E3 Forensic Platform Release Details

RELEASE  version 3.2

Spring 2022

Call Us

+1-801-796-0944

Send Mail

forensics@paraben.com

COMPUTER FEATURES

SMARTPHONE FEATURES

CLOUD FEATURES

COMPLIANCE FEATURES

OSINT FEATURES

PAST RELEASES

Start a Trial
Request a Demonstration

Computer

Features

  • Version 3.2 Released Spring 2022
  • Support on Windows 11 Mail has been added.
  • A new Compliance Archive evidence has been added.
  • Now, it is available under the E3:UNIVERSAl, E3:DS, and E3:P2C licenses.
    New categories are added to Data Triage:
  • Windows 10 Artifacts: It provides access to the system folders containing Event Logs and Prefetch files.
  • Office Backstage: It provides quick access to the Backstage folders both for the desktop Microsoft Office up to Office 2019 and Microsoft Office 365.
  • New keys are added to the Parsed Registry Data category in the Data Triage:
    Office 365 (Word) MRU
    Office 365 (Excel) MRU
    Office 365 (PowerPoint) MRU
  • The Malware Detection category has been added to the Registry part of the Data Triage. It includes the keys that might be useful during malware detection investigation, such as:
    • Auto-run: Shows what programs are started automatically on the PC.
    • RunOnce: Shows the commands to be executed in the system once and then deleted.
    • Run Virtual: Shows the locally installed apps that are set to be run in a virtual environment.
    • AppCompatFlags: Shows the compatibility options for the programs. â–ª Winlogon: Shows information about user authorization and Windows activation checks.
    • Terminal Server: Shows the configuration of the Terminal Server and all its services.
    • Storage Devices: Shows the list of detected storage devices that were used on the Investigated PC.
    • Users Info: Information about the existing Windows users. The following information is provided about each user: <name of the user>
    • Auto-run: Shows what programs are started automatically for the selected user.
    • RunOnce: Shows the commands to be executed in the system once and then deleted for the selected user.
    • Run Virtual: Shows the locally installed apps that are set to be run in a virtual environment for the selected user.
    • TypedURLs: Shows a list of 25 recent URLs (or file paths) that were typed in the Internet Explorer (IE) or Windows Explorer address bar.
    • TypedPaths: Shows a list of paths typed in the path bar of the File Explorer.
    • MUICache: Shows a list of programs that have been used.
    • Feature Usage: Shows the number of times the application was clicked.
    • AppCompatFlags: Shows the compatibility options for the programs for the user.
    • WordWheelQuery: Shows a list of recent searches performed via Windows Explorer.
    • Timeline’s category contains timelines for the most popular registry keys. Also, for some keys, which are not parsed in other parts of Data Triage, this category contains parsed data. The Timelines category includes 14 computer-specific timelines (including one Summary timeline) and 19 user-specific timelines (including one Summary timeline) for each user of the investigated PC, namely:
      • Summary Timeline: The full timeline for all keys for all computer-specific categories except the user-specific categories displayed under the Users Info node.
      • Amcache Timeline: Information contained in the Amcache registry hive.
      • AppCompatCache Timeline: Information from the Application Compatibility flags database.
      • App Paths Timeline: Information from the App Paths subkeys from the Software hive.
      • Background Activity Moderator Driver Timeline: Information on the Background Activity Moderator Driver (bam.sys) controlling the activity of the background applications.
      • DirectX Most Recent Applications Timeline: Information on the most recent applications using DirectX.
      • NetworkList Timeline: Information from the NetworkList key, including the MAC address of the default gateway.
      • Print Monitor Timeline: Information on the print monitors.
      • SAM Timeline: Information about the Security Accounts Manager service.
      • Shimcache Timeline: Information about application compatibility cache.
      • TaskCache Timeline: Information about the tasks that might be used by the threat actors during the engagement.
      • Tasks Timeline: Information about scheduled tasks created on the PC.
      • Tracing Timeline: Information on the applications that can be traced.
      • Uninstall Timeline: Information on the applications that can be uninstalled.
      • Users Info: Information about the existing Windows users. The following information is provided about each user: <name of the user>
      • Summary Timeline: The full timeline for all keys for all user-specific categories for the selected user.
      • Audio Mixer Timeline: Information on the audio mixer usage for a specific user.
      • App Paths Timeline: Information from the App Paths subkeys for a specific user.
      • Microsoft Office Trusted Records Timeline: Information on the Microsoft Office documents (Word, Excel, PowerPoint, and Access), for which the user selected to accept bypassing the default security settings for the application.
      • Microsoft Office Docs Timeline: Information on the recently used Microsoft Office documents (Word, Excel, PowerPoint, and Access).
      • MMC Timeline: Information from the Microsoft Management Console recent file list.
      • Recent Docs Timeline: A list of files recently executed or opened through Windows Explorer.
      • RunMRU Timeline: A list of entries (e.g., full file path or commands like cmd, regedit, compmgmt.msc) executed using the Start>Run commands.
      • Shellbags Timeline: Information about the folder structure and view preferences. The keys may be used to find out information about the folders and remote machines or servers a user accessed through Windows Explorer.
      • SysInternals Timeline: Information on the SysInternals apps keys.
      • Terminal Service Client Timeline: Contents of the Terminal Server Client key for a specific user.
      • Text to Speech Timeline: Information related to the Windows text-to-speech functionality.
      • TypedPaths Timeline: A list of paths typed in the path bar of the File Explorer.
      • TypedURLs Timeline: A list of 25 recent URLs (or file paths) that were typed in the Internet Explorer (IE) or Windows Explorer address bar.
      • Uninstall Timeline: A list of the user-specific applications that can be uninstalled.
      • UserAssist Timeline: The contents of the UserAssist subkeys.
      • WinRAR Timeline: Subkeys associated with the WinRAR activity.
      • WordWheelQuery Timeline: Shows a list of recent searches performed via Windows Explorer.
      • Windows Subsystem for Linux Timeline: Data from the Windows\CurrentVersion\Applets Recent File List values

Smartphone

Features

  • The Permissions Details grid is added for data received during the logical acquisition from the iOS devices and iOS backup import. The Permissions Details grid contains information about the permission modification date and reason.
  • Issue with the application details displaying, such as, an application name, icon, and version, for the Application List grid received during the iOS Backup import have been resolved.
  • Issue with the missing Application Permissions grid has been fixed for iOS Backup import.
  • New kernel files to be used with the Root Engine have been added to the collection available for downloading on the Paraben site allowing additional rooting options for Android devices.

 

Cloud

Features

  • No changes this release.

Compliance

Features

  • No changes this release.

OSINT

Features

  • Not available in this release.