All Treats No Tricks

E3 now has unique functionality for OSINT investigators. As the worlds of DFIR and OSINT come together E3 allows for a full 360 degree data analysis perspective.

A new OSINT Cloud Import wizard has been added for analysing OSINT data stored on the cloud-based services.

Support of public Instagram accounts investigation (OSINT) has been added. Now, you can import and analyse such data as:

• Account Info
• Following
• Followers
• Posts

Support of private Instagram accounts investigation in case when the follower’s credentials are known has been added.

Twitter OSINT cloud import allows collecting the following data from any public Twitter accounts:

• Profile Info
• Own Tweets
• Tweets and Replies

New import of Instagram cloud data from the private accounts has been added. Now, you can import such Instagram data as:

• Account Info
• Following
• Followers
• Posts
• Archived Stories
• Chats

New import of Skype cloud accounts is allows importing such data as:

• Contacts
• Individual and group chats

The authentication flow has been changed for cloud import from Gmail and Google Drive to incorporate new security verification from Google.

Remote Cloud Collector connection security has been enhanced.

Potential issues with receiving the Friends list during the Facebook cloud import have been resolved.

A special mechanism for temporary storing authentication tokens in the encrypted database has been implemented to minimize the risk of account blocking by cloud services due to repeated login attempts with credentials.

The Registry node in the Data Triage has been completely reorganized to make access to the important keys easier for an investigator and reflect the investigation process. Now, it includes the following categories of keys:

• Amcache (raw)
• AppCompatFlags
• Auto-run
• DEFAULT user
• Devices
• Network Connections
• Programs
• Recently Used Files
• RunVirtual
• Search and Navigation
• Security
• Scheduled tasks (raw)
• Shimcache
• SRUM
• System
• Users Accounts
• Winlogon

More than ten new registry keys have been added to new and existing categories in Data Triage.

Other categories of Data Triage have been reorganized to make navigation easier.

Full Android 13 support has been added for logical and physical acquisition.

Support of ADB backup import for Android 13 has been added.

Full iOS 16 support has been added for logical acquisition.

Support of iOS 16 encrypted and not-encrypted backups import has been added.

Import of GrayKey cases with iOS 16 and Android 13 data has been added.

iMessages parsing has been improved to reflect new iOS 16 features such as message editing, deleting, and recalling for iOS 16 logical acquisition.

The progress displayed during the GrayKey iOS case import was improved to make it less confusing for the user and to reflect the real process more clearly.

The E3:VIEWER package has been renamed to E3:VIEW and the ability to import all supported Cellebrite UFED data and GrayKey cases has been added to it.

New licensing option of $895.00 U.S. for annual license.