Hello folks,

We have released FEC v3.61 yesterday with some interesting new capabilities. Here is a quick overview:

Trusted Timestamping (RFC 3161)

We have introduced support for automatic trusted timestamping of FEC’s acquisition logs. FEC is able to verify the created timestamps when needed, although timestamps can also be verified independently using open-source tools such as OpenSSL.

You set things up by entering a Time Stamp Authority (TSA) URL in FEC’s preferences as shown below. If you are using a paid service, you can also enter your username and password for authentication.

fec-preferences1203×1039 58 KB

You can then trigger trusted timestamping during acquisition setup:

timestamp-logs1203×1039 46.6 KB

You can use FEC’s user interface to verify the trusted timestamps:

fec-timestamp-verification1203×1039 57 KB

You can find additional details here:
Trusted Timestamping - Metaspike Knowledge Base

Also, if you are not familiar with trusted timestamping, you can check out our blog here for reference:

Port Tester

We have also implemented a new utility called Port Tester. One of the most common issues during IMAP and POP acquisitions is that the corresponding ports are closed on the forensic examiner’s workstation or firm firewall. This tool quickly checks the ports that FEC typically uses and reports back.

fec-port-tester1203×1039 42.1 KB

Other Improvements

You will also notice that SHA-512 is available as an additional hashing option. We needed to add SHA-512 to support RFC 3161 timestamping, and made it available as a general hashing option as well while we were at it.

fec-sha-5121204×449 36.8 KB

We have also improved how the target email address and logged-in email address are displayed in FEC’s tree view and logged.

I hope you enjoy the new improvements!