Description

Forensic Explorer combines a flexible graphic user interface (GUI) with advanced sorting, filtering, keyword searching, previewing and scripting technology. It enables investigators to:

• Manage the analysis of large volumes of information from multiple sources in a case file structure;
• Access and examine all available data, including hidden and system files, deleted files, file and disk slack and unallocated clusters;
• Automate complex investigation tasks;
• Produce detailed reports; and,
• Provide non forensic investigators a platform to easily review evidence.

Recommended Requirements:

• • Intel® Core i7 CPU
  • 8 GB of RAM

Developed for Win 7 and 8.
32Bit (runs on 32 and 64 bit PCs). Full 64 bit version coming soon.

Supported File Formats
Forensics Explorer supports the analysis of the following file formats:

• Apple DMG
• DD or RAW;
• EnCase® (.E01, .L01, Ex01);
• Forensic File Format .AFF
• FTK® (.E01, .AD1 formats);
• ISO (CD and DVD image files);
• Microsoft VHD
• NUIX File Safe MFS01
• ProDiscover®
• SMART®
• VMWare®
• XWays E01 and CTR

Supported File Systems
Forensic Explorer supports analysis of:

• Windows FAT12/16/32, exFAT, NTFS,
• Macintosh HFS, HFS
• EXT 2/3/4
• Hardware and Software RAID: JBOD, RAID 0, RAID 5

Email Analysis Formats
Email module supports the analysis of .PST files.
The Index Search module (DTSearch) supports the index and keyword search of .PST files.

Key Features:

Customizable Interface: The forensic explorer interface has been designed for flexibility. Simply drag, drop and detach windows for a customized workspace. Save and load your own workspace configurations to suit investigative needs.
International Language Support: Forensic Explorer is Unicode compliant. Investigators can search and view data in native language format such as Dutch or Arabic.
Complete Data Access: Access all areas of physical or imaged media at a file, text, or hex level. View and analyze system files, file and disk slack, swap files, print files, boot records, partitions, file allocation tables, unallocated clusters, etc.
Fully Threaded Application: Run multiple functions and scripts in threads.
Multiple Core Processing: Maximize PC processors for intensive functions like keyword searching, data carving, hashing, signature analysis.
Powerful Pascal Scripting language: Automate analysis using a provided script library, or write your own analysis scripts. Automate tasks such as:

• Run skin tone analysis on graphics files;
• Extract user, hardware system information from the registry;
• Locate and analyze transcripts from Internet chats; etc.

Data Views: Powerful data views including:

• File List: Sort and multiple sort files by attribute, including, extension, signature, hash, path and created, accessed and modified dates.
• Disk: Navigate a disk and its structure via a graphical view. Zoom in and out to graphically map disk usage.
• Gallery: Thumbnail photos and image files.
• Display: Display more than 300 file types. Zoom, rotate, copy, search. Play video and music.
• Filesystem Record: Easily access and interpret FAT and NTFS records.
• Text and Hexadecimal: Access and analyze data at a text or hexadecimal. Automatically decode values with the data inspector.
• File Extent: Quickly locate the location of files on disk with start and end sector runs.
• Byte Plot and Character Distribution: Examine individual files using Byte Plot graphs and ASCII character distribution.

Categorize and Custom Filter:

• Filter any list view to show folders and files that match a set criteria. Script your own filters.
• Display files in Categories view where files are grouped by extension, signature, attribute, etc.
• Quickly flag files of interest.

RAID Support: Work with physical or forensically imaged RAID media, including software and hardware RAID, JBOD, RAID 0 and RAID 5.
Hashing: Apply hash sets to a case to identify or exclude known files. Hash individual files for analysis.
Keyword search: Sector level keyword search of entire media using RegEx expressions.
Keyword index: Built in DTSearch index and keyword search technology.
Bookmarks and Reporting: Add case notes to identify evidence and include case notes in a custom report builder.
Data Recovery and Carving: Recover folders, files and partitions. Use an inbuilt data carving tool to carve more than 300 known file types or script your own.
File Signature Analysis: Forensic Explorer can automatically verify the signature of every file in a case and identify those mismatching file extensions.
Registry analysis: Open and examine Windows registry hives. Filter, categorize and keyword search registry keys. Automate registry analysis with RegEx scripts.
Shadow Copy analysis: Easily add and analyze shadow copy files.
Live Boot: Boot forensic image files.