V0.7.1

Full Changelog: V0.7.0...V0.7.1

• Semantic Intelligence & Field Mapping
  The Semantic Mapping system has been completely rebuilt into a contextual intelligence layer.
  • Field Alias Matching (FTS5): Uses SQLite FTS5 for fast, fuzzy, and robust field name lookups, ensuring different tools' data can be mapped to standardized forensic concepts.
  Advanced Logic: Supports complex AND/OR logic and confidence scoring for each rule

• Artifact Type Registry: A centralized, JSON-driven system that provides a single source of truth for all artifact metadata, eliminating duplicate lists across 10+ files

• Hierarchical Weight Precedence: A strict new resolution order ensures weight settings are predictable: Wing-specific > Case-specific > Global > Default Fallback

• Enhanced Results Viewers: New production-ready viewers for both engines include Semantic Columns, hierarchical grouping (Window → Feather → Evidence), and pagination for large datasets

• Metadata-Optional Processing: The engine now automatically detects artifact types using a priority list (Metadata → Table Names → Filename), allowing for the import of databases from third-party tools without manual setup

V0.7.0

Full Changelog: 0.6.2...V0.7.0
Add Correlation Engine with comprehensive documentation
Major Features:

• Introduce dual-engine correlation system (Time-Based and Identity-Based)
• Add universal data import supporting CSV/JSON/SQLite from any forensic tool
• Implement Feather normalization system for standardized artifact storage
• Add Wings correlation rules system with configurable parameters
• Implement Pipeline orchestration for automated workflows
• Add cyberpunk-styled GUI for correlation visualization

Correlation Engine Components:

• Time-Based Engine: O(N²) comprehensive field-level correlation
• Identity-Based Engine: O(N log N) scalable identity tracking with streaming
• Feather Builder: Universal forensic data normalization
• Wings System: Flexible correlation rule definitions
• Pipeline Executor: Automated multi-artifact correlation workflows
• Results Viewer: Interactive visualization

Documentation (~7,200 lines):

• Add Correlation Engine Overview with architecture diagrams
• Add comprehensive Engine Documentation with selection guide
• Add Architecture Documentation with component integration
• Add Feather, Wings, and Pipeline documentation
• Add dedicated Correlation Engine Contributing Guide
• Update main README with Correlation Engine section
• Update main CONTRIBUTING.md highlighting Correlation Engine priority

Performance:

• Identity-Based Engine: Process 100K records in 2.5 min with streaming
• Time-Based Engine: Optimized for datasets < 1,000 records
• Constant memory usage with streaming mode for large datasets

0.6.2

Enchantment to solve compatibility issues for EXE Version
Full Changelog: 0.6.1...0.6.2

0.6.1

Enhancement to case management ,bug fixes for Registry parsing and enhancement to detect and parse Windows partitions
Full Changelog: 0.6.0...0.6.1

Crow-Eye v0.6.0 – Hidden Partitions, Dual-Boot & Live USB Detection Added with EXE stand alone file

Add support for Disks & Partitions
Add Registry users profiles
Enhancement to the search engine
Full Changelog: 0.5.1...0.6.0
Add Crow-Eye.exe Stand alone file

0.5.1

Enhanced Database Search Engine

0.5.0

Overview

Crow Eye v0.5.0 introduces significant enhancements to forensic analysis capabilities, focusing on improved artifact parsing, search functionality, and timeline visualization .

Key New Features

• New Search Engine : A powerful, full-text search system for efficient querying across all artifacts, with support for advanced filtering and natural language input to assist non-technical users.
• Timeline Correlation Dialog : Interactive dialog for visualizing and correlating forensic events in a timeline view.
• ShellBags Parsing : Added parsing for ShellBags artifacts, extracting folder access history, views, and timestamps to reveal user navigation patterns.
• SRUM Parsing : New parser for System Resource Usage Monitor (SRUM), capturing app resource usage, network activity, energy consumption, and execution data.
• MRU and Recent Docs Binary Parsing Enhancements : Improved binary parsing for Most Recently Used (MRU) lists and Recent Documents, with better handling of typed paths, Open/Save history, and recent files across Windows versions. Includes error handling and output in SQLite + JSON formats. Improvements and Fixes

Notes

• Offline Analysis : Still under development for some artifacts—use with caution and report issues.
• Contributions : We welcome pull requests for additional correlations or parsers. Contact ghassanelsman@gmail.com for collaboration.

V0.4

Update USN_Claw.py