IREC Release Notes

Version 1.8.0

Released on April 25th, 2019

  • Added full support for command line (run with --help for more information)
  • Added disk encryption status to report in System Info section
  • Added Triage Ruleset Name to the status section in the report
  • Added Triage status information to status section in the report
  • Added documentation shortcut to Main page in UI
  • Added Custom Content profile name to HTML and JSON
  • Removed 'Export to PDF' feature from HTML report
  • Removed IREC. prefix from Custom Content Profile (ccp) file names
  • Changed boolean strings in report to JSON compatible true/false values
  • Decreased IREC executable size
  • Decreased HTML report size by 3 MBs
  • Fixed a bug related to long file path names
  • Fixed an issue with progress displaying
  • Fixed an issue in process enumerator/collector
  • Other minor bug fixes and improvements

Version 1.7.1

Released on February 16th, 2019

  • Added support for Internet Activated licensing
  • Added support for collecting browser history for Internet Explorer 7-8-9-10-11
  • Added support for collecting browser history for Microsoft Edge
  • Added support for collecting browser history for Chrome (all versions)
  • Added support for collecting browser history for Firefox (starting from version 3)
  • Added support for running from network shares (credits: Yann Cloatre)
  • Added description value to Custom content collected items
  • Added collect YARA tag to file rules for automatically collecting matched files
  • Changed Files folder to Content in output directory
  • Improved licensing (credits: Kağan Işıldak)
  • Fixed an issue with updating collected file times
  • Fixed an issue with home page triage chevrons
  • Other minor updates and bug fixes

Version 1.6.2

Released on November 26th, 2018

  • Added support for collecting raw contents of $MFT / $MFTMirr (Credits Arman GÜNGÖR)
  • Added support for collecting ActivitivitiesCache.db (Credits Adam Harrison)
  • Added support for collecting swapfile.sys
  • Added support for collecting hiberfil.sys
  • Added support for collecting MBR
  • Added license information dialog
  • Added support for cancelling collection process
  • Added source path to files collected in Files section
  • Added collection statistics page with Open Folder/HTML actions
  • Added support for minimizing user interface before capturing a screenshot
  • Added hash type to collection report
  • Fixed an issue in json report number handling
  • Fixed an issue in file system triage (Credits Kaan GÜNDÜZ)
  • Grouped network information in report (DNS, ARP, Route, TCP, UDP, Adapters, Shares)
  • Improved NTFS parser
  • Optimized memory triage
  • Moved MFT CSV into Files section
  • Merged Process and Memory scripts
  • Enriched Memory Triage matches with file path information
  • Other minor bug fixes and improvements (Credits Bahtiyar Bircan)

Version 1.5.4

Released on September 30th, 2018

  • Highly optimized performance
  • Highly optimized memory footprint
  • Added YARA for memory (TACTICAL Feature)
  • Added YARA for file system (TACTICAL Feature)
  • Added hash calculation (TACTICAL Feature)
  • Added encrypted drive detection (TACTICAL Feature)
  • Added example rules to RuleSet
  • Changed MFT date time format to excel friendly yyyy-mm-dd hh:mm:ss
  • Updated prefetch filetimes to original files on disk
  • Removed WMI Scripts enumeration from FREE Edition

Version 1.4.1

Released on September 1st, 2018

  • Added YARA support for Triage and IoC Scanning
  • Added syntax highlighting editor for Yara Rules
  • Added auto complete support for all Yara modules (version 3.8.1)
  • Added auto module import logic into rule editor
  • Added YARA rule tags to report (credits Halil ÖZTÜRKCİ)
  • Added support for old registry hives from Windows.old directory (credits Kaan GÜNDÜZ)
  • Added collection time counter to UI
  • Added support for enumerating multiple AV products (credits Mehmet GÖKSU)
  • Added support for Windows 10 VBS (credits Bekir KARUL)
  • Added process enumeration
  • Added driver enumeration
  • Added support for extraction of debug symbol information for system modules
  • Added settings menu for customizing evidence collectors
  • Improved handling for USN Journal files (credits Halil ÖZTÜRKCİ)
  • Improved user experience
  • Decreased IREC.exe file size

Version 1.3.0

Released on July 14th, 2018

  • Switched from BETA to RELEASE
  • Minor bug fixes and improvements
  • Fixed an issue with User Interface in High DPI screens (Credits: Yalkin Attila Demirkaya)
  • Fixed an issue with RAM imaging (Credits: Yalim Okkan)
  • Fixed an issue with update checks

Version 1.2.8

Released on July 4th, 2018

  • Added support for AmCache.hve (Files section) (credits: Thamir Alshammari)
  • Added support for RecentFileCache.bcf (Files section) (credits: Thamir Alshammari)
  • Added support for $LogFile (Files section) (credits: Kaan Gündüz)
  • Added support for USN Journal (Files section) (credits: Kaan Gündüz)
  • Added FileSize field to Files section
  • Added disk free space notification to UI
  • Added a warning when selected output directory is residing in system drive
  • Added display of each individual collector progress
  • Removed json output from free edition
  • Removed PageFile section (moved pagefile.sys to Files section)
  • Fixed an issue with reading fragmented files from $MFT
  • Improved user experience (credits: Deniz Demirci)
  • Improved application logs
  • Improved screenshot collector
  • Improved bug reporting
  • Improved HTML report

Version 1.2.6

Released on June 15th, 2018

  • Initial release