SOFTWARE UPDATES

Release Notes:

RECON ITR has been updated to version 1.2.3 (A2). Check out some of the updates below!

New Update Process

We’ve made updating your ITR and IMAGER application more simple than it’s ever been before. Our new Online updater removes the hassle of having to find the appropriate files by downloading everything you need with the click of a button.

Imaging Without a Password

One of our new improvements is triaging a live system without the user/admin password. Launching the tool from a logged-in profile, without the password, will limit tool access to user-accessible files and information.

Export to an Image Container

Now you can export a Triage case to a logical image file. No need to rescan the drive to take an image after performing a triage analysis. Simply click “Export” at the top of ITR’s Results Viewer to turn your case into a logical image. You can export all discovered files or bookmarked artifacts to a .dmg or .sparseimage image file, allowing easy interaction with your analysis tool!

NEW Keychain Artifact

Allows for the collection of artifacts saved in the macOS keychain. The new tool also allows for searching for saved login artifacts to prove access.

New Logical Imager Interface

The Logical Imager portion of the RECON IMAGER application has undergone some new developments. Its new look comes with a handful of new features that allows you to extract exactly what you need from a target machine.

File Searching

RECON IMAGER can now search for file names without ever booting to the OS. You can also look for any keywords by typing them into the search bar and adding them to your imaging bucket.

HashSet Searching

In addition to searching a machine by keyword, you can also now load a CSV or SQLite HashSet into RECON IMAGER’s Logical Imager. The loaded HashSet is then used to find matching images that can then be extracted via a targeted logical image.

Estimated Time Calculations

RECON IMAGER now lets you know approximately how long it will take to complete imaging. This will help you provide regular updates on the progress of your work.

Try the new features out by downloading the latest updates!

Minor Updates:

• Additional Apple Silicon support
• Minor bug fixes
• ***WARNING – RECON Imager’s Mode-M uses the macOS Recovery Mode (a read-only environment) to operate. This can cause the application to keep the machine’s current network status before booting. We recommend removing evidence devices from any previously connected networks to avoid possible issues. We also recommend disabling any networking and Find My settings if possible.***

DOWNLOAD NOW

Need help or want to chat about these new features? We’re happy to talk to you!

Email: hello@sumuri.com
Phone: +1 302.570.0015