v1.3.71 (2026-06-12)
- A PST that is open in Outlook or locked by another process is no longer reported as an unsupported file. The viewer now explains that the file is in use and how to open it. Close Outlook or copy the file and open the copy.
EV code-signed binary (Sherlock Forensics Ltd, SSL.com EV intermediate). SHA-256: bac15d5abd58feed33bbae342e3046b46e7bfc0c824c2be17444a381d0f0f83d. TSA countersignature present, chains to 2034. Commit 84a4f26.
v1.3.7 (2026-06-10)
- Archive-wide search is fast again on mailboxes with Microsoft 365 and Exchange compressed-RTF bodies. The text renderer no longer runs on every message during search.
- The body decoder is hardened against malformed size fields.
Recommendation: Forensic Edition users on any 1.3.x build should update via the PRO badge in-app. Free Edition users can re-download from the storefront. v1.3.7 is a drop-in replacement with no license-key changes required.
EV code-signed binary (Sherlock Forensics Ltd, SSL.com EV intermediate). SHA-256: 0d92715dc9b35b2bdc5fb923a5a25e83b93a75699d3f42920ce44e8716811104. TSA countersignature present, chains to 2034.
v1.3.6 (2026-06-10)
- Fixes blank message bodies on Microsoft 365 and Exchange compressed-RTF mail. The decoder was misreading the compression flag bit polarity.
- The forensic detail panel in the .msg and .eml view is now collapsed by default so the message body has room.
Recommendation: Forensic Edition users on any 1.3.x build should update via the PRO badge in-app. Free Edition users can re-download from the storefront. v1.3.6 is a drop-in replacement with no license-key changes required.
EV code-signed binary (Sherlock Forensics Ltd, SSL.com EV intermediate). SHA-256: 0abb510c1710a5e3c471a6925df805eab1271a846f666e410b2c86877479cbd4. TSA countersignature present, chains to 2034.
Special Thanks
Special thanks to Greg Smith of Dundee Corporation. Greg isolated that the affected message bodies rendered correctly in Outlook but not in Sherlock. He cross-checked the hit counts against an Outlook search to confirm the discrepancy. Critically, he provided a forensically intact sample that preserved the original Microsoft Exchange compressed-RTF (PR_RTF_COMPRESSED / LZFu) data. That sample let us pinpoint and correct a flag-decoding error in our RTF decompressor. We are grateful for his diligence and patience.
v1.3.5 (2026-06-10)
- Fixes blank message bodies on Microsoft 365 and Exchange eDiscovery exports where the body is stored as compressed RTF. The viewer now decodes these resiliently and displays the content.
- Report-export no longer crashes on unusual body data.
- A privacy-safe diagnostic helps support troubleshoot display issues.
Recommendation: Forensic Edition users on any 1.3.x build should update via the PRO badge in-app. Free Edition users can re-download from the storefront. v1.3.5 is a drop-in replacement with no license-key changes required.
EV code-signed binary (Sherlock Forensics Ltd, SSL.com EV intermediate). SHA-256: 35daade76361a0b09a4f2c3accaa0b7eae71bc31b3c16847f09a520de85cc208. TSA countersignature present, chains to 2034.
v1.3.4 (2026-06-09)
- Opt-in raw message body in the diagnostic panel. The privacy-safe diagnostic cog now offers an optional checkbox that includes the raw message body bytes when sending diagnostic info to support. The label tells you exactly what gets shared (just that one message's body, no attachments) before you opt in. Gives the customer-support decoder-fix loop a consent-based path to share the failing bytes that 1.3.3's blank-body fallback cannot yet decode. Support can then decode your exact bytes and ship a true fix in a follow-up.
Recommendation: Forensic Edition users on any 1.3.x build should update via the PRO badge in-app. Free Edition users can re-download from the storefront. v1.3.4 is a drop-in replacement with no license-key changes required.
EV code-signed binary (Sherlock Forensics Ltd, SSL.com EV intermediate). SHA-256: 6c03860a82fe3e84c68008d04d9b8c59e53e4e36c0fe8ee79c28fb7fcd24505b. TSA countersignature present, chains to 2034.
v1.3.3 (2026-06-09)
- Fixes blank message bodies on Microsoft 365 / Exchange (eDiscovery) exports where the body is stored as compressed RTF.
- Sender now shows the real SMTP address instead of the raw Exchange X.500 name. Subject lines no longer show stray leading glyphs.
- Fixes a crash when exporting reports for messages with corrupt or unusual body data. Such bodies now display blank rather than garbled.
- Adds a one-click, privacy-safe diagnostic (shares no email content) to help support troubleshoot display issues.
Recommendation: Forensic Edition users on 1.3.0 or any 1.3.2 build should update via the PRO badge in-app or re-download from the storefront. v1.3.3 is a drop-in replacement with no license-key changes required.
EV code-signed binary (Sherlock Forensics Ltd, SSL.com EV intermediate). SHA-256: 90784ae3cb5590b43aa797ddc68d56f4edc293bd06d212daf7af4e6f37f04710. TSA countersignature present, chains to 2034.
v1.3.1 (2026-06-08). Bug-fix release for Exchange and OST handling
- Compressed RTF body decompression. Exchange and OST messages previously previewed and exported with an empty body when the body content was stored in Microsoft's compressed RTF format. v1.3.1 decompresses the RTF and renders the actual body content in preview, search and every export format (PDF, JSONL, EML, MSG).
- SMTP sender address resolution. The sender field previously displayed the raw Exchange X.500 address (
/O=Org/OU=Group/CN=User) instead of the human-readable SMTP address. v1.3.1 resolves the X.500 name to the underlying SMTP address so reports and exports show user@domain.com instead of the internal directory path.
- Subject line glyph scrub. Subject lines previously showed stray leading control glyphs in some messages. v1.3.1 strips these before display, search indexing and export.
Recommendation: Forensic Edition users on v1.3.0 should update via the PRO badge in-app. Free Edition users can re-download from the storefront. v1.3.1 is a drop-in replacement for v1.3.0 with no license-key changes required.
EV code-signed binary (Sherlock Forensics Ltd, SSL.com EV intermediate). SHA-256: 5f53b9fab2bab20b5d975ef291fe5151c66cd513892f7765116f8421576d173f. TSA countersignature present, chains to 2034.
v1.2.7 (2026-05-27)
- Minor fixes for PST 2003 file parsing
- Adds 1 MB header upload on failure-to-load for diagnostic submission
v1.2.0 (2026-05-23)
- Native modern Outlook OST support (4 KB-page PFF-variant, Outlook 2013+, Microsoft 365, cached-Exchange)
- Find in Archive: whole-PST/OST keyword search across subject, body, from, to and attachment filenames
- Export Documents: one-click extraction of all attached PDFs, Word, Excel, PowerPoint and other files with SHA-256 manifest
- Whole-archive and per-folder PDF report generation with streaming generator (no OOM on multi-GB archives)
- Findings catalog: unified sidebar showing all search results, pattern-scan matches and recovered items
- Data Recovery as dedicated sidebar item with quality filter and inline detail panels
- Sens-Data Scan improvements: scrollable results, CSV export, click-to-jump to matched message
- Modern OST diagnostics with authoritative counts from NBT index
- Crash diagnostics with structured logs and one-click submission to Sherlock
- System-folder hiding for empty Outlook-internal folders (MS-OLK-*, Sync Issues, etc.)
- Bulk attachment extraction with scope picker (current folder vs whole archive) and type filter
- Per-message crash isolation so one corrupt block cannot kill an entire scan
v1.1.0 (2026-05-13)
- Multi-monitor support with detachable analysis windows
- Activity timeline with anomaly detection for send/delete volume spikes
- Communication map as force-directed graph with per-edge message filtering
- Cross-PST search across multiple custodian archives
- Pattern-based sensitive-data scanning with format validators (Luhn for credit cards)
- Deleted-item recovery using four independent carving methods
- MAPI property explorer for raw property inspection
- Attachment safe view with sandboxed rendering
- Verifiable export container with Ed25519 signatures
- Mark persistence across sessions with range-mark, show-marked-only and folder badges
- In-message Ctrl+F search with digit-aware matching
v0.1.6 (2026-04-18)
- MSG and EML file support (single file and folder batch mode)
- MSG encoding detection (Unicode/ANSI)
- Recursive folder scanning