-
Notifications
You must be signed in to change notification settings - Fork 57
/
RELEASENOTES
172 lines (134 loc) · 6 KB
/
RELEASENOTES
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
Release Notes
=============
Detailed description of changes is available in the CHANGES.current and
CHANGES files. The summary below just contains a brief overview of the changes
made in each release.
DFF-1.3.0 summary:
Features:
---------
User Interfaces:
----------------
* Node browser :
- The browser is now UTF-8 aware, so it means that characters of file
name and directory will be readable in any languages.
- You can use the arrow icon near the foldername in the treeview to
display the content of a directory and its subdirectories (recursively).
- You can now tag nodes
- You can now filter nodes
- The menu of the search panel was entirely rewritten and is much more
easy to use now
- You can now easily create attribute list and dynamically change
column
- Video have thumbnail
- A blue icon with a blue '+' now appears on top of node which created
children (Has a module applied on it).
- A new icon which looks like a 'link' now appears on top of nodes
which is a VFS link to an other node. You can double-click on it to be
redirected to the linked node.
- A new root icon called "modules root" gives shortcut to all nodes
which have created children.
- A new check box system is in place to select files you want to
bookmark or do another operations on them. You can also use the right button
menu to select/deselect your choices.
- The path bar has now a button and an edit mode
* batch : Now DFF shell command in batch must be preceeded by : ! , other
commands will be interepreted as python code. So you can merge DFF commands
and python in a batch script. Comment line starting with # will no longer be
printed as you can use the python print function directly. When using it with
python think to launch DFF in '-d'debug mode ('-d') to have the output
redirected
* preview widget : You can now disable preview by clicking the check box on
the top of the widget. This can fasten the browsing of files with the keyboard
arrow in the node browser as the preview menu doesn't need to update each time
a file is selected
Modules:
--------
* Compound : Parse and extract content of compound documents : MS
office document before 2010, MSI, thumbs.db, ...
This module also has specific functionallity for MS office document.
It can extract metadata for document and sub document streams contained in the
archive. It can also extracts pictures embedded in datastream, WordDocument
stream (.doc) and Pictures stream (.ppt)
* Prefetch : Extract metadata of prefetch file (.pf)
* Lnk : Extract metadata of link file (.lnk)
* Text: Module has been enhanced to let you choose the encoding of the
document you are reading
* Video thumbnail viewer : It displays 10 thumbnails of a video
(generated each 10%)
* Devices : For linux now devices modules can be built to use libudev rather
than dbus and HAL
* Registry : The registry modules is now based on pyregfi. You can choose to
simply execute the module then use the viewer to view the content of gathered
hives or you can choose to extract content directly in DFF tree by specfying
option
* Registry viewer : A regedit like viewer to browse registry content
* hash :
- The module can now tag nodes by using a hash set (One hash per line)
- It can detect hash set base type (md5, sha1, ...) automatically
- You can specify a maximum size of file to be hashed
- You can specify a cache limit where files will not be cached but
results will be obtained dynamically. (To use less memory when there is a very
large amount of files to hash)
API:
----
* Variant : Variant are now reference counted in C++. You must use variant_p
to declare you variant as refcounted
* VFS :
- A cache template was created and used for fileMapping, vfile, and
attribute
- A refcount template was added
- A tag manager was added to the API, the ability to tag node
node.setTag("malware"), search and filter by tags
* Search :
- You can now search keyword entered in a dictionary (file)
- Syntax has been enhanced and supports more keywords
- You can dynamically created alias for too long attributes
Build:
------
* GIT : The achitecture has changed. Now it's subdivised in several submodules
* Launch permission : It's now possible to directly launch DFF as administrator
by right-clicking on the desktop link on Windows
Bug Fixes :
-----------
GUI:
----
* taskmanager :
- Time of process not yet started is now set to 0.
- When a script or module has finished its execution the state will be
set to 'finished' even if it's a graphical module with an opened window
Modules:
--------
* FATFS :
- Conversion of filename to UTF-8, speed optimization
- More detailed attributes
- Fix for time in usecond which was not set to 0 but was random
* NTFS :
- Support UTF-8 filename
- Close of vfile
- Memory leaks
- Adds option to not check for deleted and orphan files
- Crashes when MFT was not found
- Infinite loop on deleted items
- Adds timestamps from $FILENAME attributes for each NTFS nodes
* FUSE :
- Now run in background mode
- Use one thread
* EWF : Speed improvement
* PFF:
- Fix bug when parsing attributes of attached item attributes
- Set subject as node name
* EXTFS:
- Add slack's nodes and an option to chose to display them
- Fix a bug that prevented file names to be parsed properly
- Fix some memory leaks
* carver:
- Use the new search API
- Fix problem with footer size
- The start button is now greyed when it's not configured
* metaexif : Use the PIL library to extract metadata
* extract :
- Fix unicode encoding problem that lead to not extract some files
- Some forbidden character and filename are now renamed to be able to
be created on some file system
* timeline :
- Fix for nodes with bad time attribute like 0000-00-00 00:00:00