Forensic Explorer

$1,695.00

Forensic Explorer is a tool for the preservation, analysis and presentation of electronic evidence. Primary users of this software are law enforcement, government, military and corporate investigations agencies.

Extended Maintenance to 2 years

Compare
Category:

Description

Forensic Explorer combines a flexible graphic user interface (GUI) with advanced sorting, filtering, keyword searching, previewing and scripting technology. It enables investigators to:

  • Manage the analysis of large volumes of information from multiple sources in a case file structure;
  • Access and examine all available data, including hidden and system files, deleted files, file and disk slack and unallocated clusters;
  • Automate complex investigation tasks;
  • Produce detailed reports; and,
  • Provide non forensic investigators a platform to easily review evidence.

Recommended Requirements:

    • Intel® Core i7 CPU
    • 8 GB of RAM

Developed for Win 7 and 8.
32Bit (runs on 32 and 64 bit PCs). Full 64 bit version coming soon.

Supported File Formats
Forensics Explorer supports the analysis of the following file formats:

  • Apple DMG
  • DD or RAW;
  • EnCase® (.E01, .L01, Ex01);
  • Forensic File Format .AFF
  • FTK® (.E01, .AD1 formats);
  • ISO (CD and DVD image files);
  • Microsoft VHD
  • NUIX File Safe MFS01
  • ProDiscover®
  • SMART®
  • VMWare®
  • XWays E01 and CTR

Supported File Systems
Forensic Explorer supports analysis of:

  • Windows FAT12/16/32, exFAT, NTFS,
  • Macintosh HFS, HFS
  • EXT 2/3/4
  • Hardware and Software RAID: JBOD, RAID 0, RAID 5

Email Analysis Formats
Email module supports the analysis of .PST files.
The Index Search module (DTSearch) supports the index and keyword search of .PST files.

Key Features:

Customizable Interface: The forensic explorer interface has been designed for flexibility. Simply drag, drop and detach windows for a customized workspace. Save and load your own workspace configurations to suit investigative needs.
International Language Support: Forensic Explorer is Unicode compliant. Investigators can search and view data in native language format such as Dutch or Arabic.
Complete Data Access: Access all areas of physical or imaged media at a file, text, or hex level. View and analyze system files, file and disk slack, swap files, print files, boot records, partitions, file allocation tables, unallocated clusters, etc.
Fully Threaded Application: Run multiple functions and scripts in threads.
Multiple Core Processing: Maximize PC processors for intensive functions like keyword searching, data carving, hashing, signature analysis.
Powerful Pascal Scripting language: Automate analysis using a provided script library, or write your own analysis scripts. Automate tasks such as:

  • Run skin tone analysis on graphics files;
  • Extract user, hardware system information from the registry;
  • Locate and analyze transcripts from Internet chats; etc.

Data Views: Powerful data views including:

  • File List: Sort and multiple sort files by attribute, including, extension, signature, hash, path and created, accessed and modified dates.
  • Disk: Navigate a disk and its structure via a graphical view. Zoom in and out to graphically map disk usage.
  • Gallery: Thumbnail photos and image files.
  • Display: Display more than 300 file types. Zoom, rotate, copy, search. Play video and music.
  • Filesystem Record: Easily access and interpret FAT and NTFS records.
  • Text and Hexadecimal: Access and analyze data at a text or hexadecimal. Automatically decode values with the data inspector.
  • File Extent: Quickly locate the location of files on disk with start and end sector runs.
  • Byte Plot and Character Distribution: Examine individual files using Byte Plot graphs and ASCII character distribution.

Categorize and Custom Filter:

  • Filter any list view to show folders and files that match a set criteria. Script your own filters.
  • Display files in Categories view where files are grouped by extension, signature, attribute, etc.
  • Quickly flag files of interest.

RAID Support: Work with physical or forensically imaged RAID media, including software and hardware RAID, JBOD, RAID 0 and RAID 5.
Hashing: Apply hash sets to a case to identify or exclude known files. Hash individual files for analysis.
Keyword search: Sector level keyword search of entire media using RegEx expressions.
Keyword index: Built in DTSearch index and keyword search technology.
Bookmarks and Reporting: Add case notes to identify evidence and include case notes in a custom report builder.
Data Recovery and Carving: Recover folders, files and partitions. Use an inbuilt data carving tool to carve more than 300 known file types or script your own.
File Signature Analysis: Forensic Explorer can automatically verify the signature of every file in a case and identify those mismatching file extensions.
Registry analysis: Open and examine Windows registry hives. Filter, categorize and keyword search registry keys. Automate registry analysis with RegEx scripts.
Shadow Copy analysis: Easily add and analyze shadow copy files.
Live Boot: Boot forensic image files.

Additional information

Weight 1 lbs
Dimensions 4 × 1 × 1 in

Reviews

There are no reviews yet.

Be the first to review “Forensic Explorer”

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.