GET DATA FORENSIC EXPLORER
Product Code: AP-GETDATA-FEX-MIP
Mount Image Pro Only
Product Code: AP-GETDATA-MIP
Live Boot virtualization, Shadow Copy, Meta extraction, Carving, Hash Sets, Index and Keyword search, Bookmarking and more…
Forensic Explorer is a tool for the analysis of electronic evidence. Primary users of this software are law enforcement, corporate investigations agencies and law firms. Forensic Explorer has the features you expect from the very latest in forensic software. Inclusive with Mount Image Pro, Forensic Explorer will quickly become an important part of your forensic software toolkit.
Forensic Explorer combines a flexible graphic user interface (GUI) with advanced sorting, filtering, keyword searching, previewing and scripting technology. It enables investigators to:
- Manage the analysis of large volumes of information from multiple sources in a case file structure,
- Access and examine all available data, including hidden and system files, deleted files, file and disk slack and un-allocated clusters,
- Automate complex investigation tasks,
- Produce detailed reports,
- Provide non forensic investigators a platform to easily review evidence.
- Intel® Core i7 CPU
- 16 GB of RAM
Developed for Win 7 and 8. 32Bit (runs on 32 and 64 bit PCs). Full 64 bit version coming soon.
Supported File Formats
Forensics Explorer supports the analysis of the following file formats:
- Apple DMG
- DD or RAW
- EnCase® (.E01, .L01, Ex01)
- Forensic File Format .AFF
- FTK® (.E01, .AD1 formats)
- ISO (CD and DVD image files)
- Microsoft VHD
- NUIX File Safe MFS01
- XWays E01 and CTR
Supported File Systems
Forensic Explorer supports analysis of:
- Windows FAT12/16/32, exFAT, NTFS,
- Macintosh HFS, HFS+
- EXT 2/3/4
- Hardware and Software RAID: JBOD, RAID 0, RAID 5
Email Analysis Formats
Email module supports the analysis of .PST files. The Index Search module (DTSearch) supports the index and keyword search of .PST files.
Customizable Interface: The forensic explorer interface has been designed for flexibility. Simply drag, drop and detach windows for a customized work space. Save and load your own work space configurations to suit investigative needs. International Language Support: Forensic Explorer is Unicode compliant. Investigators can search and view data in native language format such as Dutch or Arabic. Complete Data Access: Access all areas of physical or imaged media at a file, text, or hex level. View and analyze system files, file and disk slack, swap files, print files, boot records, partitions, file allocation tables, unallocated clusters, etc. Fully Threaded Application: Run multiple functions and scripts in threads. Multiple Core Processing: Maximize PC processors for intensive functions like keyword searching, data carving, hashing, signature analysis. Powerful Pascal Scripting Language: Automate analysis using a provided script library, or write your own analysis scripts. Automate tasks such as:
- Run skin tone analysis on graphics files;
- Extract user, hardware system information from the registry;
- Locate and analyze transcripts from Internet chats; etc.
Data Views: Powerful data views including
- File List: Sort and multiple sort files by attribute, including, extension, signature, hash, path and created, accessed and modified dates.
- Disk: Navigate a disk and its structure via a graphical view. Zoom in and out to graphically map disk usage.
- Gallery: Thumbnail photos and image files.
- Display: Display more than 300 file types. Zoom, rotate, copy, search. Play video and music.
- Filesystem Record: Easily access and interpret FAT and NTFS records.
- Text and Hexadecimal: Access and analyze data at a text or hexadecimal. Automatically decode values with the data inspector.
- File Extent: Quickly locate the location of files on disk with start and end sector runs.
- Byte Plot and Character Distribution: Examine individual files using Byte Plot graphs and ASCII character distribution.
Categorize and Custom Filter:
- Filter any list view to show folders and files that match a set criteria. Script your own filters.
- Display files in Categories view where files are grouped by extension, signature, attribute, etc.
- Quickly flag files of interest.
RAID Support: Work with physical or forensically imaged RAID media, including software and hardware RAID, JBOD, RAID 0 and RAID 5. Hashing: Apply hash sets to a case to identify or exclude known files. Hash individual files for analysis. Keyword Search: Sector level keyword search of entire media using RegEx expressions. Keyword Index: Built in DTSearch index and keyword search technology. Bookmarks and Reporting: Add case notes to identify evidence and include case notes in a custom report builder. Data Recovery and Carving: Recover folders, files and partitions. Use an inbuilt data carving tool to carve more than 300 known file types or script your own. File Signature Analysis: Forensic Explorer can automatically verify the signature of every file in a case and identify those mismatching file extensions. Registry Analysis: Open and examine Windows registry hives. Filter, categorize and keyword search registry keys. Automate registry analysis with RegEx scripts. Shadow Copy Analysis: Easily add and analyze shadow copy files. Live Boot: Boot forensic image files.