Forensic Email Intelligence 2.1.11 Release Notes

Metaspike Software Releases
1

Today’s FEI release takes FEI’s holistic view of email and attachments a step further. Let’s take a look at what’s new :wink:

PDF Deep Scan and XMP Metadata Streams

When examining PDFs, carefully reviewing the multiple XMP metadata streams they may contain is often close to the top of my to-do list. But that is not all—PDFs also contain key timing information in other areas, such as annotations, embedded attachments, and more. FEI now makes it a breeze to not only see all this information in one place but it also incorporates the data points into its timeline, Insights, scoring, and more :muscle:t2:

show-metadata
show-metadata1401×409 15.4 KB

pdf-metadata-report
pdf-metadata-report1966×2231 314 KB

Note: The image above does not show the Deep Scan Timestamps or XMP metadata streams due to limited space. For those details, please see the walkthrough video at the end of this post.

Extended Image Metadata (Exif, IPTC, XMP, and More)

Similarly, FEI now makes extended image metadata available with the click of a button.

exif
exif1966×2231 416 KB

Built-in Viewers

While improving FEI’s attachment handling, we also added built-in viewers for popular attachment types! This makes it possible to quickly preview attachments without external viewer applications such as Word, Excel, or Acrobat. Another benefit is that the document is viewed directly in memory without having to write it out to disk.

I should add that the built-in PDF viewer (see below) goes way beyond the basics and covers bookmarks, annotations, embedded attachments, etc.

viewers
viewers1401×409 15.3 KB

builtinPdfViewer
builtinPdfViewer1920×2179 189 KB

Example

After we implemented PDF Deep Scan, I recalled our very first Email Forensics CTF question that involved the analysis of a PDF with an annotation timestamp. I was happy to see that FEI now solves that question with the click of a button :grin:

challenge1
challenge11920×2179 264 KB

Video Walkthrough

We have also put together a very quick video walkthrough (~85 seconds) so that you can see the new features in action.

Closing Thoughts

In my view, the ability to see internal attachment metadata with the click of a button and have those data points automatically incorporated into the timeline and Insights is a game changer. Additionally, the PDF and image Deep Scan features make FEI a very strong tool for PDF and image examinations. I hope these new features make your examinations more streamlined as they did for me.

You can find the changelog below. The new version is available for download :lock: here when you are ready.

Recent Announcements from Forensic Email Intelligence

1 Like