CAINE is an Ubuntu Linux based distribution specifically designed for computer forensics, it comes with Autopsy by default creating a very friendly environment for the user. ProDiscover Forensic is that Computer/Cybersecurity tool which can enable the professionals to locate all the data from a particular computer storage disk and also simultaneously protects the evidence and creates the documentation report used for legal orders.
| Computer Forensic Software for Windows |
In the following section, you can find a list of NirSoft utilities which have the abilityto extract data and information from external hard-drive, and with a smallexplanation about how to use them with external drive.
Be aware that these tools were released as freeware, and thus my ability to support Forensic examiners is very limited. If there will be enough demand from forensics examiners/companies,it's possible that I'll provide an option to purchase a forensic license for my software with more support and improved usability to easily extract data from external disks.
This Forensic utilities list is still under construction. More will be added soon.
In order to decrypt the data stored inside Credentials file on external drive, you have to know the login password of the user. In the 'Credentials Decryption Options' window, you have to choose the 'Decrypt Credentials files of any system' option and then choose the drive letter of the external disk, click the 'Automatic Fill' button to automatically fill all other folders needed to decrypt the Credentials files. |
Windows operating system stores the following information inside 'Windows Vault':
|
In order to decrypt the DAPI data stored on external drive, choose the 'Decrypt DPAPI data from external drive or another user' option in the 'DPAPI Decryption Options' window, choose the drive letter of the external drive and then click the 'Automatic Fill' button to automatically fill all other folders needed to decrypt the DPAPI data.You may also need to provide the logon password of the user if the password was used to decrypt the data. DataProtectionDecryptor can read the DPAPI data for decryption from files or from text you type in hex-dump format (For example: 01 00 00 00 D0 8C 9D DF 01 15 D1 11 8C 7A 00 C0 4F C2 97 EB.... ) |
Notice:In order to insure that the date/time values are always accurate, the time zone settings in the computeryou run IEHistoryView must be the same as the time zone settings of Windows in the inspected external hard-drive. |
IECacheView.exe -folder 'C:Documents and SettingsAdministratorLocal SettingsTemporary Internet Files' /stab c:tempcache.txt |
iepv.exe /external 'C:Documents and Settingsadmin' 'MyPassword' |
In order to get the contacts list of Windows Live Messenger from external drive:
|
Reliable Digital Forensics
At the core of all digital forensics is the ability to do a comprehensive examination of a computer. E3:P2C provides a reliable and comprehensive look at computer forensics with analysis engines that process data from a large variety of sources such as email, instant messaging, file system artifacts, etc. Paraben has continued to focus on the core needs of every digital forensic examiner to provide innovative approaches to the processing and review of computer-related data.
E3:P2C solid computer forensics with a company you can trust.
The E3 Forensic Platform seamlessly adds a large variety of evidence into a single interface to be able to search, parse, review and report on the digital data from most digital sources.
Computer processing can be done from access to local devices both logically or physically or through forensic images. Full triage can be done without processing through the entire file system, saving you time.
File System Forensics
The foundation of digital forensics started with file system examination and being able to put together the pieces of the data that lived in that system. The E3:P2C software allows the examination or a variety of different file systems with more being added as they release.
Data Triage
When dealing with larger and larger data sets it is critical to be able to quickly triage the drive and get an overview of what was happening. With the artifact processing, you have a valuable quick insight into items such as last login, email accounts, recent documents, windows searches, attached media, and so much more. With dozens of artifacts supported that process in minutes you can see where your investigation needs to go.
Data Carving
The E3 Forensic Platform Sorter is designed to break down the data to be examined by the header for quick reference to find specific items such as spreadsheets, graphics, etc. Each Sorter category brings you closer to finding the needle in the haystack.
Full Text Indexing
Searching through Terabytes of data can be daunting, but when using the full-text indexing power inside the E3 Forensic Platform you are able to process through Boolean, GREP, and list searches quickly and effectively. Multi-lingual searching options are also available for over 150 different languages.
Cloud Forensics
Cloud data has become an increasing problem in digital forensics with traditional collection techniques not working. Paraben’s approach to the cloud allows for the best possible collection options and practices while maintaining the evidence.
Best Free Computer Forensic Software
Office365
As the most common office platform in the world you can gain a lot of insight by dealing with Office365 data with direct cloud acquisition functions for email. This data can be captured and reviewed inside the E3 Forensic Platform.
GSuite
When dealing with GSuite and the associated data with credentials the E3 Forensic Platform has you covered. With the ability to collect directly from the cloud or to review the data collected with a GoogleTakeout archive the review of the data is as easy as 1-2-3.
Slack
As one of the more popular business management platforms in the world, the wealth of data that can be captured in Slack allows you to see inside an organization under investigation.
Email Investigations
Email is still the primary method of communication for most of the planet so there is no surprise on how valuable that data is when it comes to an investigation. Whether you are looking at it with a computer investigation or with eDiscovery and only reviewing email the E3 Forensic Platform has everything you need to process all types of email archives from local stores, network stores, and cloud stores.
Local Email Archives
There is always something new with email archives and Paraben prides itself on the support of one of the largest collections of mail types.
Local email supported:
- Microsoft Outlook (PST & OST)
- Windows 10 Mail
- Office365 Email
- Microsoft Outlook Express
- Windows Mail Email
- The Bat!
- America Online (AOL)
- Mozilla Thunderbird
- Eudora
- Email Files (EML)
- Maildir Database
- 750+ Mime Formats
Network Email Archives
You never know what type of network mail you will encounter so the E3 Forensic Platform has you covered.
Optimization of Data
Best Computer Forensics Software
When working through email it is important to have the full header and details associated with the archives. The E3 Forensic Platform provides that data as well as the ability to optimize the information and refine it to exactly what you are looking for and even export it out to a new PST file.
Internet Data
With everyone relying on data they get online it is no big surprise that the E3 Forensic Platform has powerful capabilities when it comes to the review and analysis of internet-related data.
Internet History
Quickly and easily review the internet history data from popular browsers through the E3 Platform. Data from browsers can be located in the triage view of the E3 Platform for quick access without the need to process through the entire file system.
Cookies
Gathering artifacts such as the cookies allows you to see where the suspect spent their time with other data such as autofill items and logins you have the path to their activities online.
Unique Artifacts
There are so many places that data can hide in a file system. Knowing your tool looks in the harder to find locations to get data that can help you is part of why the E3 Forensic Platform is such a great foundation tool.
Messaging Investigations
Best Computer Forensic Software
As telecommuting becomes more and more common the ability to investigate the communications done within different messaging platforms is paramount for an investigator.
Cloud Storage
Quick triage to tell you if the device you are investigating is connected to the cloud or not is essential with more and more data moving to the cloud. The E3 Forensic Platform processes these data clues as part of the Data Triage functions.
Windows Searches
If you have ever wondered if Windows is listening, she is. Cortana has become one of the world’s most popular AI and has brought in new levels of forensic evidence with the recordings of her requests. Find these valuable artifacts easily with the E3 Forensic Platform triage functions.
Reporting & Review
There is nothing more important than showing off all the hard work that goes into the investigation. The reporting options in the E3 Forensic Platform are top of the class when it comes to being clear, concise, and kick ass. There are different report types depending on what type of data you have to share so take a look at the options.
Data review is easy with the E3 Forensic Platform with E3:Viewer you get all the analytic powers of E3 built into a read-only viewer. You even get all the reporting options. Work in scaled teams and with others easily with E3. The E3 Viewer is sold separately or included with E3:Universal.
- Mobile Data Imaging (Logical & Physical)
- JTAG & Chip Dump Processing
- Chip Bypass Acquisitions
- Android Root Imaging
- Jailbreak Processing
- Cloud Data Processing (Office365, Amazon Alexa, G-Suite, Twitter)
- IoT Data Processing (DJI Drone, Fitbit, Smartwatches)
- 5+ Reporting Options (Localization with Reports)
- File System Parsing
- Windows Artifact Processing
- Local Email Processing
- Network Email Processing
- Internet Data Processing
- Registry Data
- Mobile Data Imaging (Logical & Physical)
- JTAG & Chip Dump Processing
- Chip Bypass Acquisitions
- Android Root Imaging
- Jailbreak Processing
- Cloud Data Processing (Office365, Amazon Alexa, G-Suite, Twitter)
- IoT Data Processing (DJI Drone, Fitbit, Smartwatches, Xbox)
- 12+ Reporting Options (Localization with Reports)
- File System Parsing
- Windows Artifact Processing
- Local Email Processing
- Network Email Processing
- Internet Data Processing
- Registry Data
- Cloud Data Processing (Office365)
- IoT Data Processing (Xbox)
- 8+ Reporting Options (Localization with Reports)
- Data Carving & Sorting
- Keyword Searching
- Full-Text Indexing
- OCR Scanning
- Variety of file viewers
- SQLite Processing
- Bookmarking
- Hash Database Filtering
- Emoji & Emoticon Searching
- Built-in Python Scripting
- Online Training
- First Year Subscription Included
sales@3.138.236.108
+1 (801) 796 0944
PO Box 277 Aldie VA 20105
471 S 10th Avenue Gruetli Laager TN 37339