMetaData