X-Ways Forensics

X-Ways Forensics is an advanced work  environment for computer forensic examiners and our flagship product. It runs under Windows 2000/XP/2003/Vista*/2008*/7*, 32 Bit/64 Bit. It is based on the   WinHex hex and disk editor and part of an efficient workflow model where  computer forensic examiners share data and collaborate with investigators  that use X-Ways Investigator.

X-Ways Forensics, the forensic edition of  WinHex, is a powerful and affordable integrated computer forensics environment with numerous forensic features, rendering it a powerful disk   analysis tool: capturing free space, slack space, inter-partition space, and   text, creating a fully detailed drive contents table with all existing and deleted files and directories and even alternate data streams (NTFS),   Bates-numbering files, and more. Picture gallery, file preview,  calendar/timeline display. Also serves as a low-level disk imaging and   cloning tool that creates true mirrors (including all slack space) and reads   most drive formats and media types, and supports drives and files of virtually unlimited size (even terabytes on NTFS volumes!). 

MD5 VFC 2

VFC seamlessly and expeditiously re-creates a   virtual scene from either the original evidence drive itself or the forensic  copy of the suspect's system. The VFC process normally takes less than a   minute, with average system start up times of the virtual clone ranging from  between 2-5 minutes. Crucially for the forensic investigator, the process never alters the original evidence and can be repeated at will. Industry experts will be well aware how unique VFC is; it provides a straightforward and user friendly interface that can be used by any investigative agency, be it   criminal or civil, in order to quickly ascertain the need for further   examination of the system. The VFC method enables any legal professional to   experience the suspect's system in its own 'virtual' environment, accessing   the original data but leaving it wholly intact. How better to display   evidence than by 'virtually' using the original machine and data?  Descriptions of technical processes and file locations are easily and  implicitly understood when visually demonstrated. VFC is a simple, cost   effective tool designed to present evidential data in a virtual environment.

ASR Data Smart Mount

- Mount   EnCase/Expert Witness (.E01 files), VMWare Disk (.vmdk files), FTK, SMART or dd files locally or over the network.

- Convert EnCase/Expert Witness and .vmdk files to “flat” image files

- Mount password protected EnCase/Expert   Witness .E01 files without the password

- Mount file systems from within dd images or Macintosh .dmg images

- Mount file systems from within FTK images

- No need to re-acquire evidence, no need for write-blockers.

SmartMount is a utility that allows you to mount filesystems contained in logical and physical disk image files. It   automatically detects the partitions and filesystems in your images. 

ASR Data Smart For Linux

The SMART software and methodology have been   developed with the intention of integrating technical, legal and end-user   requirements into a complete package that enables the user to perform their  job most effectively and efficiently.

SMART is more than a stand-alone data  forensic program. The features of SMART allow it to be used in many scenarios, including:

-            “Knock-and-talk” inquiries and investigations

-            on-site or remote preview of a target system

-            post mortem analysis of a dead system

-            testing and verification of other forensic    programs

-            conversion of proprietary “evidence file”   formats

-            baselining of a system

GetData Mount Image Pro

Mount Image Pro is a computer forensics tool for Computer Forensics investigations. It enables the mounting of:

-            EnCase .E01, .L01

-            EnCase .Ex01 - coming soon

-            AccessData .AD1

-            Unix/Linux DD and RAW images

-            Forensic File Format .AFF

-            SMART

-            ISO (CD and DVD images)

-            VMWare

-            ProDiscover

-            Microsoft VHD

-            Apple DMG

image files as a drive letter under the Windows file system.

ElcomSoft Password Recovery Bundle

A complete suite of ElcomSoft password recovery tools allows corporate and government customers to unprotect disks and systems and   decrypt files and documents protected with popular applications. Based on   in-house tests as well as feedback from ElcomSoft valuable customers, these password recovery tools are the fastest on the market, the easiest to use and   the least expensive.

Passware Kit Forensic

Key Features    

• Recovers passwords for 200+ file types and decrypts hard disks providing an all-in-one user interface  
• Scans computers and network for        password-protected files (Encryption Analyzer Professional included)   
• Acquires memory images of the seized computers (FireWire Memory Imager        included)   
• Retrieves electronic evidence in a matter of minutes from a Windows Desktop Search Database (Search Index Examiner included)   
• Recovers Mac User Login passwords and FileVault keys from computer memory   
• Supports Distributed and Cloud Computing password recovery   
• Runs from a USB thumb drive and recovers passwords without installation on a       target PC (Portable Version included)   
• Available as SDK for .NET   
• Includes 1-year Subscription to updates

Belkasoft Evidence Center 2012

Belkasoft offers a forensically sound solution   to quickly discover a great deal of evidence with repeatable results and   flexible reporting. Belkasoft Evidence Center performs comprehensive forensic   analysis of hard drives and disk images retrieving instant messenger logs and  chat history, social networking communications, multi-user online game chats,   Web browsing history and webmail data, P2P products and file exchange   services.

Forensically Sound Software: Belkasoft Evidence Center is designed with law enforcement   customers in mind, providing repeatable, forensically sound results every   time it runs. It leaves zero traces on disks being investigated with absolutely no disk writes or evidence altering. 

ASR Data SAW

As   a stand-alone utility, SAW is a robust, configurable and easy to use GUI   program for creating “forensic” images from storage media. SAW runs under   Windows, Macintosh and Linux operating systems.

The images SAW creates can be used by SmartMount to deliver unparalleled performance when storing, searching, authenticating, analyzing, carving,   indexing and interacting with data stored within ExpertWitness/EnCase images, SMART images, FTK Images, dd images, Virtual Machine images and many other   “forensic” image formats. The efficiency realized by using SAW and SmartMount are astounding and the efficiency is “exported” or inherited, transparently  by any tool or process you are already using.

This  means, for example, you can search in EnCase up to twenty times faster or index in FTK up to twenty times faster.  

InfinaDyne CD/DVD Inspector

Professional software for intensive analysis and extraction of data from CD-R, CD-RW and all types of DVD media - including HD DVD and Blu-Ray. Tailored for professionals in data recovery, forensics, and law enforcement.

CD/DVD Inspector reads all major CD and DVD filesystem formats including ISO-9660, Joliet, UDF, HSG, HFS and HFS+. When the disc being examined contains more than a single filesystem, all filesystems found are displayed. Multiple filesystems are present for hybrid Macintosh/PC discs as well as for discs that are produced by DirectCD and other packet-writing software. DVD Video discs include both the UDF and ISO-9660 filesystem as well.

Cyber Security Technologies Mac Marshal

Mac Marshal is an analytical forensics product to automate key aspects of the investigation of computers running the Mac OS X operating system. Mac Marshal automatically detects OS X and Windows operating systems and virtual machine images, and provides the investigator with an array of automated information-gathering and analytical tools to extract Mac-specific forensic evidence from the operating system, the hard drive, and from Mac applications including Mail, Safari, iChat, Address Book and QuickTime Player.

Mac Marshal is available in two software-only versions called the Forensic Edition for Macs and the Forensic Edition for PCs for analyzing hard drive images. The Forensic Edition for Macs runs on a Mac OS X 10.4 or later platform. The Forensic Edition for PCs runs on a Microsoft Windows XP or later platform.

Cyber Security Technologies P2P Marshal     

P2P Marshal is a powerful computer forensics product which automatically detects, extracts and analyzes P2P evidence on computers under investigation.

P2P Marshal automatically detects a roster of the most commonly-used P2P client programs, and automatically captures and organizes vital forensic information on each client it detects. P2P Marshal automatically provides the investigator with shared files, downloaded files, peer servers, and configuration and log information for each user on the computer being investigated. P2P Marshal performs these tasks in a forensically valid way, and presents the results in an easily readable form on-screen and in a format that can easily be incorporated into a report.

Cyber Security Technologies OnLineDFS

The OnLine Digital Forensic Suite™ (OnLineDFS for short) is a software product for performing forensic-quality investigations of live computers in networked environments. We built OnLineDFS for IT security professionals, service providers and law enforcement professionals who need to conduct investigations of live computers for:

OnLineDFS is a feature-rich tool which enables an investigator to capture and analyze volatile data (including the memory, running processes, open ports, process/port associations, and much more), as well as the full array of persistent data required for a forensic analysis. Because OnLineDFS was designed for conducting investigations over a network, it enables the investigation of target systems which are geographically remote as well as close-at-hand.

OnLineDFS is structured to enable the capture, search and analysis of three major categories of data:

1. Volatile system state data;
2. Memory and registry data;
3. Persistent data.

MacForensicsLab

MacForensicsLab is the first comprehensive computer forensic solution that runs natively on a Macintosh. As such, MacForensicsLab combines the power of modern computing with elegant design and a feature rich environment. Capable of performing all aspects of the forensic process on any filesystem the system bus can recognize, these filesystems include: NTFS, UFS, HFS, HFSPlus, ext2, ext2, ReiserFS and many more.

Fast, fault tolerant, verifiable acquisitions produce a reliable bit-for-bit exact replica of the original media, while maximizing data recovery, even with corrupted media. These forensic images are created with integrated segmenting and granular hashing. Inline processing allows for the creation of dual output images and associated hash files, reducing the time the forensic examiner spends in the data acquisition phase.

Wetstone Gargoyle Investigator Forensic Pro is a software tool providing inspectors with the ability to conduct a quick search on a given computer or machine for known contraband and hostile programs. Because the search is done for the individual files associated with a particular program, it is possible to find remnants even if the program has been deleted. 

• Ability to conduct scans on a   stand-alone system or network resource for known contraband and hostile programs
• 20 datasets containing over 20,000 types of malicious software
• Interoperable with popular forensic tools such as EnCase™
• 32-Bit and 64-Bit drive mounting  and management integration
• Detailed forensic evidence  reports with secure source timestamping, XML based, and customizable
• Timelining feature
• Ability to scan within archive  files (.zip, .rar, .jar, .bh, .arj. lha, .lzh, .tar, .war, .enc, .bz2)
• Windows Vista, XP, 7 Support
• Fibonacci driven discovery engine that delivers>200MB/sec performance on most platforms 

Wetstone StegoHunt is the industry’s leading software tool for discovering the presence  of data hiding activities.

Rapidly identify over 1,000 data hiding threat applications using Fibonacci search methods

• Desktop Applications
• Smart Mobile Device Apps
• Server Based Apps
• Source Code

Accurate Carrier File Identification

• Program Artifacts
• Program Signatures
• Statistical Anomalies   

Operational Discovery Modes

• Directory
• Drive
• Archives
• Drive Image
• Network Path
• Live Machine  

E-Fense Helix3 Pro

Helix3   Pro is a unique tool necessary for every computer forensic tool kit! Get the   only tool with a Live and Bootable side for your investigation needs.   

• A multi-platform LIVE side for three environments; Mac OS X, Windows and      Linux with one simple to use interface      
  • Make forensic images of all internal devices    
  • Make a  forensic image of physical memory (32 and 64 bit)    
  • Determine if disk level encryption is turned on   
• A bootable forensically sound environment to boot any x86 system      Several open source forensic applications to assist with data analysis including        cell phone analysis
  • Make forensic images of all devices    
  • Search  filesystems for specific file types (i.e. Graphic files, Document files, etc)