The new version of the Profiler is out with the following news:
– removed virtual memory constraint: large files are now supported
– added decompression bomb detection
– added media preview for image files
– added preview for several PE resources
– added text preview for Office Word Documents
– added format selection to open file dialog
– display format choose dialog when more than one format has been detected
– added XFA interactive forms detection inside PDFs
– added from/to hex and base64 filters
– automatically detect files in Zip archives missing a Central Directory
– increased PySide integration
– fixed Office VBA extraction bug
– fixed bug in PDF V4 and V5 Revision encryption
Format detection & selection
To better help with the identification of files which can be interpreted as different formats, the individual file dialog features now some additions.
As you can see the identified formats for the currently selected file are listed (it’s a simple GIF file with a PDF appended at the end). The dialog gives the user also the ability to manually choose the format to use for loading the file. While all this could be achieved even before, it wasn’t as handy as it is now.
However, it wouldn’t make sense to display the file selection dialog when the user uses the shell integration or drops a file to open it. So, instead the Profiler displays a choice dialog for the format in case multiple formats are detected.
Conversion filters
Some new filters are available: from/to hex/base64.
While the actions in the Profiler already feautured a mechanism to do these conversions, having them as filters is extremely useful, because it allows to use them to load embedded files or to convert large portions of data.
Damaged Zip archives
While it has always been possible to manually extract through filters data or partial data from damaged Zip files (e.g. those missing a Central Directory), now the embedded data is automatically analyzed and ready for inspection. This means that even when a Zip archive is truncated and some compressed files are truncated as well, they will nonetheless be automatically detected and be available for inspection by the user.
As you can see many improvements have been introduced. The most important of them is of course the removal of the virtual memory constraints as it represents an important step in the roadmap of the Profiler. Stay tuned as the next version will be important as well!