IREC Release Notes

Version 1.6.2

Released on November 26th, 2018

  • Added support for collecting raw contents of $MFT / $MFTMirr (Credits Arman GÜNGÖR)
  • Added support for collecting ActivitivitiesCache.db (Credits Adam Harrison)
  • Added support for collecting swapfile.sys
  • Added support for collecting hiberfil.sys
  • Added support for collecting MBR
  • Added license information dialog
  • Added support for cancelling collection process
  • Added source path to files collected in Files section
  • Added collection statistics page with Open Folder/HTML actions
  • Added support for minimizing user interface before capturing a screenshot
  • Added hash type to collection report
  • Fixed an issue in json report number handling
  • Fixed an issue in file system triage (Credits Kaan GÜNDÜZ)
  • Grouped network information in report (DNS, ARP, Route, TCP, UDP, Adapters, Shares)
  • Improved NTFS parser
  • Optimized memory triage
  • Moved MFT CSV into Files section
  • Merged Process and Memory scripts
  • Enriched Memory Triage matches with file path information
  • Other minor bug fixes and improvements (Credits Bahtiyar Bircan)

Version 1.5.4

Released on September 30th, 2018

  • Highly optimized performance
  • Highly optimized memory footprint
  • Added YARA for memory (TACTICAL Feature)
  • Added YARA for file system (TACTICAL Feature)
  • Added hash calculation (TACTICAL Feature)
  • Added encrypted drive detection (TACTICAL Feature)
  • Added example rules to RuleSet
  • Changed MFT date time format to excel friendly yyyy-mm-dd hh:mm:ss
  • Updated prefetch filetimes to original files on disk
  • Removed WMI Scripts enumeration from FREE Edition

Version 1.4.1

Released on September 1st, 2018

  • Added YARA support for Triage and IoC Scanning
  • Added syntax highlighting editor for Yara Rules
  • Added auto complete support for all Yara modules (version 3.8.1)
  • Added auto module import logic into rule editor
  • Added YARA rule tags to report (credits Halil ÖZTÜRKCİ)
  • Added support for old registry hives from Windows.old directory (credits Kaan GÜNDÜZ)
  • Added collection time counter to UI
  • Added support for enumerating multiple AV products (credits Mehmet GÖKSU)
  • Added support for Windows 10 VBS (credits Bekir KARUL)
  • Added process enumeration
  • Added driver enumeration
  • Added support for extraction of debug symbol information for system modules
  • Added settings menu for customizing evidence collectors
  • Improved handling for USN Journal files (credits Halil ÖZTÜRKCİ)
  • Improved user experience
  • Decreased IREC.exe file size

Version 1.3.0

Released on July 14th, 2018

  • Switched from BETA to RELEASE
  • Minor bug fixes and improvements
  • Fixed an issue with User Interface in High DPI screens (Credits: Yalkin Attila Demirkaya)
  • Fixed an issue with RAM imaging (Credits: Yalim Okkan)
  • Fixed an issue with update checks

Version 1.2.8

Released on July 4th, 2018

  • Added support for AmCache.hve (Files section) (credits: Thamir Alshammari)
  • Added support for RecentFileCache.bcf (Files section) (credits: Thamir Alshammari)
  • Added support for $LogFile (Files section) (credits: Kaan Gündüz)
  • Added support for USN Journal (Files section) (credits: Kaan Gündüz)
  • Added FileSize field to Files section
  • Added disk free space notification to UI
  • Added a warning when selected output directory is residing in system drive
  • Added display of each individual collector progress
  • Removed json output from free edition
  • Removed PageFile section (moved pagefile.sys to Files section)
  • Fixed an issue with reading fragmented files from $MFT
  • Improved user experience (credits: Deniz Demirci)
  • Improved application logs
  • Improved screenshot collector
  • Improved bug reporting
  • Improved HTML report

Version 1.2.6

Released on June 15th, 2018

  • Initial release
TOP