Please contact us to get more information about forensic software products:
X-Ways Forensics is an advanced work environment for computer forensic examiners and our flagship product. It runs under Windows 2000/XP/2003/Vista*/2008*/7*, 32 Bit/64 Bit. It is based on the WinHex hex and disk editor and part of an efficient workflow model where computer forensic examiners share data and collaborate with investigators that use X-Ways Investigator.
X-Ways Forensics, the forensic edition of WinHex, is a powerful and affordable integrated computer forensics environment with numerous forensic features, rendering it a powerful disk analysis tool: capturing free space, slack space, inter-partition space, and text, creating a fully detailed drive contents table with all existing and deleted files and directories and even alternate data streams (NTFS), Bates-numbering files, and more. Picture gallery, file preview, calendar/timeline display. Also serves as a low-level disk imaging and cloning tool that creates true mirrors (including all slack space) and reads most drive formats and media types, and supports drives and files of virtually unlimited size (even terabytes on NTFS volumes!).
MD5 VFC 2
VFC seamlessly and expeditiously re-creates a virtual scene from either the original evidence drive itself or the forensic copy of the suspect's system. The VFC process normally takes less than a minute, with average system start up times of the virtual clone ranging from between 2-5 minutes. Crucially for the forensic investigator, the process never alters the original evidence and can be repeated at will. Industry experts will be well aware how unique VFC is; it provides a straightforward and user friendly interface that can be used by any investigative agency, be it criminal or civil, in order to quickly ascertain the need for further examination of the system. The VFC method enables any legal professional to experience the suspect's system in its own 'virtual' environment, accessing the original data but leaving it wholly intact. How better to display evidence than by 'virtually' using the original machine and data? Descriptions of technical processes and file locations are easily and implicitly understood when visually demonstrated. VFC is a simple, cost effective tool designed to present evidential data in a virtual environment.
ASR Data Smart Mount
- Mount EnCase/Expert Witness (.E01 files), VMWare Disk (.vmdk files), FTK, SMART or dd files locally or over the network.
- Convert EnCase/Expert Witness and .vmdk files to “flat” image files
- Mount password protected EnCase/Expert Witness .E01 files without the password
- Mount file systems from within dd images or Macintosh .dmg images
- Mount file systems from within FTK images
- No need to re-acquire evidence, no need for write-blockers.
SmartMount is a utility that allows you to mount filesystems contained in logical and physical disk image files. It automatically detects the partitions and filesystems in your images.
ASR Data Smart For Linux
The SMART software and methodology have been developed with the intention of integrating technical, legal and end-user requirements into a complete package that enables the user to perform their job most effectively and efficiently.
SMART is more than a stand-alone data forensic program. The features of SMART allow it to be used in many scenarios, including:
- “Knock-and-talk” inquiries and investigations
- on-site or remote preview of a target system
- post mortem analysis of a dead system
- testing and verification of other forensic programs
- conversion of proprietary “evidence file” formats
- baselining of a system
GetData Mount Image Pro
Mount Image Pro is a computer forensics tool for Computer Forensics investigations. It enables the mounting of:
- EnCase .E01, .L01
- EnCase .Ex01 - coming soon
- AccessData .AD1
- Unix/Linux DD and RAW images
- Forensic File Format .AFF
- ISO (CD and DVD images)
- Microsoft VHD
- Apple DMG
image files as a drive letter under the Windows file system.
ElcomSoft Password Recovery Bundle
A complete suite of ElcomSoft password recovery tools allows corporate and government customers to unprotect disks and systems and decrypt files and documents protected with popular applications. Based on in-house tests as well as feedback from ElcomSoft valuable customers, these password recovery tools are the fastest on the market, the easiest to use and the least expensive.
Passware Kit Forensic
- Recovers passwords for 200+ file types and decrypts hard disks providing an all-in-one user interface
- Scans computers and network for password-protected files (Encryption Analyzer Professional included)
- Acquires memory images of the seized computers (FireWire Memory Imager included)
- Retrieves electronic evidence in a matter of minutes from a Windows Desktop Search Database (Search Index Examiner included)
- Recovers Mac User Login passwords and FileVault keys from computer memory
- Supports Distributed and Cloud Computing password recovery
- Runs from a USB thumb drive and recovers passwords without installation on a target PC (Portable Version included)
- Available as SDK for .NET
- Includes 1-year Subscription to updates
Belkasoft Evidence Center 2012
Belkasoft offers a forensically sound solution to quickly discover a great deal of evidence with repeatable results and flexible reporting. Belkasoft Evidence Center performs comprehensive forensic analysis of hard drives and disk images retrieving instant messenger logs and chat history, social networking communications, multi-user online game chats, Web browsing history and webmail data, P2P products and file exchange services.
Forensically Sound Software: Belkasoft Evidence Center is designed with law enforcement customers in mind, providing repeatable, forensically sound results every time it runs. It leaves zero traces on disks being investigated with absolutely no disk writes or evidence altering.
ASR Data SAW
As a stand-alone utility, SAW is a robust, configurable and easy to use GUI program for creating “forensic” images from storage media. SAW runs under Windows, Macintosh and Linux operating systems.
The images SAW creates can be used by SmartMount to deliver unparalleled performance when storing, searching, authenticating, analyzing, carving, indexing and interacting with data stored within ExpertWitness/EnCase images, SMART images, FTK Images, dd images, Virtual Machine images and many other “forensic” image formats. The efficiency realized by using SAW and SmartMount are astounding and the efficiency is “exported” or inherited, transparently by any tool or process you are already using.
This means, for example, you can search in EnCase up to twenty times faster or index in FTK up to twenty times faster.
InfinaDyne CD/DVD Inspector
Professional software for intensive analysis and extraction of data from CD-R, CD-RW and all types of DVD media - including HD DVD and Blu-Ray. Tailored for professionals in data recovery, forensics, and law enforcement.
CD/DVD Inspector reads all major CD and DVD filesystem formats including ISO-9660, Joliet, UDF, HSG, HFS and HFS+. When the disc being examined contains more than a single filesystem, all filesystems found are displayed. Multiple filesystems are present for hybrid Macintosh/PC discs as well as for discs that are produced by DirectCD and other packet-writing software. DVD Video discs include both the UDF and ISO-9660 filesystem as well.
Cyber Security Technologies Mac Marshal
Mac Marshal is an analytical forensics product to automate key aspects of the investigation of computers running the Mac OS X operating system. Mac Marshal automatically detects OS X and Windows operating systems and virtual machine images, and provides the investigator with an array of automated information-gathering and analytical tools to extract Mac-specific forensic evidence from the operating system, the hard drive, and from Mac applications including Mail, Safari, iChat, Address Book and QuickTime Player.
Mac Marshal is available in two software-only versions called the Forensic Edition for Macs and the Forensic Edition for PCs for analyzing hard drive images. The Forensic Edition for Macs runs on a Mac OS X 10.4 or later platform. The Forensic Edition for PCs runs on a Microsoft Windows XP or later platform.
Cyber Security Technologies P2P Marshal
P2P Marshal is a powerful computer forensics product which automatically detects, extracts and analyzes P2P evidence on computers under investigation.
P2P Marshal automatically detects a roster of the most commonly-used P2P client programs, and automatically captures and organizes vital forensic information on each client it detects. P2P Marshal automatically provides the investigator with shared files, downloaded files, peer servers, and configuration and log information for each user on the computer being investigated. P2P Marshal performs these tasks in a forensically valid way, and presents the results in an easily readable form on-screen and in a format that can easily be incorporated into a report.
Cyber Security Technologies OnLineDFS
The OnLine Digital Forensic Suite™ (OnLineDFS for short) is a software product for performing forensic-quality investigations of live computers in networked environments. We built OnLineDFS for IT security professionals, service providers and law enforcement professionals who need to conduct investigations of live computers for:
OnLineDFS is a feature-rich tool which enables an investigator to capture and analyze volatile data (including the memory, running processes, open ports, process/port associations, and much more), as well as the full array of persistent data required for a forensic analysis. Because OnLineDFS was designed for conducting investigations over a network, it enables the investigation of target systems which are geographically remote as well as close-at-hand.
OnLineDFS is structured to enable the capture, search and analysis of three major categories of data:
- Volatile system state data;
- Memory and registry data;
- Persistent data.
MacForensicsLab is the first comprehensive computer forensic solution that runs natively on a Macintosh. As such, MacForensicsLab combines the power of modern computing with elegant design and a feature rich environment. Capable of performing all aspects of the forensic process on any filesystem the system bus can recognize, these filesystems include: NTFS, UFS, HFS, HFSPlus, ext2, ext2, ReiserFS and many more.
Fast, fault tolerant, verifiable acquisitions produce a reliable bit-for-bit exact replica of the original media, while maximizing data recovery, even with corrupted media. These forensic images are created with integrated segmenting and granular hashing. Inline processing allows for the creation of dual output images and associated hash files, reducing the time the forensic examiner spends in the data acquisition phase.
Wetstone Gargoyle Investigator Forensic Pro is a software tool providing inspectors with the ability to conduct a quick search on a given computer or machine for known contraband and hostile programs. Because the search is done for the individual files associated with a particular program, it is possible to find remnants even if the program has been deleted.
- Ability to conduct scans on a stand-alone system or network resource for known contraband and hostile programs
- 20 datasets containing over 20,000 types of malicious software
- Interoperable with popular forensic tools such as EnCase™
- 32-Bit and 64-Bit drive mounting and management integration
- Detailed forensic evidence reports with secure source timestamping, XML based, and customizable
- Timelining feature
- Ability to scan within archive files (.zip, .rar, .jar, .bh, .arj. lha, .lzh, .tar, .war, .enc, .bz2)
- Windows Vista, XP, 7 Support
- Fibonacci driven discovery engine that delivers>200MB/sec performance on most platforms
Wetstone StegoHunt is the industry’s leading software tool for discovering the presence of data hiding activities.
Rapidly identify over 1,000 data hiding threat applications using Fibonacci search methods
- Desktop Applications
- Smart Mobile Device Apps
- Server Based Apps
- Source Code
Accurate Carrier File Identification
- Program Artifacts
- Program Signatures
- Statistical Anomalies
Operational Discovery Modes
- Drive Image
- Network Path
- Live Machine
E-Fense Helix3 Pro
Helix3 Pro is a unique tool necessary for every computer forensic tool kit! Get the only tool with a Live and Bootable side for your investigation needs.
- A multi-platform LIVE side for three environments; Mac OS X, Windows and Linux with one simple to use interface
- Make forensic images of all internal devices
- Make a forensic image of physical memory (32 and 64 bit)
- Determine if disk level encryption is turned on
- A bootable forensically sound environment to boot any x86 system Several open source forensic applications to assist with data analysis including cell phone analysis
- Make forensic images of all devices
- Search filesystems for specific file types (i.e. Graphic files, Document files, etc)