----------------------------------
CacheBack Revision History
----------------------------------

3.7.21 - January 20, 2011

- Fixed a parsing issue relating to Firefox "places.sqlite" files whereby the history results were
  not being fully reported.  This was due to an obscure conditional statement that was being evaluated
  differently between the development build and the release build.  Symptoms of this problem would be
  presented by a 'distinct' list of visited URLs only.


3.7.20 - September 14, 2011

- With the release of Google Chrome Beta Version 15.0.824.5, the History entries no longer rely on 
  just the "visit_count" field in the "urls" table. Instead, Chrome stores a distinct visit count here
  (e.g., always the value of 1) and records the visit history in the "visits" table. As a result, 
  CacheBack was only reporting a visit count of 1 (or -1 which denotes an 'inferred' visit).  This 
  update now derives its visit count by adding the total number of visit entries in the "visits" table
  where the "url" column (an integer) corresponds to the "id" column in the "urls" table.

  In Google Chrome Version 3.0.195.27 (a Beta release), the true visit_count was recorded in the "urls"
  table. Since that time, Google Chrome has yet to release a build of its browser that is not a Beta.
  Somewhere in the many revisions between Version 3 and Version 15, a change occurred in the way the
  visit_count data was managed.


3.7.19 - September 13, 2011

- Fixed an 'Overflow' error which would occur when a user Opens or creates a New project file.  This
  error was isolated to persons running CacheBack on a monitor that had a high resolution setting 
  where the screen width in pixels was approx. 2000 pixels or greater.  This would also effect some
  users at a reasonable resolution but using an 'extended desktop' and stretching CacheBack's user
  interface across two (2) full monitors. 

  The issues has to do with the vertical splitter bar not being able to resize itself beyond the 
  data storage provided by a 32-bit signed integer.  This is a limitation of 32-bit architecture and
  will be a non-issue when CacheBack 4 comes out in 2012 as a 64-bit app.

  The workaround for the moment is to keep the user interface for CacheBack confined to one monitor at
  a decent resolution.  

- The 'OriginalPath' property was not being reported for URL records in a Cache Report.  This has been
  corrected.

- The lease days remaining information was not always being displayed in the main window's title bar.
  This has been corrected.



3.7.14 - September 2, 2011

- When CacheBack imports Facebook Chat Carver EnScript results, the initial ActionDateLocal and
  ActionDateUTC timestamps were configured to the "present" date and time.  This behavior was
  by design and the timestamps were supposed to be updated once a user "rebuilds" chat conversations.
  In cases where a user has disabled the Parse Advanced Metadata function, the ActionDateLocal and
  ActionDateUTC timestamps would NOT be updated in the Table.  This would obviously cause users some
  confusion when reviewing the chat messages via the Table PRIOR TO rebuilding a conversation.

  To eliminate any confusion, we have recoded the import function for the Facebook Chat Carver results
  so that the timestamps are decoded immediately.


3.7.13 - July 13, 2011

- On rare occasions when parsing a Safari Cache.db file, a NULL Response object might be
  encountered. When this happens, the parsing function would terminate prematurely.  This
  has been corrected.


3.7.12 - July 6, 2011

- Added some improved functionality for rebuilding web pages for Internet Explorer cache.


3.7.11 - June 27, 2011

- The parsing and decoding functions for Firefox 2 history using the mork file format has been
  completely retooled. An extremely thorough review of the Mork parsing guidelines regarding the
  use of whitespace was conducted.  Using the Dork.exe utility from Mozilla.org, we were able to
  identify exactly how many records should be in any given FF2 history file.  In this process,
  we had occasion to test CacheBack's new code against a real case and the results were quite
  interesting.  CacheBack far exceeded 'the other industry history tool's' results and CacheBack
  actually MATCHED the trusted results of the Dork.exe parsing tool.

- Host filtering has been improved for better interoperability with Bookmarks.

- This History report has been greatly improved and now includes (a) the Web Page Title, 
  (b) a Typed column, and (c) better coloring for the results.

- A new feature has been added to the Advanced Options in the Report Window.  It is now possible
  to include ALL records from the current Query WITHOUT having to (a) uncheck the Paginate button
  in the Table view, and (b) wait for all of the records to load into the Table for not other
  purpose than to TAG them.  This new option is presented in the form of 3 options:
  	1. Include all tagged table rows
	2. Include all visible rows, and 
	3. Include all records in query results.

- The Facebook chat parsing functions have been improved to deal with unicode encoded JSON 
  messages typically found in unallocated space. The Facebook Chat Carver EnScript has also been
  updated to search for messages larger than 2,000 bytes (up to 4,096 bytes).



3.7.8 - June 21, 2011

- When clicking on a thumbnail (for a Picture) in a Cache report, CacheBack would sometimes
  report that the (larger version of the) picture could not be found.  This was due to the
  .JPG file extension being used for all pictures.  This has been corrected.

- With the release of Version 3.7.5 on May 23, 2011, a minor change was made the parsing routines
  for IE cache, history and cookies.  After some reported issues, this change (in some cases)
  would prematurely exit the parsing routine for a given file thereby reporting far fewer records
  that what would actually be present.  This has been corrected.

- PrivacIE: URLs (for Internet Explorer) are "auto excluded" during the import process as they 
  do not represent true user activity. This has been supported for some time but is listed here 
  as a reminder.

- Reminder: the new Compatibility Mode is intended for rebuilding web pages that appear to not 
  rebuild and where the resulting Browser pane is blank.  This feature strips out all javascript
  and cascading stylesheet references which often results in a web page successfully displaying
  text, graphics and maintaining some layout formatting.

- Record pagination has been added to the Bookmarks tab to make it easier to navigate through
  bookmarked items.


3.7.5 - May 23, 2011

- Corrected an issue surrounding GZip Decoding. When a GZip encoded file is not able to be
  unzipped, the .CBP file is supposed to be updated so as to mark the record as a 'bad file'.
  In doing so, an error might sometimes appear stating that "the index already exists".  

- The DEFINITION of a History record NOW INCLUDES records from the Cache (of any browser).
  Prior to this release, CacheBack's "Show Only History" query would return records that only
  originated from a browser's history database.  Since Cache is technically a part of a user's
  Internet Activity, the definition of this query has been changed accordingly.  As a result,
  some minor changes have been made to the Quick Queries menu and the "IsCache" field has been
  added to the .CBP database file.

- Changes to look for in this release regarding Quick Queries: Show Only History (Including Cache),
  Show Only History (Excluding Cache), and Show Only Cache.

- While in the Gallery view, it is now possible to select an image and determine if it belongs to 
  a web page somewhere in the cache.  This is accomplished by right-mouse-clicking on any given 
  image and selecting "Tag Rebuilt Web Page". *** NOTE: This is only possible once ALL web pages
  have been rebuilt in the case. -- Once one or more web pages have been "Tagged" using this new
  feature, simply switch to the Table tab, then run the "Show Tagged Items" quick query to view
  the referenced web page(s).


3.7.4 - May 4, 2011

- Identified an anomaly in the formatting of Safari binary plist files for History artifacts.
  Due to this rare circumstance, CacheBack might sometimes be unable to parse the history file.
  This has been corrected.

- The Gallery tab might sometimes not show as many thumbnails as reported by the Page X of Y
  caption in the navigation bar.  This was due to the fact that sometimes a thumbnail is not able
  to be created for a particular image or web page.  CacheBack was therefore unable to add a 
  thumbnail to the Gallery.  We have now added a "Thumbnail Not Available" thumbnail in these 
  instances to remove any confusion.



3.7.3 - April 27, 2011

- CacheBack just got a whole lot faster! Thanks to the new Paginate option for the Table view,
  records load in a fraction of the time.

- The Record status in the lower status bar now provides feedback about the current PageSet 
  when Paginate mode is enabled for the Table view (eg: Records 1 to 250 of 8945).


3.7.2 - April 25, 2011

- The Export columns feature for the Table view (via the context menu) has been updated to deal 
  with carriage returns and new line characters in the column (cell) data.

- The USB Key (dongle) addressing schema has been completely redesigned to support licensing for
  multiple applications.  SiQuest will be release new products in 2011 and this new schema will
  allow existing CacheBack users to use the same dongle for new products added to their forensic
  toolbox.  NOTE:  CacheBack 3 users who purchase add-on products will only be able to use 
  CacheBack Version 3.7.2 or higher. The new schema unfortunately prevents backwards compatibility
  for Versions.


3.7.0 - April 20, 2011

- The Bookmarking features in CacheBack have been completely reworked to allow seemless navigation
  between Table, Gallery, Bookmarks and Host tabs.  Before, it was not possible to display Gallery
  items for any individual Bookmark Folder -- everything that was bookmarked would be loaded.  Now,
  whenever a bookmark folder is created, a query is automatically generated and stored inside the
  project file (example: "BOOKMARKED My Favorite Pictures" where the name of the actual bookmark
  folder is simply "My Favorite Pictures").  Deleting a Bookmark Folder will automatically delete
  the associated "BOOKMARKED ..." query.

- Testing has been performed to ensure that the returned recordset functions correctly no matter
  which tab or filter is selected.  While this has been extensive, it is possible that some
  quirks may still arise.  Users should report any issues to support@cacheback.ca.


3.6.3 - April 19, 2011

- Fixed an issue relating to the Gallery tab where contents would sometime fail to load. This was
  attributed to condition that would occasionally exist when moving between different queries and
  different Data View tabs.

- Renamed the Tagged check box on the Filter Toolbar to "Table".  Add another tagging checkbox
  called "Gallery".

- Tagging of ALL records using the Table or Gallery tagging check boxes on the Filter Toolbar 
  NO LONGER forces a complete Refresh of the tabs contents. Beforehand, using the Tagged checkbox
  would tag or untag ALL rows in the Table and then do a complete reloading of records which was
  very time consuming.

- Improved keyboard 'tagging' of records within the Gallery tab.

- Tagging of records on Table will propogate onto the Gallery and vice versa.  Moving from Gallery
  to Table (after tagging records) will require users to Refresh the Table.


3.6.2 - April 10, 2011

- The RebuiltDateTime in 3.6.1 was being hard coded in a "dd-mm-yyyy" format thereby causing the
  month and the day to be switched (in some cases) when being read back into CacheBack.  This only
  affected cases where the date mask was set to "mm-dd-yyyy" or similar month/day formats.


3.6.1 - April 7, 2011

- Added support for Firefox 4.0 cache.  Firefox 4 was just released on March 23, 2011 and this new
  version changes the way cache is stored on the system. It also introduced an updated construct to
  the SQLite format for "places.sqlite" and "cookies.sqlite" which is not backwards compatiable with
  even many third party SQLite reader tools.  This new cryptic cache storage system, as well as the
  newer versions of the SQLite databases are now decoded with this release of CacheBack.

- Added support for Firefox "download.sqlite" files.  As a result, the CacheGrab data mining tool
  for Windows (and the EnScript) have been updated accordingly.

- Users can now manually resize table rows on the Table tab. We have also added a new Row Height
  dropdown box to quickly resize all rows.

- The CacheGrab EnScript has been updated.  The 1.6.4 version would carve IE URL records from 
  Unallocated Space and produce a .CGI (CacheGrab Import File) file.  Unfortunately, the "parseable" 
  flag was set to False (instead of true) for each carved out .CGD (CacheGrab Data File).  As a 
  result, users could successfully carve IE URL records from Unallocated Space but NOT be able to
  import them into CacheBack.  This has been corrected.



3.5.5 - March 16, 2011

- Chatters List Report was unable to be published.  This has been corrected.

- As a result of adding 2 new columns to the Host tab during the last update, the Host filtering was
  not working.  This has been corrected.

- Bookmark reporting would print ALL bookmarks instead of only those that were tagged.  This has been
  corrected.

- Importing of CacheGrab EnScript results for IE URL records recovered from Unallocated Space was not
  working quite properly.  The OTHER search criteria option that managed this option was NOT selected
  by default.  This has been corrected so that it is ON by default.  Records imported are now screened
  for properly formatted "http" URLs to prevent garbage or empty data from being imported.

- Sorting on the ActionDate columns were not working as the data type was defined as a "date". However,
  CacheBack formats the dates as a string (text) value as opposed to a true date (as evidenced by the
  existing of the DST or STD suffixes).  This has been corrected but only sorts as TEXT.  Therefore, 
  users who customize the appearance of their dates SHOULD use YYYY-MM-DD HH:MM:SS to ensure that these
  two columns sort properly.

- The user manual has been updated to indicate the browser file locations on a MAC.

- NOTE:  The Hits column on the Hosts tab is NOT the total number of visits in relation to the individual
  hosts.  Instead, it is the total number of 'cache and history' URLs in the case that have the same host
  in the URL.  The purpose behind this approach is to reveal high content sites VS. high traffic sites.



3.5.2 - February 24, 2011

- Fixed a problem relating to the use of the Audit metadata feature when creating a Cache Report. 
  Only the "last rebuilt web page" was reporting the Audit information.  

- Added a "Hits" column to the Hosts tab to provide a better gauge about a user's activity relating
  to a given domain (host).

- The Parse User Name option in the Import Wizard was not ON by default. This has been corrected.

- Corrected a problem with the Cache Report when reporting on simple pictures. The thumbnail was not being
  generated properly.



3.5.0 - February 17, 2011

- Support for MAC OSX versions of Firefox, Chrome and Safari has been verified. This support includes
  the cache, history and cookie files for all three browsers. Improved parsing has been added to deal
  with unicode values stored in Safari's history.plist files.

- Chrome cookies and history files were sometimes being excluded during the import process whenever the
  original path did not contain the folder name "chrome" somewhere in the path.  This condition has been
  removed thereby removing any path restrictions.

- Select All checkboxes have been added to the Select Criteria option on the Import Wizard to reduced the
  number of clicks.



3.4.5 - February 11, 2011

- When rebuilding the Chatters List Report from the Chatters tab, a blank message box would appear with
  no indication of the problem.  This was due simply to a missing \report and \report\images subfolder 
  in the output.  Rebuilding a Chat first would actually create these folders.  In any event, this has
  been fixed.

- "Tagging" of records was not working properly. This has been corrected.

- "ietld:" URL records are now "auto-excluded" during import.  These URLs releated to the IETldCache folder
  for Roaming profiles on Vista and Windows 7 machines.  Since they do not report user activity, they are 
  still imported, but simply marked as "excluded" (for examination purposes).

- The performance in Rebuilding of Web Pages (which contain dozens or more of images, etc). has been slightly
  improved.

- The User profile name is now parsed from the "path" of files that are imported in CacheBack.  Prior to this
  release, the User field (in CacheBack) was only used for Internet Explorer master history records which
  explicitly state the User name for each record.

- Table rows can now be checkmarked individually without the annoyance of CacheBack loading the cache file on
  each row click.

- Custom logo for reports is now left-justified and appears beneath the header graphic.

- *** COMPATIBILITY MODE: NEW *** With the increasing use of Cascading Stylesheets and Javascripts to manage
  web page layout and appearance, some website pages do not render inside the Browser Viewer Tab.  To get around
  this issue, CacheBack now introduces the "Compatibility Mode" checkbox on the Filter's toolbar.  By checking
  this option, web pages are rebuilt the same way except when finished, any references to Cascading Stylesheets
  and Javascripts are completely removed.  The URL table has a new field called "UsingCompatibilityMode" which
  informs CacheBack on this extra "treatment" during rebuilding.



3.4.3 - January 31, 2011

- Fixed a problem with the Import Wizard which would not import Opera history files (global_history.dat
  and typed_history.xml).



3.4.2 - January 13, 2011

- CacheGrab 1.8.4 is released with improved reporting and increased performance. 

- Add an option to print a Chat Profiles List Report with avatars and metadata relating to
  chat activities.

- Added File Offset and Source Path metadata for each message in a Rebuilt Chat report.

- Created a second Rebuilt Chat report (List View) to streamline the output for longer chats.

- Re-organized the Chat Profiles in the Chat tab (now renamed to Chatters tab) so that the list
  is easier to navigate. 

- The URL table's "HTMLBody" column has been renamed to "FileContents" in order to accommodate
  a more meaningful context to new artifacts (eg: chat).



3.3.2 - December 30, 2010

- Improved parsing of Facebook chat messages in cases where the a "window_id" attribute is
  present.

- EnScripts for CacheBack now packaged as an EnPack and Facebook EnScript now produces encoded
  results.



3.3.0 - December 22, 2010

- Significantly improved the speed for parsing Safari History.PLIST files with more adaptability
  to deal with random unicode strings.

- GrabMedia and CacheGrab have both been updated to allow for searching inside System and Hidden
  folders on a Windows system.

- MD5 Hash values were being reported for history URLs under the Cache File MD5 column in the
  Table view.  This has been corrected.

- The LoadProfiles option on the Chat tab has been corrected to display ALL (and not just one)
  Recipient profiles for any given Sender profile.  



3.2.5 - December 9, 2010

- Chrome cache was not being imported when apart of a CacheGrab Import file. An rigid condition
  statement prevented the chrome index file from being identified as a proper chrome cache file.
  This has been corrected.


3.2.4 - December 9, 2010

- Corrected a problem importing cache or .CGI file references that contained Facebook Chat which 
  occurred in some rare situations.  The FirstOrShortName and LastOrLongName fields in the database 
  were too small to accommodate user profile handles that were unusually long.  


3.2.3 - December 6, 2010

- Due to some of the major changes in Version 3.2.1, it appears that the Link Analyis function was 
  no longer working.  This has been corrected.



3.2.2 - November 30, 2010

- Fixed an issue where Firefox 3 history URL records would be reported as "Status=(autogen)" in some
  rare cases.  The logical control for this value has been tightened so that only the known Mozilla
  default URLs are marked as "autogen".



3.2.1 - November 15, 2010

- Fixed an issue with the Quick Queries popup menu where some queries "might" at times default to
  "Show All" instead of the selected query.

- Fixed the manner in which the query "schema" was saved whenever user defined a custom query using
  the Query Builder tab in the Query Manager window.

- Fixed a problem where CacheBack would hang indefinitely during importing or rebuilding of web
  pages. This turned out to be an issue with the 4KB page bloat within the Access database (project
  file). As records were being added to the project file (database) in the thousands, the database
  would fail to reclaim the unused allocated 4KB memory blocks.  To fix this, we built in a new
  "Compact Database" tool that runs automatically when the file reaches anything greater than
  500MB.  It is also a new option that users can choose to run anytime, via the File Menu.

- The "default" query (show all records) has been changed in meaning to "show only web pages". Before,
  the case would default to showing everything in the Table.  For larger cases, this could take a
  VERY LONG time to load.  In almost all cases, most users will never want to look at ALL records.
  For this reason, we change the default query to show only web pages since most times, users will want
  to rebuild cached artifacts.

- Fixed a parsing issue with Firefox 3 cache which might result in fewer records reported than what
  was in the cache. This was due to a variable condition which is now evaluated in all cases.

- Fixed a minor issue which would prevent Firefox 2 history from being returned by queries that looked
  for "IsHistory = True".  This was due to the "IsHistory" database column not being set to "True" 
  during the Firefox 2 import. NOTE: Despite this issue, data was always available within CacheBack.

- Added full identification, decoding and rebuilding of Facebook IM Chat messages found in browser
  cache. Each user profile's avatar image is recovered from the cache and associated to each message
  send or received by the user.  Metadata capture for each IM message includes user Profile ID,
  SentTimeUTC, user Long Name (full name), and user short name (first name). Full support included 
  for emoticons!

- Create visually appealing Facebook Chat Reports, complete with avatar images and emoticons and
  time indexes.  Chats are also grouped by date to provide better context for the reader.

- Designed a new Chat Emulator (ChatEm(tm)) program to "playback" chat sessions.  Great for disclosure
  and courtroom presentations.

- Add the capability of adding more than one .CGI file during the Import file process.

- The Explorer tab in the Features Pane and the Local Files Tab in the Data Pane have been removed.
  This was due to a freezing problem with the explorer tab control that displayed the local hard 
  drive contents.  This feature has no real impact on the functionality of CacheBack and will be
  depricated in the next major release.
  

- Fixed a display problem with the current time zone setting in the lower right status bar. Although
  the user-selected time zone settings were being maintained and implemented properly by CacheBack,
  the Standard Time Zone Name was always reverting back to "Eastern Standard Time".  This has been
  corrected to show the proper time zone name.



3.1.7 - October 1, 2010

- Fixed a bug relating to the importing of Google Chrome "cache" data that was harvested using CacheGrab.
  CacheBack was evaluating the presence of the "original evidence path" as opposed to the Relative Path of
  the evidence (harvested by CacheGrab).  This is a bug that seemed to only surface when the original evidence
  drive was no longer available to the host (examiner's) computer.  


3.1.5 - September 30, 2010

- With the release of IE8, Microsoft has made some modifications to the MSHTML.DLL libraries which are
  used by CacheBack to generate thumbnails of cached web pages.  Unfortunately, CacheBack users with IE8
  installed on their workstations were encountering IE invoked error windows when CacheBack tried to
  rebuild certain javascript-laced files.  CacheBack's API to the MSHTML was not updated for IE8 and as
  a result, some users would experience several IE8 invoked error messages stating it "Cannot find file:///".
  This is a side effect that occurred when CacheBack made requests to the MSHTML.DLL libraries.  As a 
  results, users would experience incredible wait times and in many cases, several IE8 popup error windows
  followed by an application "freeze".

  With this new release, the APIs used to communicate with the IE MSHTML.DLL libraries have been completely
  replaced.  The new libraries may sometimes invoke the occasional IE8 "Cannot find file:///" error, but this
  is completely unavoidable.  The good news is that CacheBack no longer "hangs" and works through these
  javascript anomalies quite gracefully.  The OLD APIs would timeout after 30 seconds (per bad URL) whereas
  the new APIs timeout after 3 seconds!  

  As an added workaround to the IE8 and javascript issues, we've added the "Alert" column in the Table to
  visually report which web pages files contain javascript.  In such cases, the Alert column (cell) will have
  the letters "js" in bold, orange font.  This should give examiners a visual indicator that they "might" 
  expect unusual results when click on (viewing) a given web page, or trying to rebuild a web page.

- To further decrease any IE8 and javascript complications, we are encouraging CacheBack users to make
  increased used of the "quarantine.txt" file which is located in the CacheBack program directory.  Once a
  series of bad web pages are discovered during an initial import or examination, users should "ADD" unique
  keywords (from the offending files) to the "quarantine.txt" file and then REDO the case from scratch.  On
  the second pass, the offending files should be automatically quarantined thereby leaving users free to 
  conduct their examination with few or no issues.  THIS IS ESPECIALLY USEFUL for users who conduct repeated
  investigations within a cororporate environment (eg: company Intranet) where common Intranet pages might
  have offending javascript (URLs).

- Fixed a small issue with the TEMP FOLDER PATH. If the user placed the Case File (.CBP) in the Root path of
  a drive (eg:  E:\mycase.cbp) then the temp folder would be auto-defined as E:\mycase.TMP.  In this specific
  situation, CacheBack was storing the TEMP PATH as "E:\\mycase.TMP".  The extra \ in the path would case
  unexpected results when trying to view files with CacheBack.



3.0.14 - September 23, 2010

- Placed a condition in the ParseAdvancedMetadata function which prevents Movies and any files > 1MB from
  being processed by this function. Since this function is intended to only work with web pages, adding 
  this extra conditional statement should prevent larger files from being unnecessarily processed.  
  Consequently, it should also offer some performance increase during importing.




3.0.13 - August 25, 2010

- Added some additional conditions to the import process thereby eliminating the need to do signature
  analysis on cache artifacts that clearly were not identifiable as web pages.  This has had a performance
  increase of approx. 28% during importing (in our lab test cases).

- Added an option to "disable thumbnail creation during import" to help speed up importing processes. This
  is only recommended for users wishing to examine History data only.  Using this option when a case involves
  cache artifacts will prevent any thumbnails from appearing in reports and the Gallery tab.



3.0.12 - August 14, 2010

- Fixed a problem where Quarantine Queries would generate a Index or Null value error.

- Changed the default column lineup for new project files so that the URL column is one of the first
  visible columns.

- Added support for Safari cookies.



3.0.9 - August 5, 2010

- Added support for Safari cookies.plist files.

- Added "tag all" and "untag all" to the context (popup) menu in the Bookmarks table (from the Data Pane).

- New "Enabled Auto-Quarantine" feature added to the Import Wizard under "Advanced / Optimiztion" options.
  This will look for ".doubleclick." in any (designated web page) URLs and auto-quarantine as these will likely
  cause the import routine to either slow down tremendously or completely "stall".  

- The "Hosts" list has been modified so that it only lists the distinct hosts from the CURRENT or ACTIVE query.
  Beforehand, the Hosts list would be a distinct list derived from ALL artifacts.

- LinkAnalysis function tweaked for faster processing.

- New "Quarantine Queries" help clear up bad records in seconds!! Users simply build or define any query then
  save the query as the type QUARANTINE.  Once the query is executed, all matchine records are automatically
  marked as 'Quarantined' and immediately excluded from any future queries.

- The function that classifies cache files as "web pages" has been retooled to be more accurate. Keywords:
  <html + <body + <a href=  ALL must now exist in order to be labelled as a Web Page.

- Introduced the "quarantine.txt" file option which allows users to lists all keywords that warrant quarantining.
  Any "cache" files that have a URL containing a matching keyword will automatically be Quarantined during the
  Import process.

- Quick Query: Show Only Webpages has been tweaked to improve the accuracy of the returned dataset.  Web pages
  must now contain a Title.



3.0.8 - July 29, 2010

- Added SourceFile path and SourceFileMD5 to Cache reports to indicate origin and MD5 signature of URL evidence.



3.0.6 - July 25, 2010

- Improved handling and displaying of bookmarks when switching between tabs in the Features Pane and the Data Pane.

- The lower status bar options have been moved onto a new mini-toolbar that sits beneath the main toolbar.  This is a quick access toolbar with checkboxes to easily enable or disable Filters; show or hide Excluded rows, and introduces the new option to show or hide Quarantined URLs.

- The nag screen for Unlicensed users (eg: users evaluating the software) has been coded against a 1 minute interval timer.  This will greatly reduce the number of times a nag screen appears.

- Users can now turn a any custom query into a "Bookmark Query".  This type of query runs almost like a regular query except the sole purpose is to automatically generate bookmarks for any URLs that match the query definition.  This is an extremely powerful new feature that will surely cut down on analysis time (eg: cataloging pictures, isolating LIKE evidence).

- We have added a "Break" and a "Quarantine" button to the Status Window during the Import and Parsing processes.  This will allow users to interrupt unusual delays during this initial processing phase when a bad file (eg: javascript file) is encountered. 

- The trial mode for view video files has been changed as well.  Before, users could only play video files that were 5MB in size or smaller.  This limit has been removed.  Instead, playback of videos (in unlicensed mode) is limited to 2 minutes.



3.0.3 - July x, 2010

- Fixed a problem with the Export Column option where the delimiter would always be the pipe (|)
  symbol. Also, records exported did not always corresponde to user preferences (eg: only selected
  rows, or export all rows).

- The elipsis button next to the TEMP folder box in the Options window has been removed.  As of
  Version 3, CacheBack no longer allows the TEMP folder to be user-defined.  Users of Version 3.0.2
  who modified this path to a custom path would experience random issues in displaying records in
  the viewer tabs.


3.0.2 - July 9, 2010

- Fixed a problem where the CacheFolderName and the CacheFileName would be overwritten with a 
  different value once a web page was rebuilt.  This problem was confined to Internet Explorer
  artifacts and is believed to have been affected by Versions 2.8.9 to 2.8.13.

- The \TEMP folder is no longer user-definable.  Instead, the TEMP folder will be created 
  automatically in the same folder as the CacheBack Project File and will take on a similar
  name for uniqueness.  
  Example:  Project filename:  C:\MyCases\MyCase.CBP
            Temp folder name:  C:\MyCases\MyCase.TMP\

- Thumbnails are no longer stored in the database.  Instead, a \THUMBNAILS folder is created
  inside the TEMP folder.  This has resulted in a significant performance increase when creating
  reports or viewing records in the Gallery tab.

- The ParseAdvancedMetadata function has been updated.  There was a logical problem with the
  storing of the web page contents into the HTMLBody column.  This condition has been corrected.


3.0.1 - June 29, 2010

- New Video tab supports the playback of various file formats: .mpg, .mov, .wmv, .flv, .3gp,
  .asf, .mp4, .m4a, .avi, and .vob.

- Users can create a "storyboard" (thumbnail snapshots) of the current video which can be used
  to seek different time indexes, or create a report.

- CacheGrab 1.7.0 has been retooled to be much faster and includes support for Limewire installation
  folders and .PROPS files.  "Saved" file paths are automatically decoded from the .PROPS file and
  pictures and videos are automatically collected.


2.8.12 - June 28, 2010


2.8.11 - May 26, 2010

- Microsoft Hotmail .ASPX pages were found to be .GZip encoded.  As a result, web pages
  were not able to be displayed or rebuilt.  This release corrects this issue by identifying
  potential .GZip web pages using a signature analysis.

- IncludeOriginalURL and IncludeWebPage title are new selectable options available for 
  reports (Graphical and Tabular type reports).

- Fixed a problem with the "Bookmarks" context menu that appears in the Table on a right-mouse-
  click.  For some reason, the "Bookmarks" menu item would disappear after its first use.  This
  has been corrected.


2.8.10 - April 15, 2010

- Fixed an Out of Memory error that could occur when parsing a corrup Firefox cache
  _CACHE_MAP_ file.  The symptoms of this error would be a frozen status window during
  the parsing of the map file.  


2.8.9 - March 27, 2010

- Improved the import functionality of selected folders. CacheBack now looks for
  .CGI (CacheGrab Import) files as well as the regularl cache and history files.


2.8.7 - March 22, 2010

- Fixed a parsing issue with Internet Explorer index.dat files where only a 
  limited number of records were being imported into CacheBack. The same
  imported records also indicated "lost" (for each record).

- Bookmarks cut, copy and paste features now working better.

- Monthly TimeChart Analysis can now derive its data from ANY QUERY defined within 
  the project file! This makes this reporting feature even more useful in creating 
  custom metrics to identify trends over a month period.

- CacheGrab 1.6.7 is significantly faster and more accurate at recovering cache and
  history artifacts.  The new CacheGrab Import file feature has also been fine tuned.


2.8.6 - March 2010

- Users can now add Bookmarks and define custom Bookmark Folders

- Introduced Bookmark Filtering and improved handling for Host Filtering



2.8.4 Beta - February 08, 2010

- Fixed a problem with the installer for CacheBack which was caused by a missing
  library file.  CacheBack now installs successfully on Windows XP SP2 32-bit (clean
  machine) as well as Windows Vista 64-bit, and Windows 7 64-bit.


2.8.4 Beta - February 03, 2010

- Introduced a new .CacheGrab Import (.CGI) file format used by CacheBack to
  speed the import process.  This is done by not having to re-validate CacheGrab
  results.

- New tabs are color coded making it easier to navigate the interface.

- Added "Bookmarks" tab to the Features Pane. Users can now add URLs to custom
  Bookmark folders using the context (right-mouse-click popup) menu.

- Fixed a date parsing issue in Safari 3 history.

- Fixed an issue with the Gallery. Some thumbnails would be displayed more than
  once.

- CacheGrab 1.6.4 is completely re-tooled. Less likely to encounter permission
  denied errors when recursing directory structures.  Much faster!  Results are
  now accompanied by a CacheGrab Import (.CGI) file that is used directly by
  CacheBack to preserve original metadata when importing CacheGrab results.

- The Upgrade Wizard has been re-introduced and has been enhanced. Users from
  past versions should have an easier time "upsizing or migrating" their old
  CacheBack Project (.CBP) files to the latest format.

- Color coding has been introduced for Bookmarks. Background for bookmarked items
  will appear pink.

- Introduced the ability to "Exclude Row(s)" as well as "Show/Hide Excluded Rows".
  This is done via the context menu (right-mouse-click popup) within the Table view.





2.8 RC1 - December 22, 2009

- The User Manual will be updated in the new year to reflect the many new changes
  since 2.7.4.

- We've changed CacheBack's look! A new logo and wordmark have been designed to
  carry our product forward into the next chapters of development.  We are pleased
  about where we want to take the next steps and having a customized and fresh
  design has been empowering.

- "Trial" modes (eg: 15-day trials) have been removed from distribution.  Instead,
  we have opted to cripple the imported and reported data, unless and until a 
  license (dongle) is detected by the program.  

- The Reporting options now feature a "Time Chart Analysis" report that displays
  Internet activity in a calendar format for a given month.  Users can select
  which hours of the day to include in the report.

- The Query Builder on the Query Tab has been replaced with "Query Manager" 
  Window now accessible via the Query Manager toolbar button.  This interface
  is more robust and provides an easier means to manage custom queries.

- The ability to create Bookmarks and Bookmark Folders now exists.  Users need
  only tag (checkmark) select rows in Table and then use the (right-mouse-click)
  context (popup) menu to define a bookmark folder name.  Options to COPY and
  PASTE existing bookmarks makes it easy to move bookmarks between folders.

- A much more sophisticated parser for Firefox 2.0 history (Mork database format)
  has been developed.  

- The Import Wizard has been completely retooled to make the importing process
  much more intuitive.  The option to import a CacheGrab .CGI (import) file now
  makes it possible to port the original file metadata.  The CacheGrab EnScript
  and CacheGrab for Windows have both been redefined to create the same .CGI
  file format.  

- CacheGrab 1.5 now comes installed with CacheBack.  It has been completely
  retooled and no longer encounters permission issues with Internet Explorer
  cache and history folders on a Windows system.  It is also signifcantly faster
  than 1.2.4.

- The ability Upgrade Wizard has been depricated. Due to the variations from one
  dot release to the next, it seemed more logical to simply create a new case
  file. 


2.7.5 - October 02, 2009

- The "Favorites" toolbar option is depricated. It has been replaced with a new
  Quick Queries window which manages all custom queries.  As a result, the
  Query Tab will soon be replaced as well with a single Query Form that manages
  all query related functions.

- When saved .CBP files were opened, the default SQL definition was "show
  everything".  For very large cases, this caused a long wait period while each
  URL record was loaded into the Table.  A new "Select Query" option window now
  appears and prompts user to select from a list of available Quick Queries.
  The "Show Only Webpages" Quick Query is selected by default.

- Fixed "View...Panes" option. Panes have been renamed for this option to:
  Top Left Pane, Bottom Left Pane, Top Right Pane, and Bottom Right Pane to
  make it more intuitive for users.  NOTE:  When Bottom Right Pane is hidden,
  selecting a URL from the Table or Gallery will only load the Properties Pane,
  provided it is not hidden.  This new functionality allows users to display the
  entire Table contents for faster 'row by row' analysis.

- Table contents are now automatically refreshed after running Link Analysis. 
  Before, it would be unclear if Link Analysis completed correctly as the Links
  column did not contain values.  

- Resolved a problem when 'tagging' rows in the Table using either the spacebar
  in combination with the Up and Down arrow keys, or, the mouse.  This primarily
  had to do with highlighting multiple rows in reverse directions.

- Pictures in Graphical Reports were being incorrectly labelled in the Local
  Evidence file attribute.  When Picture reports were published, the pictures were
  being copied out to the target folder correctly, however, the Local Evidence
  attribute hyperlink would always use a JPEG file extension instead of the proper
  file extension (eg: .PNG, .GIF, etc).

- On the URLGrid right-mouse-click context menu, the "Select" and "Deselect" All
  Table Rows has been modified to read "Tag (Select)" and "UnTag (Deselect)" 
  respectively.  This was necessary in order to more accurate indicate to users that
  the action of "selecting" is in fact the same as "tagging".

- When importing .CBD (or .CGD) files produced by the CacheGrab EnScript, some "host"
  values were not being displayed in the host grid correctly.  This was due to the
  quality of the data being ported out of Unallocated Clusters via EnCase through the
  use of the CacheGrab EnScript.  CacheBack now validates the entire string value for
  "host" prior to loading it into the list.  The same level of string-checking will 
  be visited for the "URL" column in a future dot release.

- The global 'Time Elapsed' indicator on the Threat Status window would reset itself
  to 00:00:00 whenever Firefox cache artifacts were being imported.  This has been
  corrected.


2.7.4 - August 20, 2009

- Time calculations and time zones have been significantly re-tooled in order
  to update new daylight savings observed by different countries.  This change
  paves the way for enhancements coming in a future dot release that will allow
  examiners to manually configure DST bias, start and end times.  This is in 
  keeping pace with countries that continue, or choose to discontue, observing 
  daylight savings, from one year to the next.  NOTE:  CacheBack presently uses the
  USA standards for calculating DST start and end dates.

- EACH ActionDateLocal timestamp description now incluces the applicable UTC offset
  to provide even greater clarity for reporting purposes.  This means that EACH
  timestamp is validated for DST changes.

- Improved status window messaging: new Time Elapsed caption has been added, as well
  as, more detailed status reports in the progress bars.

- Added an "Uninstall" feature for the CacheBack installation program. Examiners 
  can now quickly uninstall using the provided program menu Shortcut.

- Records in the Table can now be selected (tagged) using the SpaceBar on the keyboard
  while navigating from record to record via the UP and DOWN arrow keys.

- Fixed an issue that prevented Opera web pages from copying out any relevant 
  Cascading Styleesheets or Javascript files.

- Reports now include optional "show Data Source" and "show User" columns.

- Fixed an issue the prevented a custom logo from being added to reports.

- Timezone changes are now saved upon exit from a project (case) file session.
  When the file is re-opened, the saved Time Zone properties are re-applied.

- When closing a project (case) file, CacheBack would remember the current query and
  re-apply it the next time the file was opened.  This led to some confusion.  As a 
  result, the DEFAULT query (show all) is "reset" as the active query whenever the
  project file is closed.

- Fixed a timestamp conversion issue with Internet Explorer WEEKLY history records.
  NOTE:  The IE Weekly timestamp is the "local time" of the subject's computer (where
  the URL was generated).  CacheBack was over calculating the offset required to 
  determine the true UTC time.  CacheBack users who import IE Weekly histories MUST
  have the Time Zone set to the "SUBJECT'S" time zone in order for the UTC times to
  be calculated properly.  Once imported, examiners can change the time zone settings
  as often, and as required.

- A new sample cache has been produced and is installed in the "sample data" sub-folder
  where CacheBack is installed.  A "readme.txt" file in the root of the folder explains
  how the sample data was created and how to use the data for validating custom
  time zone settings within CacheBack.

- Three more Quick Queries have been added: "Show all history", "Show IE Daily" and
  "Show IE Weekly".



2.7.302 (Beta) - August 12, 2009

- Fixed the Quick Query "Show All" which was not returning the DEFAULT recordset.

- Local timestamp (ActionDateLocal) was not being dynamically converted in Reports
  whenever the Time Zone option was changed, at any time within CacheBack.

- Status window now displays the 'overall progression' when rebuilding multiple
  web pages at the same time.  Before, the "metered progression" was not moving.
  Added a "Time Elapsed" caption for improved visual feedback about current tasks
  underway.

- "Cache File Name" added to Table.  "File Name" in graphical report changed to
  "Cache File Name" to be more clear about what this report item represents.

- Fixed Report's "custom logo" feature (Logo Tab) where the path was not being 
  remembered for the next time the Report window was opened.

- CacheFileRebuiltBLOB database column is now depricated. This field was introduced
  in 2.7.3 to hold a cabinet file comprising a rebuilt web page's ingredient files.
  While this was originally a good idea, larger project (case) files encountered
  system resource issues and file size "bloat".  This column has been substituted
  with "IngredientIDs" which contains the URL_IDs of the ingredients required to
  rebuild a web page.  Web pages will continue to 'no longer' be rebuilt once they
  are rebuilt.  However, each URL record selection will force the ingredients to
  be copied out to the examiner's machine.  NOTE:  This will only be required for
  the first time the rebuilt web page is selected. 



2.7.4 - July 16, 2009 (applies to the network build only: 2.7.300)

- Introduced support for "network licensing" using a single network dongle (USB
  License Key).  This option now permits users in a network environment (either
  peer-to-peer or client-server) to use one node as the designated 'license server'.  
  Clients authenticate against the one dongle via TCPIP (ideally on the same subnet
  mask).  Sessions are managed by the license server which enables CacheBack to be
  installed on every client workstation.  Network dongles are configured based on
  defined "max users".  Sessions are "freed" when the CacheBack application closes. 

- Fixed the default SQL Statement that appeared in the SQL Query Builder window.
  Before, it would display only the conditional statement (eg: URL = "x") as 
  opposed the complete statement (eg: "SELECT * FROM URLs WHERE URL = 'x'").

- Corrected an issue on the Query tab.  When the Clear button was selected, it
  would place a checkbox in the first cell of the Query Builder and not reveal
  the list of column names. 
  


2.7.3 - June 18, 2009

- Released CacheGrab 1.2.3 which addresses issues with Vista operating systems
  and mounted volumes using Virtual File Systems.


2.7.2 - June 8, 2009


- This build was released to correct a product distribution error where an
  incorrect .executable was packaged and shipped with Versions 2.7.0 and 2.7.1.


2.7.1 - May 30, 2009

- Fixed an overflow error when parsing cache for Firefox and Google Chrome.

- Added support for GZip encoded artifacts for Firefox and Google Chrome cache.


2.7 - May 26, 2009 (Official Release)

2.7 - May 21-22, 2009 (Beta5 - not released)

- The Templates feature is disabled in this release while it is
  being redesigned for 2.8.

- "DST" or "STD" are now appended to timestamps appearing in the
  Action Date [Local] column for clarity purposes.

- Column caption for Time Zone modified column was confusing by having
  the "DST" or "STD" of the "user's machine" appended to the GMT offset
  value.  The use of DST/STD for this column header has been removed
  so as to generalize the setting.  However, the actual dates in the
  column, for each record, accurately reflect the appropriate Daylight
  Savings Time setting, for the currently selected Time Zone.  The 
  column header value therefore indicates the Standard offset for the
  selected time zone.

- TIME ZONE: ActionTimeLocal now "persists" across Time Zones AND most
  importantly: Hemispheres. For example, a URL visited at 09:02 AM in 
  Toronto, ON Canada in May (DST=True), would normally convert to 
  10:02 AM once the clock on the user's machine is changed to opposing
  seasons -- example: December.  This is obviously not a true reflection
  of the ActionLocalTime because the system's DST settings are interfering
  with the conversion.  This symptom is commonplace in many third party
  tools.

  This has now been corrected so that the correct local time is displayed.
  This also takes into account the Eastern hemisphere countries such as
  Australia which observe DST in the Winter months, and Standard time in
  the summer months.  This fix takes all of the above into account so that
  local times are properly persisted - regardless if the time zone is
  changed within CacheBack, or the computer's clock is changed by months.  


2.7 - May 20, 2009 (Beta4)

- ** NEW ** CacheGrab EnScript for EnCase Version 5!  V6 version coming!

- Fixed: SQL query error message box when switching to Query tab.

- Fixed: Thumbnails of pictures were missing from the Gallery tab.

- Thread status window can now be minimized to the Task Bar with a progress
  indicator showing in the caption.

- Fixed: Filtering by Host did not exclude unwanted pictures when looking at
  recordset in Gallery view (more pictures than there should be).

- REMINDER TO USERS:  If Filters take too long to reload large recordsets,
  consider using/defining custom queries via the new Query tab.

- Fixed: PIART algorithm was disabled in past beta releases while work was
  being continued.  Now working in Beta4.

- CacheGrab: some minor tweaks. Still undergoing tests on Vista. NOTE: 
  IE cache and history are "hidden" by Windows on XP. May need to copy out
  manually from \Local Settings. Next version of CacheGrab to fix this
  issue and address Vista.


2.7 - May 15, 2009 (Beta)

- Fixed: After creating a custom query, CacheBack could not revert back to
  the Default query. This problem persisted between opening and closing of
  the same file. An recurring error message prevented any further queries 
  from being run.


2.7 - May 14, 2009 (Beta)

- Fixed: Google Chrome pictures sometimes missing during rebuild process.

- Opera cache file: dcache4.url (displayed by Windows as Internet Shortcut)
  needs to be manually harvested using an editing tool (eg: EnCase) to:
  (a) open the file, (b) copy out the entire contents to a new file, and
  (c) rename the new file to "dcache4.dat".  A future release of CacheGrab
  will address this anomaly.

- Tweaked the rebuilding procedures to accommodate web page elements (tags) that
  were sometimes omitted in the rebuilt page. This was due to the original tag
  URL having a different host parameter. This now results in increased percentage
  of page being rebuilt.

- Improved reporting functionality and layout.


2.7 - May 7, 2009 (Beta)

- Reporting of both pictures and HTML (rebuilt web pages) in one single report
  has been updated. 

- Fixed: selected HTML URLs were not displaying in the Browser viewer pane. 

- Fixed: some pictures were not displaying in the Picture pane (Firefox).

- Added Chrome's "Archived History" file to the important scanning and parsing
  process.  CacheGrab utility updated as well (for XP) - Vista compatibility
  still under development.

- NOTE: Reducing IE's security settings from "Medium-High" to "Medium" disables
  scripting popop error messages when previewing web pages containing javascript
  events.


2.7 - May 5, 2009 (Beta)

- Support for Hist-Ex files containing recovered IE history URLs 
  (eg: 1-UC-index.dat).

- Rebuilt web pages are now packaged at run-time into proprietary cabinet (binary)
  files which are also encrypted. This 'dramatically' increases the program's ability
  to disply Rebuilt web pages as well as create graphical reports.

- Thumbnails of pictures AND web pages are now stored inside the project file. This
  translates into a huge speed increase when viewing records in the Gallery tab.

- SQL Query tab now allows users to run pre-defined investigation-type queries or
  create and store their own.  Queries are all pre-validated and stored within the
  project file as "ready to run" queries which translates into improved performance.
  This now allows for users to design their own advanced "nested queries" to further
  reduce the current recordset.

- The Filters options have been completed re-worked to greatly improve functionality.

- The Filter By Host option has been completely re-worked to work with the currently
  defined query which greatly reduces the current recordset.

- Significantly improved time zone conversions to address Eastern hemisphere opposing
  start and end dates during a calendar year (eg: Australia).  Takes into account the 
  changes made in 2007 for DST start/end dates.

- Picture height, width and PIART (Photographic Image Aspect Ratio Theory) values
  capture during import process. Used to filter out irrelevant pictures in Gallery Pane.

- New semantics implemented to describe user interface (top left tabs = Feature Pane,
  top right=Navigation Pane, lower left=Properties Pane, bottom right=Viewer Pane).

- New fields added to database (CacheBack Project) files to support additional metadata
  available with Opera, Safari and Google Chrome.  Older project files will need to use
  the Upgrade Wizard to migrate old file version to the new type.

- SecondaryDate field renamed to "OtherDate" and "OtherDateMeaning" field added. Used to
  support metadata available for specific browsers (e.g., Last-Modified in Safari cache).

- Properties Pane added to GUI to provide more detailed and immediate information about
  currently selected item in the Navigation Pane.  Users can also checkmark and number of
  the Properties and Drag-and-Drop them onto the Notes text box for a given URL.

- New coloring scheme added to better distinguish features.

- The TEMP folder used by CacheBack is now ALWAYS emptied on startup.

- MSCOMCTL re-distributable ActiveX libraries dropped from the program --> too many
  installation conflicts due to other applications using the same libraries.  Moved to an
  entirely new lightweight Toolbar, StatusBar and Tab controls.  Less installation issues.

- FULL support for SQLite database files used by Safari, Firefox3 and Google Chrome.

- Options & features for program now consolidated onto one window: Options located the View 
  menu.  Properties and Preferences options under File menu, along with the items found under
  the former Options menu -- removed.

- Optimized performance for parsing and loading of data.  Attributed to the new Refresh
  Progress Bar setting under the new Options window.

- The HTML Gallery tab has been renamed to "Gallery" which not only continues to support
  thumbnails of web page files (HTML content), but also now supports pictures (e.g., from
  an Internet cache).  Users have requested the ability to start a project by examining the
  pictures in a case, then Tagging them for further analysis.

- The Hosts and Explorer tabs are now Visible by default.  

- The Bookmarks tab has been added to the Feature Pane.  Users can now Tag and Bookmark any
  number of URLs (links or files) for easier access and reporting.

- Options....Advanced (tab) now features a Gallery options with reference to the Photograph
  Aspect Ratio Differential value (PARD) which is based on the Photographic Image Aspect 
  Ratio Theory - developed by John Bradley, of DIG.  Used to greatly reduce or filter the 
  number of pictures displayed in the Gallery.

- The use of the Status value "Orphaned" previously referred to an IE cache file that could
  not be located during the re-loading of URLs in the Table.  This has been changed to the
  term "Bad Path" and is only used for IE cache URLs because other browser cache artifacts
  are stored internally as BLOB data.  The "Bad Path" is usually an indicator that the
  CacheBack user has "moved" the original location of the evidence. The more likely reason
  is that a removable media has been inserted into the lineup of logical volumes on the
  user's workstation and has thereby changed the "base path" value for the URL.  This is
  why CacheBack provides an File Paths option (see Options window) to change the Base Path
  for an open project file.

- Color codings have been changed in Table view regarding timestamps. LastVisitedGMT is now
  Blue by default, instead of Red.  Orange still indicates an IEWeekly timestamp. The 
  LastVisitedLocal column is now Green by default.  For simplicity, the column headers have
  been abbreviated to read "Visited" instead of "Last Visited".


2.6 - February 12, 2009

- Supports rebuilding of web pages for Firefox 3.0 cache.  Support for Firefox 3 history
  coming in next major dot release in March 2009.


2.5.5 - December 19, 2008

- Resolved some minor issues with the Favorites window.
- Added a property to the Report window to allow the URL column width to be user-defined.
- Updated the V5 EnScript
- Released a V6 EnScript!!


2.5.4 - October 9, 2008

- Resolved an issue where some IE URLs were not being parsed/imported into CacheBack.
  This was due to an extra vigilant validation routine. We have relaxed the criteria
  in this procedure which now ensures that all URLs in the INDEX.DAT file are parsed.

- Resolved another related validation routine which handled the Loading of URLs into
  the Table View pane. This criteria would overlook "redirects" (e.g., orphaned records
  from a cache index.dat). This is now fixed and search results on keywords should now
  return more hits.


2.5.3 - October 3, 2008

- Resolved a "The field is too small..." error that was sometimes encountered when
  parsing the INDEX.DAT file from IE Temporary Internet Files.  This usually only
  occurred when CacheBack encountered an incomplete or corrupted URL record.

- Added a "Lock" tab feature to keep only the preferred viewing pane visible.


2.5.1 - September 16, 2008

- New video "Step 1 - Finding the Cache" uploaded to website at:
  http://www.cacheback.ca/overview.asp.  This video replaces discusses how to
  use the new CacheGrab(TM) utility that now ships with CacheBack 2.0.

- Included a revised device driver for dongle to address 64-bit versions of
  Windows XP. This driver reportedly supports both 32-bit and 64-bit versions
  of Windows XP, Windows 2003, and Windows Vista.

- In the Import Wizard, INDEX.DAT files for IE History and IE Cache would 
  BOTH be imported whenever only one of these options were selected.  This
  has been corrected.

- Reclassified webpage Category for URLs containing 'res://ieframe.dll'
  from 'HTML Content' and 'IsWebPage=True' to 'IE Resource' and
  'IsWebPage=False'. This change allows for a more succinct recordset
  to be returned in TableView. 

- Some minor changes have been to the database (project file) construct
  in this release.  The CacheBack Upgrade Wizard should identify old files
  needing to be converted.  In some cases, the upgrade will not work due
  to incompatible data values stored in the old case file.  If the upgrade
  fails, there is not need to worry because a backup is always performed
  first.

- Fixed an issue with the import routine where 'history' index.dat files 
  would NOT be imported. A logical error based on file offsets has been
  corrected.

- Fixed an issue with the 'Filter' options. By default, history URLs were
  not being loaded into the Table View. This was due to a change in 2.4.1
  that prevented filters from being evaluated properly for histories only.

- The Filters options have been modified to clarify their purpose. Before,
  you selected (a) Web Pages, (b) History URLs, or (c) Display BOTH.  We
  found that the (b) option (History URLs) was a bit misleading. This was
  evident whenever a user would be interested in viewing the ELEMENTS of 
  a web page but not the web page itself.  Using the options (a, b or c)
  above (with all Filters turned off), would return zero (0) records.  The
  elements are not (a) web pages, and they do not technically come from (b)
  Internet Histories, so option (c) would not work either.  So we decided
  to rename option (b) to simply "OTHER URLs" and then we reworked the logic 
  behind this feature.  What is now available is an even finer degree of
  granularity (overlay) for querying records.

- Improved the cell update for the Rebuilt column in Table View so that 
  when previously rebuilt files are deleted (e.g., outside of CacheBack
  while the program is running), the column cell is updated accordingly.

- Added additional Time Format options so users can customize the display
  of dates and times.

- Fixed a GMT issue that affected only users at GMT -0:00 (London) where
  BST (British Summer Time) has come into play. This was throwing off times
  by 1 hour for some URLs. This has been corrected and validated through
  UK users.

- New files created with CacheBack now come pre-populated with five (5)
  Default SQL Queries to aid investigators with cases involving: hotmail,
  yahoo mail, top25 sites, child pornography, and phishing.

- Yahoo! Mail is now rebuilt with a higher degree of success. Yahoo web pages
  use a complex set of script functions to manage the (a) the display of
  Yahoo! Mail, and (b) connections to their server to authenticate.  
  Unfortunately, these scripts are required in order to display/rebuild the
  pages properly. As a result, they cannot be simply remarked out or removed.
  Therefore, while pages are now being properly rebuilt, CacheBack is still
  unable to render thumbnails for reporting purposes.  See workaround noted
  in next paragraph below.

- Added an extra tab to the Report Window for Custom Thumbnails. This tab is
  a manual means for users to specify ONE image file to be used as THE
  thumbnail to be displayed next to each record in a CacheBack report.  This
  feature has two purposes: (1) it allows users to override the automated
  thumbnails thereby permitting the use of a standard/non-identifying image
  which may be a requirement for using the report in court (where the original
  thumbnails might cause objections by the court because the images themselves
  have not been accepted as evidence of the fact at that time), and (2) it
  allows users to select an alternate image in cases where thumbnails do not
  display properly. This is the case with Yahoo! Mail which cannot render
  thumbnails.

- Added an extra step to the Import Wizard which now allows users to DISABLE/
  ENABLE their Ethernet card. This is done simply by specifying the name of
  a Local Area Connection and storing it inside the 'cacheback.ini' file.  
  We felt that this feature was essential in allowing users to fully disconnect
  from the Internet. While CacheBack provides an offline browser, it is NOT
  a 100% guarantee that some HTTP requests will get through (e.g., complex
  scripts).

- CacheGrab(TM) is a new and powerful standalone command line utility that we
  created that will search any logical volume for Internet cache and history
  artifacts. Using the available switches, the identified artifacts are copied
  to a destination folder on the user's forensic workstation with the option
  of removing any SYSTEM, HIDDEN or READ-ONLY attributes (which has been a 
  well documented problem when using CacheBack to scan the currently-logged-on
  profile for a Windows machine). Users can use this tool to pre-configure its
  use on a forensic workstation by defining a shortcut on their desktop (where
  the source drive and the target export folder are constant). CacheGrab is
  not only available as a separate program menu Shortcut, but it can be launched
  directly from within CacheBack on the Import Form or the File Menu.



2.4.1 - July 21, 2008

- Fixed a problem concerning web pages containing 'Forms' (eg: Google Search)
  which contain the Value attribute.  The value for Value was being replaced
  with '0000123.htm' for example upon Rebuilding.  This anomaly occurred as a
  result of code being used to deal with embedded objects such as flash video.
  In these cases, embedded objects (such as flash) also use the Value attribute.
  This release adds a conditional statement to prevent substitutions for Form 
  fields.


2.4.0 - June 10, 2008

- Fixed a coding error that prevented pictures from being displayed in lower
  viewer panes when selected from Table View. 

- Added code to strip out offending HTML code in Yahoo! Classic Email web pages. 
  Pages should now render properly both in the lower view pane and in HTML 
  Gallery View.


2.3.10 - March 23, 2008

- Suppress warnings now working when generating thumbnails in HTML Gallery
  view.

- Fixed an issue where rebuilding web pages would sometimes have the reverse
  effect. This was due to a default value being substituted for a tag value
  when the proper tag value was not found. This behaviour has been reversed
  so that the original tag value remains whenever a replacement value is not
  found.


2.3.9 - March 3, 2008

- Error: Cannot open case file. Cause: Missing MSADOX.DLL file. Most XP SP2 
  and Vista users who have all Windows updates installed will not have any 
  problem. However, in rare cases, this DLL may be missing on the user's
  system.  Version 2.3.9 was released to include this missing .DLL in the
  setup program.

- New USB key (dongle) licensing. Effective this date, all distributed 
  USB keys will be registered by the user once they receive the product. To
  update the license for the key (dongle), locate the "CB License Manager"
  shortcut in the Program Group (where CacheBack was installed) and run it.
  The user will be connected directly to the CacheBack licensing management
  server immediately (Internet connection required). The dongle ID will be
  authenticated first and then the license will be burned onto the dongle.


2.3.8 - January 27, 2008

- A MAJOR improvement has been made in this release regarding Cascading
  Stylesheets (.CSS) and their use of attributes to load background and
  IMG tag images via the "Class=" attribute in HTML coding.  It is a common
  practice to substitute objects, attributes and path names within a web
  page by defining special "classes" and storing these classes in a separate
  Cascading Stylesheet.  CacheBack has gone the extra step to not only harvest
  .CSS files, but to then parse the .CSS file itself and replace all URL paths
  to images (that have been used by CacheBack to rebuild a web page).

- The accuracy for selecting the correct replacement image or tag within
  within a web page (where more than 1 choice exists) has been significantly
  improved by testing for (and requiring the existence of) the "host" field
  value in the expression that is being evaluated.


2.3.7 - January 16, 2008

- Although CacheBack comes with a built-in offline browser built on Internet
  Explorer technology, there are still opportunities for 'embedded objects'
  and 'sneaky code' (e.g., .php code that builds connection strings dyanmically)
  to successfully connect to the external resource IF YOUR COMPUTER IS CONNECTED
  to the Internet during your analysis. For this reason, we have written-in 
  some extra measures that will cripple the code.  This also prevents embedded
  media files such as Shockwave Flash from loading.
  ** LIKE ANY GOOD FORENSIC PRACTICE, we strongly advise that any investigation
  of Internet-related evidence be done not only OFFLINE, but disconnected as
  well.**

- Some pages were not being rebuilt properly (and sometimes not at all) despite
  the fact that all the ingredients (e.g., images, stylesheets) were present
  on the examiner's workstation. This was due to a block of code originally 
  designed to speed up the 'find and replace' feature when rebuilding web pages.
  The code was suppose to remove unnecessary duplicate values but instead
  would 'sometimes' reduce the items down to 1 or zero.  This was a logical error
  and it has now been fixed. PLEASE NOTE: that some images belonging to a web
  page in a cache might not have been downloaded to the subject's computer or
  has simply expired. This might lead users to believe that the web page was not
  rebuilt properly. A more thorough inspection into the case will most times
  reveal that the image does not exist in the cache (even though it was reported
  inside the cache's INDEX.DAT file).

- When switching to HTML Gallery View, sometimes the progress window would freeze
  up. Other times, it seemed like the option to Cancel the tiling process did not
  take. Due to the limited 'wait cycles' available and the amount of processing
  going on at the moment, repeated attempts to close the window would fail. This
  has now been fixed.

- After creating a report the status window would not close automatically. Users
  would have to manually click on the Cancel button to close the window. This has
  been fixed.

- A couple of NEW and IMPORTANT threads have been recently posted to our message
  forum at "http://cacheback.proboards98.com" (or "http://www.cacheback.ca/forum").

- A new version of the USB Security Key (dongle) device driver has been posted at 
  the message forums for download.  While the existing version of the driver that 
  is packaged with CacheBack supports 32-bit AND 64-bit operating systems, we have
  posted the new one at the forum site anyway (Version date: 2007-11-13).


2.3.6 - December 30, 2007

- Fixed an issue where Daylight Time items (e.g., July 1, 2007) would revert 
  back to Standard Time values in TableView (e.g., bias offset of 1 hour not
  taken into account).  

- Updated the Time Zone List on the Time Zone Window to include some time zones
  that were missing.

- Minor changes to the help file.

- Tweaked the CacheBack V5 EnScript (named: CacheBack_2.3.6.EnScript).


2.3.4 - November 18, 2007

- Fixed a problem where Rebuild Web Pages would not rebuild more than one
  page at a time.

- Ability exists to now (1) Create Templates from web pages that have been
  already Rebuilt, and (2) Rebuild web pages from existing Templates. 


2.3.0 - November 08, 2007

- Added extra column Audit tab to indicate if a NewTag item is missing. This
  was added to help diagnose problems where cache data had been moved AFTER
  being imported into CacheBack thereby altering the relative paths.

- Template tab added but not enabled (final coding still underway).

- Ability to change the sort order of records in final report.

- Users can now hide the TimeRebuilt associated to web pages in final report.

- The Browse control can no longer be coerced at times from embedded scripts
  designed to launch popup windows. ALL URLs have now been disabled. Users are
  still advised to continue disabling access to the Internet while conducting
  examinations to ensure non-contamination of evidence.

- Significantly increased the speed and method for importing and parsing.

- ** Fixed a problem that occurred with some INDEX.DAT files belonging to IE
  Cache (Temporary Internet Files). The code that read the HASH table offset
  was changed in this build to read a specific offset. Before this release,
  some INDEX.DAT files would be overlooked because the HASH table could not be
  located.

- Added the ability to Import plain text (.CSV) files via the File menu.
- Groundwork has been laid for the next release due out soon which will include
  the ability to create Templates and libraries of templates.  Users will then
  be able to rebuild web pages from Unallocated Clusters.

- Users can now import plain old web pages (e.g., that have been carved out from
  Unallocated Clusters). This will allow these orphaned type files to be 
  displayed within CacheBack as thumbnails. This was a needed feature in order
  to work with the Template feature coming out VERY soon.


2.2.3 - September 26, 2007

- After rebuilding a page and then moving off the current row in TableView, 
  returning to the same row would produce a file not found message in the
  Browser viewer pane.

- When creating a Favorite query, the program would lock up. This has been
  fixed. 

- Selecting a Firefox URL in TableView (that has already been rebuilt) would
  seem to hang and then finally display the page.  This was not the case.
  Background processing was going on and no visual indicator (eg: Current
  Status) window was present. We have fixed this in 2 ways. First, we added
  more conditions to test if a page has been rebuilt thereby preventing the
  unnecessary delay cause by rebuilding again.  Secondly, we have added the
  Status window to this function as a visual indicator.

- Users of CacheBack as asked to report any unusual difficulties with this
  release with regards to reviewing Firefox "cache" files.


2.2.1 - September 23, 2007

- Added a Favorites button to the Toolbar. This provides users with an easier way
  to manage their favorite queries. The Custom SQL Query Builder window is now
  accessible both from the Toolbar or from the Favorites window.  Favorites are
  saved to 3 places: Local INI, Shared INI and the Project file itself.  These
  paths can be defined in the Preferences window which is accessed via the File
  menu.

- Significant improvements made to parsing functions for Firefox History.dat 
  files. Can handle extremely large files and addresses extended complexities of
  the Mork database file format.

- On the Report window, added the option to NOT create thumbnails if they already
  exist as a result of using the Rebuild feature. This dramatically increases 
  the loading of the report.



2.1.10 - September 17, 2007

- Fixed the Export feature. Options added for custom delimeter. No URLs
  required to be selected in TableView in order to use feature.

- EnScript has been updated.


2.1.9 - September 13, 2007

- Moving from record to record in TableView now automatically switches
  to the suggested lower view pane. 

- Better analysis of Firefox entries on intial parsing of Mozilla Firefox
  cache entries to more accurately detect 'HTML Content' and 'Pictures'.
  Before, entries in TableView would state HTML Content when in fact the
  record was a picture.

- HTML Gallery now rebuilds only ONE TIME. If however the current dataset
  (SQL Query Definition) changes, then the gallery will refresh and rebuild
  again.

- Fixed a couple of issues relating to customizing SQL queries.

- Navigating from record to record in TableView using the ArrowDown key
  works more smoothly now that Focus is restored back to the TableView
  once a URL record has been displayed or loaded into the appropriate
  lower view pane.

- PICTURE view pane now displays a "Picture not found" message if the
  the file cannot be found where specified by the record entry. This is 
  needed as sometimes a record entry might be 'Orphaned' as a result of
  the associated cache files being moved or were simply never present when
  the related INDEX.DAT file was originally parsed (for IE Cache only).

2.1.8 - September 10, 2007

- Sometimes when navigating the TableView one row after another with the
  Browser View pane selected, the TableView would lock up. Users would 
  have to click on another lower view pane then return to the Browser tab
  to unlock the TableView.  This has been resolved.

- The Report feature's the display of the selected UTC time in two parts.
  The top part displayed the GMT Offset incorrectly. This has been resolved.

- The Report option now features the choice of "Graphical" or "Tabular" 
  reporting. In addition, color coding has been added to distinguish the
  source of different timestamps. A legend has also been added.

- The HTML Gallery view has been revamped to include checkboxes. Users can
  now check off select items then use the right-mouse click feature to 
  access the new "Tag Selected URLs" feature.  Tagged items are immediately
  updated in the project file but users need to "Refresh" the display when
  switching back to TableView.  This 2-step process is intentional.

- Parsing of IEWeekly histories has been corrected. Before, timestamps were
  not being parsed from the file.

- More work has been completed on the Help File which has been included in
  this release (see Take The Tour...Overview).

2.1.0 - September 4, 2007

- Added Upgrade Wizard utility to detect files created with older builds
  and prompt user to upgrade project file to latest build.

- Fixed Create Keyword List feature and improved distinct results list.

- Removed Columns Menu and replaced with popup window for easier selections.

  This feature is now accessed via the View Menu...Columns.

- Added Coordinated Universal Time (UTC) feature to automatically convert 
  LastVisited and Secondary Dates to user-selected Time Zone (GMT Offset).

- Added Time Zone comments at top of HTML Report for reader context.

- Added immediate connectivity to downloads and message forum via the Help
  Menu.

- Support for MAC IE removed at this time. More research required to confirm
  artifact acquisition.

- Removed Filters from Menu Bar and added toolbar icon for easier access.



2.0.4 - August 29, 2007

- When closing the program using the form's X button in the top right
  corner, CacheBack would generate an error and a window would appear
  prompting users to send a report to Microsoft. This has been fixed.

- Improved startup monitoring and error messaging if necessary.


2.0.3 - August 27, 2007

- Fixed a problem where URLs would not automatically load after creating
  a new file and importing history files.

- Fixed the MD5Hash values generated for URLs which impacted the Link
  Analysis reporting.

- Completed the Link Analysis and Audit reporting features.


----------------------------------
Instruction on reporting issues
----------------------------------

Please write in to "support@cacheback.ca" with a detailed description
of the problem and provide, if possible, a screen capture of any
error messages.


Thank you.

CacheBack Support
SiQuest Corporation