FORGOT YOUR DETAILS?

IREC Release Notes

Version 2.3.0

Released on July 5th, 2020

  • Added support for collecting important Event Records
  • Added support for parsing Prefetch Files
  • Added support for enumerating ShellBags
  • Added AmCache logs
  • Added service recovery actions
  • Improved driver extraction mechanism
  • Improved digital sign check file patterns
  • Improved exception handling
  • Fixed an issue with zone identifier
  • Fixed restart issue after license validation
  • Minor updates and improvements

Version 2.2.0

Released on May 22th, 2020

  • Added Shield feature against crypto-lockers
  • Added RFC 3161 compliant timestamping for case files
  • Other minor updates and improvements

Version 2.0.2

Released on May 13th, 2020

  • Added enumeration of Registry Autostart Locations
  • Added enumeration of Scheduled Tasks
  • Added enumeration of Startup Folder
  • Added enumeration of Services
  • Added enumeration of downloaded files information
  • Added process details page
  • Added autorun details page
  • Added filter to data columns
  • Added Zone Identifier information for downloaded files
  • Added support for parsing command lines (processes, autoruns and etc.)
  • Added support for collecting RDP Cache Files (credits: İbrahim Baloğlu)
  • Added bookmarks section to report
  • Added catalog check for non-embedded signatures
  • Added catalog check for Windows Store applications signatures
  • Added Digital Signature verification to Process section
  • Added Digital Signature verification to Process Modules section
  • Added Digital Signature verification to Recycle Bin section
  • Added Digital Signature verification to parsed command line arguments
  • Added Digital Signature verification to Drivers section
  • Added filesize information to Process section
  • Added filesize information to Process Module section
  • Added filesize information to Recycle Bin section
  • Added filesize information to Drivers section
  • Added filesize information to Prefetch section
  • Added filesize information to Event ogs section
  • Added filesize information to Registry section
  • Added filesize information to Browser section
  • Added file hash to Process section
  • Added file hash to Process Module section
  • Added file hash to Recycle Bin section
  • Added file hash to Drivers section
  • Added file hash to Prefetch section
  • Added file hash to Event Logs section
  • Added file hash to Registry section
  • Added file hash to Browser section
  • Added MAC times to Process section
  • Added MAC times to Process Module section
  • Added MAC times to Recycle Bin section
  • Added MAC times to Drivers section
  • Added MAC times to Prefetch section
  • Added MAC times to Registry section
  • Added MAC times to for Browser section
  • Moved Event Log files to the appropriate location in Content directory (credits: Şükrü Durmaz)
  • Moved Prefetch files to the appropriate location in Content directory (credits: Şükrü Durmaz)
  • Moved Registry Log files to the appropriate location in Content directory (credits: Şükrü Durmaz)
  • Improved Shim Cache collector
  • Improved file hash calculation
  • Improved report loading speed
  • Improved digital Signature verification speed
  • Fixed an issue in machine uptime calculation
  • Fixed an issue in machine date time calculation

Version 1.9.18

Released on April 8th, 2020

  • Highly improved MFT collector
  • Improved License UI/UX
  • Improved driver load logic
  • Fixed an issue with case creation folder
  • Fixed screenshot not captured issue
  • Minor updates and improvements

Version 1.9.16

Released on March 17th, 2020

  • Added support for enumerating Firewall Rules
  • Added support for collecting Opera History (Credits: Korhan GÜRLER)
  • Minor updates and improvements

Version 1.9.15

Released on March 4th, 2020

  • Added support for collecting Powershell Transcript Logs
  • Added support for collecting Powershell Console Host History
  • Added support for collecting ETL Logs
  • Added support for collecting CLR Logs
  • Added support for collecting Jump List Files
  • Added support for collecting LNK Files
  • Added support for collecting SRUM
  • Added support for collecting Windows Index Search
  • Added support for collecting SuperFetch
  • Added support for collecting WBEM
  • Added support for collecting INF Setup Logs
  • Added support for collecting SDB
  • Added support for collecting Thumbcache
  • Added support for collecting Iconcache
  • Added support for Maintenance Plan
  • Added Process Name and ID for TCP Table
  • Added Process Name and ID for UDP Table
  • Added timestamp to logs
  • Added multi-thread support to YARA
  • Updated YARA to the latest version
  • Highly improved YARA scanner resource usage
  • Improved artifact collector
  • Improved exception handling
  • Fixed an issue with Local and Remote Port casting for TCP Table
  • Fixed an issue with Local and Remote Port casting for UDP Table
  • Fixed an issue in Process CreationTime calculation
  • Fixed as issue Edge history collecting problem
  • Fixed Hashtype in report
  • Fixed Evidence Profile in report
  • Fixed an issue with DNS section in report (Credits: İbrahim BALİÇ)
  • Removed command line support (See Binalyze AIR)

Version 1.9.9 (Christmas Edition)

Released on December 24th, 2019

  • Added a new collection report with advanced features
  • Added global search to report
  • Added found item badges to sections for global search
  • Added Generate PDF with section/header selection support
  • Added VirusTotal details and relations links to Network section
  • Added collapse and expand support for groups
  • Added click and zoom support for screenshot
  • Added column chooser to tables
  • Added descriptions for some numerical values in collections
  • Added process tree
  • Added artifact grouping by types
  • Added custom command support to
  • Added support for Pre-Activated licensing
  • Added support for collecting Installed Application list
  • Added screenshot capturing support for the command-line version
  • Added TCP Table and DNS Cache to free version
  • Decreased JSON and HTML file sizes (around 50%)
  • Optimized JSON format
  • Split Triage Section into subsections
  • Split WMI into subsection
  • Fixed incorrect hash name in the Case info section
  • Fixed an issue causing duplicate collection of registry hive files
  • Fixed an issue with progress calculation in artifact collector
  • Fixed an issue with PC DomainName
  • Fixed missing chars issue in Process Names

Version 1.9.7

Released on October 25th, 2019

  • Fixed an issue in calculation of disk sizes (credits: Christian Klaus)
  • Fixed an issue in MBR acquisition (credits: Christian Klaus)
  • Added support for collecting Registry Transaction Logs (credits: Emre Akpınar)
  • Added support for collecting Registry Backups (credits: Emre Akpınar)
  • Other minor updates and bug fixes

Version 1.9.6

Released on September 16th, 2019

  • Fixed a compatibility issue in Windows XP
  • Fixed 'import not found' error
  • Improved support for Windows Server 2016
  • Improved evidence collection speed
  • Minor bug fixes and improvements

Version 1.9.2

Released on July 9th, 2019

  • Minor updates and improvements

Version 1.9.0

Released on July 6th, 2019

  • Added support for collecting Application Artifacts (Total 59): Active Directory Logs, Apache Logs, DHCP Server Logs, DNS Server Logs, IIS Logs, Microsoft Exhange Logs, MongoDB Logs, MSSQL Logs, Cortana History, Microsoft Calendar, Microsoft Maps, Microsoft People, Microsoft Photos, Microsoft Sticky Notes, Microsoft Store Applications List, Microsoft Voice Record History, Search History, Windows Notification History, Discord Desktop Cache, Microsoft Mail, Microsoft Outlook, Mozilla Thunderbird, Skype Databases, Skype Media, Teamviewer Logs, WhatsApp Desktop Cache, WhatsApp Desktop Cookie, Windows Live Mail User Settings, Zoom Databases, Zoom Media, Facebook Cache, Facebook Databases, LinkedIn Cache, Spotify Cache, Spotify Recently Played List, Twitter Cache, Twitter Databases, Evernote Databases, Evernote Drag and Drop Files, Evernote Logs, Everything History, Notepad++ Sessions, OpenVPN Config, Sublime Text Sessions, iTunes Backups, VMware Config, VMware Drag and Drop Files, VMware Logs, FileZilla Sessions, Github Desktop Cache, Github Desktop Databases, Github Desktop Logs, Tortoise Git Logs, Visual Studio Team Explorer Config, WSL, Dropbox Cache, Dropbox Databases, Dropbox Logs, Google Drive Database
  • Added 'Suggest Artifact' button to Artifacts Page
  • Added file time copying support to all collected evidence
  • Highly optimized memory usage
  • Highly improved browser history acquisition speed (8-10 times faster)
  • Highly improved $MFT as CSV acquisition
  • Improved UX in license handling
  • Improved Sqlite db error hanling
  • Improved ActivitiesCache.db collection
  • Improved YARA rule scanning
  • Improved ESEDB parser
  • Improved command line support
  • Increased file/folder enumeration speed
  • Fixed an issue in dongle edition causing 'Driver Not Found' error
  • Fixed an issue in $MFT binary acqusition
  • Fixed an issue resulting duplicate acquisition of pagefile.sys
  • Fixed an issue in file paths longer than 255 chars
  • Fixed an issue preventing load of YARA rules

Version 1.8.0

Released on April 25th, 2019

  • Added full support for command line (run with --help for more information)
  • Added disk encryption status to report in System Info section
  • Added Triage Ruleset Name to the status section in the report
  • Added Triage status information to status section in the report
  • Added documentation shortcut to Main page in UI
  • Added Custom Content profile name to HTML and JSON
  • Removed 'Export to PDF' feature from HTML report
  • Removed IREC. prefix from Custom Content Profile (ccp) file names
  • Changed boolean strings in report to JSON compatible true/false values
  • Decreased IREC executable size
  • Decreased HTML report size by 3 MBs
  • Fixed a bug related to long file path names
  • Fixed an issue with progress displaying
  • Fixed an issue in process enumerator/collector
  • Other minor bug fixes and improvements

Version 1.7.1

Released on February 16th, 2019

  • Added support for Internet Activated licensing
  • Added support for collecting browser history for Internet Explorer 7-8-9-10-11
  • Added support for collecting browser history for Microsoft Edge
  • Added support for collecting browser history for Chrome (all versions)
  • Added support for collecting browser history for Firefox (starting from version 3)
  • Added support for running from network shares (credits: Yann Cloatre)
  • Added description value to Custom content collected items
  • Added collect YARA tag to file rules for automatically collecting matched files
  • Changed Files folder to Content in output directory
  • Improved licensing (credits: Kağan Işıldak)
  • Fixed an issue with updating collected file times
  • Fixed an issue with home page triage chevrons
  • Other minor updates and bug fixes

Version 1.6.2

Released on November 26th, 2018

  • Added support for collecting raw contents of $MFT / $MFTMirr (Credits Arman GÜNGÖR)
  • Added support for collecting ActivitivitiesCache.db (Credits Adam Harrison)
  • Added support for collecting swapfile.sys
  • Added support for collecting hiberfil.sys
  • Added support for collecting MBR
  • Added license information dialog
  • Added support for cancelling collection process
  • Added source path to files collected in Files section
  • Added collection statistics page with Open Folder/HTML actions
  • Added support for minimizing user interface before capturing a screenshot
  • Added hash type to collection report
  • Fixed an issue in json report number handling
  • Fixed an issue in file system triage (Credits Kaan GÜNDÜZ)
  • Grouped network information in report (DNS, ARP, Route, TCP, UDP, Adapters, Shares)
  • Improved NTFS parser
  • Optimized memory triage
  • Moved MFT CSV into Files section
  • Merged Process and Memory scripts
  • Enriched Memory Triage matches with file path information
  • Other minor bug fixes and improvements (Credits Bahtiyar Bircan)

Version 1.5.4

Released on September 30th, 2018

  • Highly optimized performance
  • Highly optimized memory footprint
  • Added YARA for memory (TACTICAL Feature)
  • Added YARA for file system (TACTICAL Feature)
  • Added hash calculation (TACTICAL Feature)
  • Added encrypted drive detection (TACTICAL Feature)
  • Added example rules to RuleSet
  • Changed MFT date time format to excel friendly yyyy-mm-dd hh:mm:ss
  • Updated prefetch filetimes to original files on disk
  • Removed WMI Scripts enumeration from FREE Edition

Version 1.4.1

Released on September 1st, 2018

  • Added YARA support for Triage and IoC Scanning
  • Added syntax highlighting editor for Yara Rules
  • Added auto complete support for all Yara modules (version 3.8.1)
  • Added auto module import logic into rule editor
  • Added YARA rule tags to report (credits Halil ÖZTÜRKCİ)
  • Added support for old registry hives from Windows.old directory (credits Kaan GÜNDÜZ)
  • Added collection time counter to UI
  • Added support for enumerating multiple AV products (credits Mehmet GÖKSU)
  • Added support for Windows 10 VBS (credits Bekir KARUL)
  • Added process enumeration
  • Added driver enumeration
  • Added support for extraction of debug symbol information for system modules
  • Added settings menu for customizing evidence collectors
  • Improved handling for USN Journal files (credits Halil ÖZTÜRKCİ)
  • Improved user experience
  • Decreased IREC.exe file size

Version 1.3.0

Released on July 14th, 2018

  • Switched from BETA to RELEASE
  • Minor bug fixes and improvements
  • Fixed an issue with User Interface in High DPI screens (Credits: Yalkin Attila Demirkaya)
  • Fixed an issue with RAM imaging (Credits: Yalim Okkan)
  • Fixed an issue with update checks

Version 1.2.8

Released on July 4th, 2018

  • Added support for AmCache.hve (Files section) (credits: Thamir Alshammari)
  • Added support for RecentFileCache.bcf (Files section) (credits: Thamir Alshammari)
  • Added support for $LogFile (Files section) (credits: Kaan Gündüz)
  • Added support for USN Journal (Files section) (credits: Kaan Gündüz)
  • Added FileSize field to Files section
  • Added disk free space notification to UI
  • Added a warning when selected output directory is residing in system drive
  • Added display of each individual collector progress
  • Removed json output from free edition
  • Removed PageFile section (moved pagefile.sys to Files section)
  • Fixed an issue with reading fragmented files from $MFT
  • Improved user experience (credits: Deniz Demirci)
  • Improved application logs
  • Improved screenshot collector
  • Improved bug reporting
  • Improved HTML report

Version 1.2.6

Released on June 15th, 2018

  • Initial release
TOP