Fix Release

This release contains a few improvements and many fixes. This is possibly the last release of 4.1.x series. Please see the ReleaseNotes.txt for the full changes, some of them are highlighted below:

#455: Optimization of UFDR reader module to use half the memory (@lfcnassif)
#439: Show warning in GUI for each evidence processed unsuccessfully (@lfcnassif)
#1932: Imagemagick portable missing vcomp140.dll dependency [4.1.5 regression] (@lfcnassif)
#2037: Bookmarks may be lost in multicase reports (@wladimirleite)
#1975: Processed files in mounted folders with incorrect extension being renamed when opened externally (@lfcnassif)
#2092: Incorrect directory tree when parsing partial/segmented RAR files (@lfcnassif)
#1977: Telegram parser duplicating messages (@hauck-jvsh)
#1921: WhatsApp recovered media messages may become duplicated (iOS only) (@wladimirleite)
#2089: Failing to process Cellebrite XML Reports (@fmpfeifer, @lfcnassif)
#2038: Aborting OutOfMemoryError caused by too many search results from UFEDChatParser (@lfcnassif, @wladimirleite)
#2099: Non VMDK file being detected as VMDK causing processing to abort (@fsicoli)
#2110: Report generation aborting because of inconsistent data types while indexing (@wladimirleite, @lfcnassif)
#1942: Audios not retried and skipped if specific errors happen in remote transcription service (@lfcnassif)
#2051: Stop condition for Whatsapp Message.setThumbData() recursion (@aberenguel, @lfcnassif)
#2024: Geopoints wrongly indexed to OpenSearch (@hauck-jvsh)

Fix Release

This release fixes a critical vulnerability in Google libwebp library CVE-2023-4863. We strongly recommend all users to upgrade. There are other important fixes, listed below:

#1903: RCE vulnerability in libwebp dependency (@wladimirleite, @lfcnassif)
#1898: Discord Parser can show wrong attachment file (@felipecampanini, @lfcnassif)
#1843: Some deleted chats or messages not being tagged as deleted (@hauck-jvsh)
#1879: Dates read from UFDR can be decoded using a wrong timezone (@wladimirleite)
#1868: PDF xmp timestamps aren't extracted with timezone info (@patrickdalla)
#1833: Transcribing audios with more than 2GB on remote service never ends (@hauck-jvsh, @lfcnassif)
#1880: Error while parsing WhatsApp contacts (@wladimirleite)
#1840: Fix links to audio and videos in WhatsApp chats, if files are in an input folder (@wladimirleite, @lfcnassif)
#1836: Broken links in Whatsapp chats when attachments file names contain emojis (@wladimirleite, @gfd2020)
#1897: Just first regex hit is shown if multiple regex patterns match the same input string (@wladimirleite)
#1870: NPE in SleuthkitClient when generating report with a virtual disk (@aberenguel, @lfcnassif)
#1875: ALT+Key to remove from bookmark not working properly with CRTL and SHIFT shortcuts (@wladimirleite)
#1846: APFS password not set when opening the case on Linux (@aberenguel)
#1909: Vosk transcription may slow down during large cases processing (@wladimirleite)
#1842: Improve layout for audio and video tags in whatsapp chats opened in browser (@wladimirleite)

Minor Release

This release contains improvements and fixes, please see the ReleaseNotes.txt for the full changes. Some of them are highlighted below:
News:
#1294: Support parsing LZFSE compressed files from iCloud backups (@lfcnassif)
#1525: Support parsing MacOS XXXXX.partial.emlx emails attachments (@FelipeFcosta, @lfcnassif)
#1798: Support iLBC (Internet Low Bitrate Codec) audios (@wladimirleite)
#1786: Improve the detection of Matroska files: MKV, MKA and WEBM (@wladimirleite)
#1815: Improve the detection of WhatsApp iOS account plist file (@lfcnassif)
#1793: Improve the detection of Apple iWork 13 documents (@lfcnassif)
#1809: Extract frames from videos in mounted paths longer than 256 chars on Windows (@lfcnassif, @wladimirleite)
Fixes:
#1769: Map renders locations but a blank background [regression 4.1.0] (@lfcnassif)
#1774: Old WhatsApp versions parsing affected by forwarded message feature [regression 4.1.3] (@hauck-jvsh, @lfcnassif, @wladimirleite)
#1791: WhatsApp parser may lose recent messages (@wladimirleite)
#1765: Aborting IOException from AudioTranscriptTask (@lfcnassif)
#1801: Never add video: prefix to transcription properties (@lfcnassif)
#1782: Error opening items inside an E01 from an unmounted READ ONLY Windows network share (@wladimirleite)
#1814: Corrupted ISO caused an "infinite recursion loop" in SevenZipParser (@wladimirleite, @lfcnassif)
#1752: TorTcParser timestamp in UTC although not informed (@patrickdalla, @lfcnassif)

Minor Release

This release contains a few improvements and fixes, please see the ReleaseNotes.txt for the full changes. Some of them are highlighted below:

News:
#1287: Flag Whatsapp Forwarded messages (@wladimirleite, @gfd2020)
#1647: Handle some new and common WhatsApp system messages (@wladimirleite, @lfcnassif)
#1610: Read WhatsApp owner account information from more sources on Android (@wladimirleite)
#1661: Support WhatsApp reactions (@wladimirleite)
#1636: Emule *.part.met files carving (@hugohmk)
#1707: Load Timeline chart data just when it becomes visible to decrease memory usage by UI (@patrickdalla)
#1719: Use Windows trusted certificate store so Map view works through some organization proxies (@patrickdalla)
#1701: Export items to local case if enableAutomaticExportFiles and enableMinIO are both enabled (@hauck-jvsh)
#1694: Optimize UFDR evidences opening time through some networks (@lfcnassif, @wladimirleite)
#1737: Update localization for Italian, Spanish and German (@flates, @AburtoArielPM, @mobab-th, @lfcnassif)
Fixes:
#1691: Possible wrong linking between WhatsApp accounts & chats if there are multiple accounts [Windows] (@wladimirleite)
#1712: Max heap memory used by Analysis App can be greater than RAM causing UI crashes (@patrickdalla, @lfcnassif)
#1730: Emule known.met parser missing several entries (@hauck-jvsh, @wladimirleite)
#1679: WhatsApp parsing timeout can break parsing of other WA databases (@lfcnassif)
#1663: Processing frozen due to infinite timeouts transcribing huge audios on transcription service (@hauck-jvsh)
#1664: Problems decoding Cyrillic and other unicode chars from registry files (@lfcnassif)
#1668: Aborting IllegalArgumentException: DocValuesField "parentIds" is too large, caused by GeofileParser (@patrickdalla)
#1676: Aborting ArrayIndexOutOfBoundsException from Lucene when creating reports with huge files (@lfcnassif)

Minor Release

This release contains fixes and very few enhancements. They are listed below:
News:
#1559: Support decoding audio and video calls from android WhatsApp databases v2.22.8+ (@hauck-jvsh, @lfcnassif)
#1170: Delete temp DLLs and whole temp folder after processing (@lfcnassif)
#1643: Update localization files (@flates, @mobab-th, @AburtoArielPM, @lfcnassif)
Fixes:
#1630: Some Emlx emails being detected as Html (@lfcnassif)
#1623: Change EML parser/viewer to inline extra txt/html body parts instead of extracting them as attachs (@lfcnassif)
#1628: Communication properties of items decoded from UFDR not exported to reports (@lfcnassif)
#1629: Temp files opened externally (e.g. by double click) leaked in temp folder (@lfcnassif)
#1597: Parameter -d NOT working when related value has a comma in a folder name (@lfcnassif)
#1607: Multicases do not work if case parent folder is named "iped" (@lfcnassif)
#1606: NoRouteToHostException causing remote transcription to skip audios (@lfcnassif)
#1595: "Wait" progress does not hide after quick operation on Linux (@wladimirleite, @patrickdalla)
#1614: EntropyTask processing videos when creating report slowing down report generation (@wladimirleite)
#1638: For some (rare) images, ocrCharCount is including a few characters that didn't come from OCR (@wladimirleite)
#1641: Exception thrown by the splash screen manager in the very first usage (@wladimirleite)
#1596: Test error while building when comparing Dates in some timezones (@lfcnassif)

Minor Release

This release contains fixes and a few improvements, please see the ReleaseNotes.txt for the full changes. Some of them are highlighted below:
News:
#1553: New Tab to list Referenced items (@lfcnassif)
#1566: Convert audios to WAV on transcription service side again (@lfcnassif)
#1556: Makes Ctrl+A and Space (check selected) work for Subitems, Duplicates, References, ReferencedBy tabs (@lfcnassif)
#1267: Makes Google and Wav2Vec2 audio transcription not dependent of FFmpeg anymore (@wladimirleite)
#1531: Converge all TwelveMonkeys libraries to 3.9.4 (@wladimirleite)
Fixes:
#1555: Media captions missed by new Android Whatsapp parser and UFDR chat parser (@lfcnassif)
#1565: Layout restore prevents panels added in newer IPED versions to be visible (@wladimirleite)
#1544: Error parsing Shareaza Library1/2.dat files (@wladimirleite)
#1585: Some chat messages from UFDR reports being duplicated (@lfcnassif)
#1142: Improve LocalConfig.txt options loading on different machines (@lfcnassif)
#1584: Error reading extracted text file from XXXXX, maybe your antivirus blocked or deleted it: java.io.FileNotFoundException (@lfcnassif)
#1561: Clients with slow networks blocking transcription cluster resources (@lfcnassif)
#1540: Socket timeouts thrown by transcription service side not retried (@lfcnassif)
#1588 & #1589: Error creating report with local/remote wav2vec2 transcription enabled (@lfcnassif)

Minor Release

This release contains fixes and important new features, please see the ReleaseNotes.txt for the full changes. Some of them are highlighted below:

#306: Timeline chart to show item counts and filter items based on date ranges (@patrickdalla, @lfcnassif, @FelipeFcosta, @paulobreim)
#1214: New local/remote audio transcription using Facebook wav2vec2 and transcription cluster service (@lfcnassif)
#1286: Parser for Windows 10 Mail App (@FelipeFcosta, @lfcnassif)
#390: Discord cache files parser (@felipecampanini, @lfcnassif)
#1322: New Windows EVTX parser to extract events timestamps (@patrickdalla, @lfcnassif)
#1461: Support importing new NIST NSRL RDS version 3 format (@wladimirleite)
#1201: Support rendering tracks on Map tab (@patrickdalla)
#1282: Extract telegram deleted groups (@hauck-jvsh, @lfcnassif)
#281: Extract P2P (Emule, Shareaza, Ares) history entries as separate items in case (@patrickdalla, @lfcnassif)
#1107: Option to extract a number of video frames as a function of video duration (@lfcnassif)
#1371: Search for Vendors and Products Identifiers for Hardware Wallets (@mobab-th, @lfcnassif)
#1370: Create categories for other types extracted from UFDRs (@wladimirleite)
#1202: Image blur and gray filters in gallery and image viewer (@abdalla-mar, @lfcnassif, @wladimirleite)
#1291: Render file type icons on user interface (@gfd2020, @lfcnassif, @wladimirleite)
#1511: Visual Enhancements in Processing UI (@wladimirleite)
#1279: RegRipper Custom Reports (@DHoelz, @lfcnassif)
#1092: Spanish Translation (@AburtoArielPM)
#1340: Upgrade to Sleuthkit-4.12.0 (@lfcnassif)
#1434: Update localization files to Italian, German & Spanish (@flates, @mobab-th, @AburtoArielPM, @lfcnassif)

Fix release

This release has important fixes, please see the ReleaseNotes.txt for the full changes. Some of them are highlighted below:
#1336: Makes analysis UI to work from an unmounted network path again (@tc-wleite)
#1446: Map tab not working with http(s) system proxy (@lfcnassif)
#1403: OutOfMemoryError caused by com.dd.plist library (@lfcnassif)
#1421: Aborting StackOverflow exception thrown by QRCodeTask (@lfcnassif)
#1415: QRCodeTask hanging for hours (@hauck-jvsh @lfcnassif)
#1392: Error applying user defined filters with colon in property name after reopening the case (@lfcnassif)
#1441: DocThumbTask not working on 4.0.x if enableExternalParsing is enabled (@lfcnassif)
#1409: Items with "thumbsOnly" option don't display properly in the generated report (@tc-wleite)
#1452: LedCarveTask might miss a lot of items (@lfcnassif)
#1428: On Linux v.4.0.6. fails to decrypt APFS partition that v.3.17.1 could decrypt - Sleuthkit 4.11.1 issue (@arisjr)
#1454: Remove "<br/> Empty media" from Telegram messages (@lfcnassif)

Fix release

This release fixes a critical vulnerability caused by Apache Commons Text 1.8 library, and others. We strongly recommend all users to upgrade. Fixes:
#1374: Vulnerability in WhatsAppParser caused by Apache Commons Text 1.8 lib [affects 3.18.1 to 4.0.5] (@lfcnassif)
#1379: DBX parser plugin not working [4.0 regression] (@lfcnassif)
#1358: OutOfMemoryError caused by processing queue growing too much (@lfcnassif)
#1368: User interface scaling is not working in some environments (@tc-wleite)
#1357: Any zero sized file rendered as X icon in gallery (@lfcnassif)
#1387: Unneeded network dependency slowing down application start up (@lfcnassif, @tc-wleite)
#1381: Sometimes autocomplete (TAB) does not find certain properties (@tc-wleite)
#1365: Minor UI glitch in similar image search panel (@tc-wleite)
#471: Log Console Error (@tc-wleite)

Fix release

This release has a few fixes, some of them very important. They are listed below:
#1350: Several folders and files missed by Sleuthkit-4.11.1 when processing an evidence with files owned by IIS default account (@lfcnassif)
#1338: UFED chat messages with unknown sender (@hauck-jvsh, @lfcnassif)
#1349: Timeouts while transcribing small audios - 4.0.4 regression (@lfcnassif)
#1328: IgnoreFilesByPathTask.js not being executed by triage profile (@lfcnassif)
#1327: Aborting IndexOutOfBoundsException caused by carved file with negative size (@lfcnassif)
#1332: Databases classified in categories other than 'Databases' are showing all table content on HTMLViewer - affects 3.18.x (@lfcnassif, @patrickdalla)
#1353: Table column parallel sorting may not be visible to other threads - affects 3.18.x (@lfcnassif, @patrickdalla)
#1348: Check/Uncheck all items action not propagated to Map tab - affects 3.18.x (@lfcnassif)
#697: Map previous/next buttons first click after sorting change are considering previous sorting order - affects 3.18.x (@patrickdalla, @lfcnassif)
#1352: If processing aborts, sometimes a different exception than the cause is printed in the Console - affects 3.18.x (@lfcnassif)