While we talked about some of the news of this version, there are some more which are worth mentioning.
– introduced new multi-file report and project technology with compression and encryption
– introduced new UI for workspace mode
– added Windows Lnk support
– added file extensions scan option
– added directory scan to command line
– added PNG CRC validation
– added new filters: misc/replace and dev/array
– several UI improvements
– hex editor improvements
– increased memory limit
New workspace UI
The workspace features a new dock-based UI. It is easy to get used to the new UI as it is completely intuitive.
Now our users can completely costumize their analysis workspace.
PNG CRC validation
This feature was requested by one of our customers and it can come handy during forensic analysis. The CRC of each PNG chunk is verified and those which don’t match are signaled in the format view (highlighted in red).
New filters: misc/replace and dev/array
Two new filters have been added. misc/replace is self explanatory: it replaces bytes and strings. While dev/array is a small addition which can come handy all those times we need to copy some bytes to an array in a programming language. We can specify the language, the radix and the number of columns and we get something like:
unsigned char data[64] =
{
0x4D, 0x5A, 0x90, 0x00, 0x03, 0x00, 0x00, 0x00,
0x04, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0x00, 0x00,
0xB8, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x40, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0xF8, 0x00, 0x00, 0x00
};
We hope you enjoy this new version.