v1.1.0

• Swapped the MIME parser from OpenPop to a slightly modified version of MimeKit (MimeKitLite). This allows for the correct differentiation between in-line parts (e.g. images, PGP sigs) and true attachments
• Modified the data storage to use Alternate Data Streams (ADS) so that all of the different output data can be stored in one file per session
• Added Session and and Packet parser interfaces e.g. HTTP and DNS so far
• Added Processor interface e.g. SMTP
• Added logging using NLog and this.Log libraries
• Added logging to all exception handlers
• Fixed bug where if only one item showing in list, then you cannot select it to view session details
• Updated the TCP session parsing code using the current Wireshark code (epan/follow.c). This identified 4 bugs introduced in the porting.
• Fixed bug in the import window which resulted in databases that were appended to without warning the user
• Fixed bug where the new sessions were not displayed if multiple imports were performed without restarting the application
• Changed HTML parser from HtmlAgilityPack to AngleSharp
• Changed the GZIP decoder from DotNetZip to the MS one due to it being poorly implemented compared to the latest MS version
• Modified the session processing to be multi-threaded
• Implemented multi-threaded session parsing
• Modified the SMTP output so that the CSV is correctly formed when there are multiple recipients
• Added new SMTP output that shows the recipients associated with a particular MD5 hash and subject
• Removed the Ionic zip file library and replaced with System.IO.Compression.FileSystem
• Modified the SMTP processing so that all unzipped files have ".safe" appended to the filename to prevent accidental execution. Thanks DannyF
• Modified the SMTP processing so that the email addresses from the TO parts
• Modified the SMTP CSV to include a header
• Added option to manually perform GZIP decoding so that specific sessions can be decoded when the HTTP parser has been turned off. This will also parse the HTTP Host header and all of the HTTP methods called in the TCP session, the parsed data will then be displayed in the list.
• Add HTTP file extractor which uses file signatures to determine what should be extracted out (zip, exe, gz, doc, xls, docx, xlsx, pdf, rar, winzip)
• Remove the gzip header if we process it using the HTTP session processor else it will error the next time around
• Outputs the start timestamp, end timestamp and number of packets processed to the output directory (Log.txt)
• Moved the URL export to a new URL extractor