Softpedia >Windows >Internet >Chat >Other Chat Tools >Internet Evidence Finder >  Changelog

Internet Evidence Finder Changelog

What's new in Internet Evidence Finder 4.0.0

Feb 2, 2011
  • New, simplified Graphical User Interface
  • 11 new searches for grand total of 30 artifacts IEF can search for
  • The file system is now also searched instead of just a sector level search
  • Can search Unallocated Clusters only, optionally including file slack space
  • On NTFS drives, the MFT (Master File Table) is searched for resident deleted files
  • All recovered data outputs to a report case folder now and viewed with the IEF Report Viewer, full report can be created or data exported to multiple formats
  • Yahoo! Messenger existing log files are now parsed without requiring usernames
  • Yahoo! Messenger chat log validation has been improved, with support for date ranges and message text filtering
  • The compressed data in Hiberfil.sys files is decompressed on-the-fly during searches making it easy to recover artifacts within these files
  • 5 total search functions (Quick, Full, Unallocated Only, Full – Sector level, and Files/Folders)
  • Major re-write of most old searches and program code to improve speed and stability
  • Facebook live chat search completely rewritten to find even more chat, including damaged fragments
  • Facebook unicode text is now converted
  • Updated MSN/Windows Live Messenger search re-written to find more chat, faster
  • New Portable Edition that can run on live systems
  • Portable and Standard versions can both access locked files such as the Pagefile.sys file on a live system

New in Internet Evidence Finder 3.6.0 (Oct 21, 2010)

  • IEF updated to support new format of Facebook live chat messages. Older versions of these chat artifacts are also still supported and recovered. The new format was causing issues with the “Recipient Name” field and allowing improper duplicates into the report.

New in Internet Evidence Finder 3.5.2 (Oct 21, 2010)

  • Bug fixed that wouldn’t let IEF load when certain types of virtual drives/shares were present on the system.
  • An interface option that was missing was added.
  • Some search stability/error checking features were added.

New in Internet Evidence Finder 3.5.1 (Apr 19, 2010)

  • Bug fixed that stopped IEF in some cases from loading when in demo mode.

New in Internet Evidence Finder 3.5.0 (Apr 19, 2010)

  • Limewire Searches updated to support more types of keyword searches in Limewire, and the Limewire version support updated to indicate support for versions 5.2.8 to 5.5.8

New in Internet Evidence Finder 3.4.0 (Mar 31, 2010)

  • When selecting a file as the source, now multiple files can be selected without having to go with the Select Folder option
  • Updated MSN/WLM text fragment recovery
  • Added recovery of additional GoogleTalk® artifacts
  • Added retries (up to 20) when an error occurs reading a file or sector
  • Empty folders (i.e. 0 hits) in the output folder are removed at the end of the search now
  • Added a “Go to output folder” button that is appears after the search is completed
  • Fixed bug where user was sometimes prompted when errors occurred even if “ignore errors” was checked
  • Issue resolved where installer could not launch IEF properly in Vista/7
  • Slight UI improvements
  • Demo version now saves up to 20 items per search

New in Internet Evidence Finder 3.3.0 (Jan 25, 2010)

  • Added the Facebook Email “Snippets” search function.

New in Internet Evidence Finder 3.2.0 (Jan 14, 2010)

  • A newly discovered Facebook live chat artifact format is now supported in the Facebook Chat search of version 3.2.0, enabling IEF to locate and recover more Facebook chat. Thanks to Allen LaFontaine for his help with discovering this new format.
  • A new search option has been added: “Ignore output errors during search”. If this item is checked, IEF will ignore any output errors during the search and automatically continues, logging the error in the IEF log file. This prevents IEF from waiting for user input if IEF is started and then left unattended.
  • IEF now will save up to 10 items per selected search when running in “demo mode” without a key. This allows IEF to be better evaluated before purchasing.

New in Internet Evidence Finder 3.1.0 (Jan 14, 2010)

  • New search added! IEF now can locate and recover non-encrypted Yahoo! Messenger chat. No username is required to locate these artifacts, which appear to be left behind in memory directly from the Yahoo! chat window. See further down this page or click on the “?” in the “Search for…” box in IEF for more information on this search. (Thanks to Herb Scott and Stephen Swanson for their help with this new search.)
  • Changed how IEF counts hits for Yahoo! chat. Even if multiple usernames are entered, only one hit is counted for each located message, even though decryption is attempted using all the provided usernames on that message.
  • Cosmetic updates: Added a “Check for Updates” on the main screen, changed the MB/sec reading to MB/min for more accuracy, and a few other minor changes that don’t change any functionality.

New in Internet Evidence Finder 3.0.2 (Jan 14, 2010)

  • Support for very large volumes (16TB+) added
  • Main search routine optimized
  • Yahoo! Messenger false positive detection code improved
  • Spaces automatically stripped from user-provided user names for Yahoo! Messenger decryption
  • Bug fixed with Yahoo! Messenger search where discarded false positives were still counted as hits

New in Internet Evidence Finder 3.0.1 (Jan 14, 2010)

  • No longer need to right-click and select “Run as administrator” in Vista/7. Just run IEF as usual, accept the warning (if it appears) and IEF will launch and run properly.
  • Yahoo! Messenger chat search function fine tuned to eliminate more false hits and clean up the report.

New in Internet Evidence Finder 3.0.0 (Jan 14, 2010)

  • 10 new searches added! (Limewire ver 5.3.6 Search History, Limewire.props files, IE8 InPrivate/Recovery URLs, Yahoo! Messenger Group Chat, Yahoo! Webmail email, Hotmail Webmail email, AOL Instant Messenger chat logs, Messenger Plus! chat logs, MySpace chat, Bebo chat)
  • All searches tweaked, improved, and faster
  • Better Facebook web page fragment filtering
  • Log file created now containing search details and results
  • Added option of selecting an entire folder (and optionally, sub-folders) instead of a single file
  • Multiple Yahoo! Messenger user names now supported – one report file for each user name is created
  • Results are now written to file as the search progresses, to a CSV or TSV file (Excel option removed in order to make this possible, and to avoid issues with different versions of Excel/date manipulation)
  • Greatly improved memory management
  • “Physical Sector” changed to read “Logical Sector” in report files when a logical drive (e.g. ‘C:’) is searched
  • If a logical drive is selected and Yahoo! Messenger chat is being searched for, IEF will check the folder structure to check for possible Yahoo! Messenger user names
  • HTML ‘index.htm’ files are now generated as an index for the individual files that are created in some of the searches
  • ‘Check for updates’ function added to check if newer versions of IEF are available