PacknHash Changelog

PacknHash-V4.4.2 Release – 3/14/2024

  • Hotfix adjusting commands for encryption passwords containing special characters that could create failures of 7z commands.

PacknHash-V4.4.1 Release – 2/10/2024

  • Archive testing functions now multithreaded. Internal testing showed approximately 30% reduction in archive testing time when compared to same sized case batch.
  • Lots of additional cleanup of code and message formatting in output console.
  • Further improvements to messaging in Activity Dashboard.
  • Improvements to automatic disabling/enabling of processing buttons in UI at start/ end of various processing tasks.

PacknHash-V4.4 Release – 2/05/2024

  • Major UI Updates:
    • Refreshed UI
    • Significant recoding of subprocess modules eliminating secondary console windows and all 7zip status messages now piped into integrated ‘Activity Dashboard’.
  • Advanced source queuing and case information customization inspired by the updated queuing system ‘BFIP’, now integrated.  Allows for user to verify what case folders are queued for archiving before starting processing, as well as adding cases from different drives to a single queue.
  • Lots of updates to messaging and logging to take advantage of updated activity dashboard, and to minimize redundant notifications. 
  • Archive testing has gotten a significant update.  While archives generated from PackNHash have always been automatically tested for integrity and CRC errors, this information and the results are now brought front and center to the user’s attention with clear status indications for each tested archive.  This new results window will be presented at the conclusion of any full PackNHash, or standalone Archive Test passes.   
  • API for automatically checking for updated versions of PackNHash now integrated.  If connected to the internet, available updates will be queried on startup, or can be triggered from right click menu.

PacknHash-V4.2 Release – 7/03/2022

  • Hashing Engine Rebuilt to now conduct multithreaded parallel hashing of archive segments. Direct tests between prior hashing engine and new multithreaded version yielded a 400% increase in speed.
  • 7z Binaries now directly integrated and no further 7Z installation necessary.
  • UI Refinements including update console output that dynamically resizing when program window is maximized.
  • Right Click Cut, Copy, Paste, and Help options.
  • Integrated User Manual into program.
  • Logs Moved to users appdata consistent with other Breakpoint Forensic Tools and button to open Logs folder added to UI.
  • Other miscellaneous code cleanup, and improvements.

V4.01 -03/29/22

  • Hotfix to resolve error for missing ‘Tee’ binary during testing phase.

V4 -03/21/22

  • Massive UI Update – Completely rebuilt from ground up
  • All console entry is completely banished and handled through 100% GUI-based elements
  • Exposed additional archive settings for optional configuration of:
    • Compression Level/Speed
    • Archive Encryption
  • Common user configuration settings are now automatically saved and automatically set for you the next time PackNHash is run.
  • New Validation Section allowing individual testing, file list generation, and hashing tasks to before performed on their own.
  • Huge speed update to entire process when using recommended settings, that can yield 400% increase in speed over entire PackNHash process.
  • New integrated console for cleaner feedback on processing progress with completion percentage updates provided throughout various stages.
  • Refactored hashing process that now results in a single CSV file containing hash values for all segments of a case-folders archive.

2/22/2022 — Version 3.2b

-Minor Hotfix/Reordering of functions to eliminate duplicate log files.

6/29/2022 BFIP4Griffeye-V4.1 Release

+Breakpoint Processing Engine

-Hotfix for bug in partition analysis function that could result in partition slot numbers being skipped on some MBR formatted drives.

-Start and Carve Buttons will now be disabled while any carving/processing functions are actively running to eliminate accidental activation and processing conflicts.

6/14/2022 BFIP4Griffeye-V4 RC2 Release

+Case Setup
-Resolved issue when selecting existing case file to add to that resulted in duplicate case file being created.

+Forensic Image Locate Function
– Added size check for files with supported forensic image function to avoid adding invalid files that also contain forensic image extension
to the case. Currently skips forensic images under 5MB.

– Added forensic image support for aa, aff, smart, and vmdk

+Breakpoint Processing Engine
-Adjustment to JSON builder code that could result in conflict when building several jsons with Hypercarve enabled.

-Carved files and JSON output parent folder renamed to ‘BPE Carved Files’

-Minor code cleanup

+Archive Unpacker

– Unpacking can get stuck sometimes if a carved/recovered archive is particularly corrupted. Added
timeout for single archive extraction of max 30 minutes. If single archive extraction
exceeds timeout, BFIP will terminate current archive extraction attempt, log the termination and problem file,
and move to next.

-Right Click ‘Help’ function added/changed that now directs to online support request/ticket page.

-Added confirmation prompt for window close/quit events to avoid accidentally closing program.

Prior Releases:


+Added Right Click Menu with Cut, Copy, Paste Available in input boxes

+Integrated User Manual

+Addition of Breakpoint Processing Engine
– Conducts an intelligent Disk Analysis first and identifies each unique partition and filesystem type.
Then conducts individual PhotoRec passes for each partition.

– Passes recovered data to custom JSON generator to build out JSON containing notable metadata and fields (ie. Physical Location, Unallocated Status, etc)

– Conducts final imports of carved data (using JSON method), and Standard Griffeye Import directly from forensic image, including Flagged Deleted.

– Ability to select from 4 categories to carve from (images, videos, documents, archives) in new ‘Breakpoint Carving Options’ menu.

+Hypercarve added to Breakpoint Processing Engine
-Allows for Paralell Carving Processes
-Added slider to set the number of threads available to Hypercarver

+New Module added in Breakpoint Processing Engine to Unpack Carved Archives
-Utilizes 7za binary.
-Currently looks for RAR, ZIP, and 7ZIP Archives to unpack.
-Enabled in ‘Breakpoint Carving Options’ Menu by Checking ‘Archives’ under ‘Unpack Embedded Files’
-Unpacked Embedded media files are then also added to VICS JSON for later import.

+Major UI Overall and Rework of Menus
– Output Console Now auto expands when BFIP is maximized and allows several more lines to be viewable.

– Addition of new ‘Griffeye Import Settings’ menu. Exposes some of the more common Griffeye settings you may want to adjust, and limits/eliminates
prior need to use ‘Custom Import Settings’ JSON to adjust processing options.

– Addition of several tooltips to elements (more to come)

– New Menus

– Layout Overhall

– Ability to now just conduct the Carve and JSON creation phase using ‘Carve Only’ Button. Does everything except passing final JSON and forensic images
to Griffeye.

– Additional UI Scaling Adjustments to allow for universal element scaling depending on users resolution and windows scaling settings.

+Combined CaseID and Output Path File Dialogue boxes into single action to provided clearer visibility into where file will be saved and easier
selection of existing case file when adding additional sources.

+Bug Fixes and Minor Changes
– Logs now managed on per-day basis and kept in Log folder.

– New Button in main UI to jump strait to logs.

– Addition of processing time stats

– Additional minor adjustments, UI and code cleanup

2/26/2022 — Version 3.4b1

-Fix for Processing Engine Path

-Rework Advanced Settings Menu to add Processing Engine Override

2/24/2022 — Version 3.4b

-Initial Public Release