With the release of our next version of Internet Evidence Finder (IEF), we will be introducing a new business application and operating system artifacts module that enables the recovery of a host of new artifact types, including:
- Corporate Email and Instant Messaging artifacts including Outlook OST & PST files, mbox email archives, and Microsoft Lync/OCS IM
- Document files including .pdf, .doc, .docx, .xls, .xlsx, .ppt, .pptx
- Operating System artifacts including user accounts, USB device history, lnk files, pre-fetch files, shellbags, jumplists, event logs and more
- IEF will carve for most of these artifacts whenever possible
Why are we adding non Internet-related artifacts to Internet Evidence Finder?
We know that listening to our customers is the best way we can learn how to improve. Over the past couple of years, hundreds of customers have asked us to expand on the types of artifacts that IEF can recover to include documents, email and other common OS artifacts.
Truth be told – when these requests first started coming in, we weren’t sure if they were a fit for the IEF concept, as it’s been primarily an Internet forensics tool. Then we realized that delivering the functionality our customers want and need to make their lives easier (the ability to find more evidence with one tool) is what we want and need to do. You spoke; we listened, and added in these features and artifacts for you.
This is why customer feedback is so important to us – we use it to shape what we do. Thank you (and keep it coming)!
— Jad and the Magnet Forensics team
IEF will soon be able to recover common OS Artifacts, including:
Example of OS Artifacts ready for analysis in IEF Report Viewer:
Recover the following existing and deleted documents from allocated or unallocated space:
Example of documents ready for analysis in IEF Report Viewer:
Recover chat messages, call logs and file transfers from Microsoft Lync (Office Communicator):
Example of Lync artifacts ready for analysis in IEF Report Viewer: