Nuix Workstation Release Notes
The Nuix Neo 1.3 Workstation (v100.8) release contains new and updated features as well as resolved issues. This document provides the highlights of this release.
New features
The following new features are available in this release:
Ability to use a scripted validator for custom named entities
Cancel and resume the "Analyse with NLP" process
Enhanced support for Expert Witness Compression format (EWF)
Enhancements to Promote to Nuix Discover functionality
Highlight positive hits to entity search and entity filters
Improved access to PDFs Improved handling of emojis
Ingest a Magnet AXIOM portable case Nuix Imager works with Nuix Neo
Miscellaneous improvements for Nuix Workstation Security Improvements
Store and process component Named Entities within Compound Lexemes as separate Named Entities
Support for detection and extraction of Oxygen Forensic Detective Format v16
Enhancements
Updated to JDK 17.
Updated JxBrowser to v7.36.
Added Document Title to the default Nuix Discover profile. Added support for MSAB schema 24Q1.
Enterprise Vault Connector updated to 1.0.1.0. Dramatically improved the performance of date range searches. Added support for text transcripts of Slack video and audio clips.
Added support to view and export AES256 encrypted PDF documents. Improved performance of rendering process for large text/RTF files.
Supported upgrade paths
You can upgrade Nuix Workstation version 8.0.0 or later to Nuix Workstation version 100.8. For versions earlier than Nuix Workstation version 8.0.0, you must upgrade to v8.0.0 before you upgrade to v100.8. For Nuix Workstation versions earlier than v5.0.0, contact the Nuix Support team for information before migrating your cases.
For every new release of Nuix Workstation, the Nuix Data Finder plugin is updated to work with the latest version of Nuix Workstation.
Compatible versions of Nuix Workstation and Elasticsearch are:
Nuix Workstation Version |
Supported Elasticsearch Version |
Nuix Workstation v9.0.0 and later |
Elasticsearch v7.8.1 |
Nuix Workstation v8.0.0, v8.2.0, v8.4.0, v8.6.0, and v8.8.0 |
Elasticsearch v6.8.0 |
New supported file types
The following newly supported file types has been added to Nuix Workstation: Added extraction of EXIF metadata from movie files.
No previously supported file types have been excluded from the current version.
Resolved issues
This release includes resolutions for the following previously known issues:
Analysis
Improved performance of the application interface after the user adds evidence. Entities are now highlighted when they are part of the search query.
Item counts are no longer displayed in the Address view when de-duplication is enabled.
Opening cases with a large number of numeric properties no longer causes the system to run out of memory.
To limit the number of terms that can be generated in a range, queriesuix.query.specificFieldMaxClauses has been added (defaults to a value of 100000). Interrupted handling during searching no longer generates unexpected error messages.
Extraction
Message reactions now include user and date information.
Added support for Oxygen V16.
Improved performance for handling of Microsoft 365 Connector Teams private chat messages under some usage scenarios.
Added support for text transcripts of Slack video and audio clips.
Resolved an issue in which a small number of chat types were treated as immaterial instead of material.
Added support for MSAB schema 23Q3.
Updated the location URLs for the Microsoft 365 connector to include configured filters.
The bulk CSV evidence loader now tests the connection and reports authentication errors for the Google Workspace connector and other plugin-based connectors that define a "test connection" method.
Added a keyword search capability that allows users to ingest matching SharePoint sites when using the Microsoft 365 connector from UI, scripting API, or the bulk evidence loader.
Added validation processing for Microsoft 365 Bulk Evidence Import to provide better error messages.
Added extraction of EXIF metadata from movie files.
Added support for extracting input text from macOS IME files.
Improved memory usage when processing very large PDF files.
Fixed an error that was caused by the symbol "+" that appeared in phone numbers while performing bulk redactions. Removed redundant replies from the display of first messages in Microsoft 365 Teams threads.
Updated the manner in which some array-valued item properties were stored and indexed. For example, NQL queries made against the values will match in a manner that treats the elements of the array as distinct and unordered values rather than a single concatenated and ordered field value.
Improved Microsoft 365 Connector handling of failures encountered when retrieving Microsoft Teams message calendar event attachments. Event names and item types are now included in error messaging.
Processing the contents of very large CSV files no longer results in high memory usage. Improved handling of large or broken ZIP files.
The user list in the Slack Connector can be sorted regardless of whether the text appears in lower or upper case.
Location URIs for the Microsoft 365 Connector now include all provided location parameters. Large MBOX files are now processed appropriately.
To better handle parsing of non-compliant RFC2822 time zones, we added the system property nuix.rfc2822.nonStandardTimeZone.
Resolved an issue with the Promote to Discover metadata template in which the end time of a calendar appointment was used rather than the start time.
Updated the Microsoft 365 Connector to remove support for MicrosoftGraphLocation.withMailboxRetrievals() in the scripting API, and mailboxRetrievals in the bulk evidence loader. These features have been replaced in Exchange Online.
Improved load processing speed for large MBOX files.
Resolved an issue with processing EDB 2013.
Resolved a scalability issue with the Microsoft 365 Connector in which a worker “watchdog” could time out for Microsoft Teams chats that have many members.
Improved parsing of email From headers when they contain commas.
Resolved an issue in which a third party library caused "text has been truncated" to appear for extracted Microsoft PowerPoint documents and a watermark to appear in printed PDFs. We recommend that you re-ingest any affected documents.
Enabled customers to turn off Aspose processing for Microsoft OneNote data by adding the switch nuix.data.onenote.useAspose (default true).
Resolved a stopwatch error that occurred when users paused and then resume OCR jobs.
To normalize spaces in messaging addresses, we added the switch nuix.messaging.address.normalizeSpace (default true).
Export
Added the ability to resume failed NLP jobs.
Export reports are sent to the license server on demand.
Added the ability to cancel failed NLP jobs.
Resolved an issue in which NLP named entities were duplicated.
Added a createJob function for NLP analysis, featuring a callback option to monitor state changes. Refer to the API documentation for more information.
Added the flag Send Additional Metadata, which allows the user to control whether to send metadata to NLP.
Improved performance of NLP by intelligently handling deduplicated items.
Added Document Title to the default Nuix Discover profile.
Resolved an issue in Export to RSMF related to chat messages with no associated conversation.
Improved NLP processing memory usage.
When an export configuration specifies an MHTML format for emails, the format will also apply to chat messages.
Because unnamed attachment entries for printed emails are displayed inline, they are now hidden..
Resolved an issue in which the incorrect item date was used when promoting documents to Nuix Discover.
Removed unnecessary logs from Nuix Discover Flat File export.
Scripting
Removed getNamedEntityTypes(). See getAllEntityTypes().
Improved performance for the ItemUtility union, intersection, and difference operators for Elasticsearch cases. Exposed the Google Drive connector via scripting.
Added the ability to allow multiple Word Lists and Named Entity Types to be processed in one task.
Provide scripting APIs to retrieve item type tags for an item.
Miscellaneous
Upgraded bc-fips from 1.0.2.1 to 1.0.2.4. Updated to JDK 17.
In the Filtered items list, added the ability to view sub items under Summary Risk.
Updated case opening to validate the evidence metadata for all evidence containers. Nuix Workstation will generate an error if it encounters an issue, such as a missing required plugin.
Introduced the ability to disable certain aspects of the certificate validation on the Elasticsearch client when connecting to the cluster. The nuix.elasticsearch.client.cert.trustStrategy switch was introduced with the following options:
Default: The default flow that validates the certificate against the truststore of the JRE and the host.
TrustAll: Will trust any certificate.
TrustSelfSigned: Will trust self-signed certificates. In addition, the switch nuix.elasticsearch.client.cert.disableHostVerifier=true can be used to skip the host validation (CNAME) of the certificate.
Updated NSF supported versions.
Improved worker process management for terminated processing jobs.
Resolved an issue in which the system failed when configuring the Deep Learning Classifier in an Elasticsearch case.
Updated jruby to v9.4.3.0. This update resolves the issue in which the system sometimes failed when running the console in interactive mode on some platforms (for example, Docker).
NLP filters are no longer reloaded once a job is complete.
Known issues and limitations
We have identified the following issues and our team aims to provide further support in future releases. This release includes the following known limitations:
Performing OCR: You cannot run OCR as a background process for Simple cases. You can only run OCR as a background process for Compound and Elastic cases.
Support for Emoji Synonyms: Emojis are not displayed in Nuix Workstation running on macOS.
Support for AFF4-L format: The AFF4 v1.0 and AFF4-L standards do not currently support the following features: Limitations
Encrypted AFF4 volumes
Persistent data store
HTTP backed streams
Splitting an AFF4 Image across multiple volumes Support for signed statements or Bill of Materials
ARN (AFF4 Resource Name) Hygiene - the Open Source AFF4 Java library is not very flexible when handling incoming data (that is, arn://guid/folder/resource is not equal to arn://guid/folder//resource).
LZ4 Compression Header causes incorrect length attributes, an issue specific to Magnet Forensic AFF4 image, and reported to Magnet.
Support for HWPX format: HWPX/HWP password-protected files are only detected. Decryption is not supported.
Ability to use a scripted validator for custom named entities
Using validators can reduce the number of false positives when identifying custom entities. Nuix Workstation now includes the ability to set script-based validators when defining Custom Named Entities. Using this feature, named entities that are detected within an item can now also be validated at the same time during processing when included in a named entity processing profile.
To use scripted validators, a new Set Validators section has been added to the Create Entity Definition dialog box. Users can add and edit custom Ruby Script validators or choose from one of the following provided validators:
Luhn
Social Security Number
Person name
Cancel and resume the "Analyse with NLP" process
In previous releases, users were unable to cancel or resume the Analyse with NLP process within Nuix Workstation. If the process failed or was stopped, the analyzed data was lost.
In this release, users have the ability to cancel Analyse with NLP jobs. They can also resume analysis in the case of unexpected case closure or abrupt failure mid-analysis.
Enhanced support for Expert Witness Compression format (EWF)
In this version, we have updated support for EWF logical evidence file image format v1 and v2 files. This enhancement allows users to ingest and process files from EnCase v22 and newer.
Enhancements to Promote to Nuix Discover functionality
Promotion of numbered and endorsed PDFs to Nuix Discover
Nuix Workstation v106 now supports legal exports of PDF files (in addition to text and native files) to Nuix Discover through Production Sets. This process allows= users to promote endorsed PDFs as well as PDFS with customized numbering schemes.
Note: The Export > Legal Export to > Promote to Nuix Discover feature supports numbering of native documents, text files, and PDFs through the use of a Production Set. For PDF documents, it also supports redactions and endorsements.
Note: Chat items and Microsoft chat reactions, as well as member added and removed logs, are collated into conversation threads in Nuix Discover. Customers with conversation data will need to use the Nuix Discover Header and Footer functionality to add endorsements to conversation items during export.
Promotion of Text to Discover
Nuix Workstation v106 now supports legal exports of OCR'd text (in addition to PDFs and native files) to Nuix Discover through Production Sets. This process allows= users to promote text files with customized numbering schemes. This enhancement eliminates the need for users to manually OCR text twice.
Specify by filetype whether to promote natives, PDFs, or both
In this release, we have added the ability for users to promote natives, PDFs, or both by specifying a file type in the production profile configuration settings.
Additional Options
In this release, we have added the ability for users to turn off the automatic indexing that takes place in Nuix Discover when items are promoted. We have also added= the ability for users to cancel a Promote to Nuix Discover job, as well as the ability to prevent Nuix Discover from overwriting existing documents with promoted= documents that have duplicate Document IDs.
Highlight positive hits to entity search and entity filters
This version of Nuix Workstation allows you to quickly find relevant data by highlighting positive hits to entity search and entity filters, saving you time over previous versions, when you may have had to scan hundreds of pages for positive entity matches. In previous versions, you could only highlight specific entities: “John Smith,” for example.
In this version, we have added highlighting to entities via search and via selection of entities in the filter pane. For example, searching or filtering for an Entity → ‘Person’ will highlight all entities that match Person.
A targeted entity search, such as searching for Entity Person NOT 'David', will highlight all entities that match Person unless the person is named David.
Improved access to PDFs
In previous versions, PDFs for which the “Document Assembly: Not Allowed" security setting was applied did not always OCR or export properly. In this version, we have resolved this limitation, such that users can view and interact with those PDFs as expected.
Improved handling of emojis
In this release, we have added the ability to render emojis and characters from most foreign languages in the Preview text view. Emojis are now rendered in PDFs, as well.
Ingest a Magnet AXIOM portable case
In this version, you can ingest Magnet AXIOM portable case data in the same way that you ingest other kinds of evidence types. This functionality is useful when, for example, you want to bring evidence into Nuix Workstation that Digital Forensics and Law Enforcement personnel and lawyers have already reviewed and commented on in a portable case.
Note: Unprocessed data that is imported into Nuix Workstation may yield slightly different results than that same data imported into Magnet AXIOM. When you ingest an existing Magnet AXIOM portable case into Nuix Workstation, the data in that portable case is not re-processed.
To ingest a Magnet AXIOM portable case:
In Nuix Workstation, in the Add Case Evidence dialog box, select Add > Add Evidence.
In the Add/Edit Evidence window, click Add > Add Magnet Axiom Database.
Browse to the location of the portable case database, select it, and click Open.
In the Add Magnet Axiom Database dialog box, click OK.
Note: Depending on the size of your database, it may take several minutes to ingest the portable case data.
Additional information about ingested Magnet AXIOM portable cases in Nuix Workstation
Once ingested, any comments that were added in the Magnet AXIOM Portable case appear in Nuix Workstation as tags.
Any Items Tags that were added in the Magnet AXIOM Portable case appear as tags in Nuix Workstation.
Nuix Imager works with Nuix Neo
Nuix Neo now supports Nuix Imager, which is a standalone application that acts as a powerful forensic imaging tool. Nuix Imager allows you to:
Collect data from multiple sources, including hard drives, files, email servers, and cloud storage services. Collect evidence from multiple cloud repositories, including:
Email accounts
Microsoft SharePoint Dropbox
Google Drive
Amazon S3
Preview and triage evidence sources to capture only the relevant data.
Export the selected data set in an NLI (Nuix Logical Image) format, which preserves all metadata of the collected data. Exported data in NLI format can be directly ingested in Nuix Workstation and Engine.
Miscellaneous improvements for Nuix Workstation
Improved interface performance
The Workstation interface is displayed much faster than in previous versions. In addition, when users add data evidence to process data, progress is displayed much faster.
Improved Sorting
Existing custodians and exclusions are now sorted alphabetically in the Add Custodian and Add Exclusion dialog boxes.
Security Improvements
Nuix Neo 1.3 Workstation (v100.8) contains the following security improvements:
Updated: JxBrowser to v7.36 to address Chromium vulnerability CVE-2023-4863
Resolved: Whitesource- Vulnerability found in bc-fips.jar
Resolved: Updated scala-library to 2.13.1 to address vulnerability in CVE-2022-36944.
Update dependency: Com.hierynomus:sshj to v0.34.0
Update dependency: Io.netty:netty-all to v4.1.86.Final
Update dependency: Org.python:jython-slim to v2.7.3
Update dependency: Com.github.lookfirst:sardine to v5.10
Update dependency: Com.diffplug.spotless:spotless-lib to v2.31.1
Update dependency: Com.google.errorprone to v2.17.0
Update dependency: Com.microsoft.sqlserver:mssql-jdbc to v7.4.1.jre12
Update dependency: Com.google.apis:google-api-services-drive to v3-rev20221219-2.0.0
Update dependency: Com.uber.nullaway:nullaway to v0.10.7
Resolved: Whitesource- CVE kafka-clients-2.8.2.jar (CVE-2023-25194)
Updated: Jetty libraries updated to 9.4.51.v20230217 to address CVE-2023-26048 and CVE-2023-26049
Updated: Apache Jena updated to 4.8.0 to address CVE-2023-22665.
Updated: Mend json-20180130 to address CVE-2022-45688
Resolved: Mend jose4j-0.7.9.jar vulnerability found
Updated: Apache Jena updated to 4.8.0 to address CVE-2023-22665
Updated: Mend json-20180130 to address CVE-2022-45688 on 100.0
Updated: Upgraded error_prone_annotations and error_prone_core to v2.19.1
Updated: Guava library updated to 32.0.1 to address CVE-2023-34455
Updated: Snappy-java library updated to 1.1.10.1 to address CVE-2023-34455
Updated: Upgraded batik-script to version 1.16
Updated: Upgraded johnzon-core to version 1.2.21 Updated: Upgraded xnio-api
Updated: Upgraded commons-net version Updated: Upgraded sanselan
Updated: Upgraded jetty-xml Updated: Upgraded logback-classic Updated: Upgraded netty
Updated: Upgraded logback-core Updated: Upgraded undertow-core
Updated: Removed undertow dependency and upgraded pippo and jetty dependencies
Updated: Upgraded Google error prone library.
Store and process Named Entities within Compound Lexemes as separate Named Entities
Nuix Workstation now allows users to view, filter, and search entities within NLP compound lexemes. These entities can be added to metadata profiles for a more granular review and analysis of NLP-enriched data. This enhancement allows for more results to be found when performing PII and entity searches. In Workstation, store and process named entities within Compound Lexemes as separate named entities. The names are defined in the Compound Lexemes or Cognitive Expressions in NLP.
This eliminates the need for complicated search queries and simplifies the process when searching for named entities.
Support for detection and extraction of Oxygen Forensic Detective Format v16
In this release, we have added the capability to ingest Oxygen Forensic Detective Format v16 export files.
In this image, the Oxygen option is available for ingestion.
In this image, you can see the data after a sample Oxygen export is ingested.