Forensic Email Collector v3.61 Release Notes

Hello folks,

We have released FEC v3.61 yesterday with some interesting new capabilities. Here is a quick overview:

Trusted Timestamping (RFC 3161)

We have introduced support for automatic trusted timestamping of FEC’s acquisition logs. FEC is able to verify the created timestamps when needed, although timestamps can also be verified independently using open-source tools such as OpenSSL.

You set things up by entering a Time Stamp Authority (TSA) URL in FEC’s preferences as shown below. If you are using a paid service, you can also enter your username and password for authentication.

You can then trigger trusted timestamping during acquisition setup:

You can use FEC’s user interface to verify the trusted timestamps:

You can find additional details here:
Trusted Timestamping - Metaspike Knowledge Base

Also, if you are not familiar with trusted timestamping, you can check out our blog here for reference:

Port Tester

We have also implemented a new utility called Port Tester. One of the most common issues during IMAP and POP acquisitions is that the corresponding ports are closed on the forensic examiner’s workstation or firm firewall. This tool quickly checks the ports that FEC typically uses and reports back.

Other Improvements

You will also notice that SHA-512 is available as an additional hashing option. We needed to add SHA-512 to support RFC 3161 timestamping, and made it available as a general hashing option as well while we were at it.

We have also improved how the target email address and logged-in email address are displayed in FEC’s tree view and logged.

I hope you enjoy the new improvements!