v0.17.0

Added

• Dashboard warns when screenshots are arriving for a different case than the one you're viewing (closes the case-mismatch footgun).
• Anonymization auto-discovery now learns entities from screenshots (OCR), grouped by type; each is removable (✕ stops anonymizing it, ↺ restores).
• Leveled logging to file — global session log + per-case audit trail; DFIR_LOG_LEVEL (+ live Settings toggle), DFIR_LOG_DIR. debug traces AI calls, captures, OCR, anonymization, enrichment.
• Timeline events show the affected host chip and clickable finding links; report §3.1 gains a Host column.
• Local OCR screenshot anonymization — Tesseract redacts matching text in-memory before sending to an external vision model (closes #19).
• Timeline Swimlane view — interactive asset/time chart with selection, scope-to-view, and PNG/SVG export (closes #33).
• Global full-text filter + time-range filter behind a toolbar icon.
• Analyst Notebook entries record their author; multi-investigator real-time sync over WebSocket (closes #29).
• IOC bulk select + batch actions, an IOC whitelist (auto-mark known-good), and "⊕ N sources" corroboration badges (closes #35).

Changed

• Anonymization modal: clearer auto-detected panel + dropped the stray scrollbar.
• Dashboard "Search" relabelled "Filter" (it filters in place); magnifier + / shortcut kept.
• Responsive toolbar — settings gear pinned top-right, action buttons auto-collapse to icons.

Fixed

• Duplicate detection now uses an exact SHA-256 content hash (was a fuzzy perceptual hash that collapsed different-but-similar log pages); DFIR_DEDUP=off disables it.
• Search placeholder no longer truncated (full hint moved to the tooltip).
• OCR redaction was a silent no-op (tesseract.js default export) — screenshots had been sent un-redacted.
• "AI on — catching up…" status no longer hangs when there's nothing to analyze.

Security

• Added SECURITY.md (localhost posture, reporting, and the deferred dev-only vitest audit advisories).