Email Us : info@sfyh.com

Smart Computer Forensic System For Quick Crime Case Investigation

Automatic analysis and parallel forensics enable to set different strategies and conduct digital investigation on hard disks efficiently. With essential functions such as system and user artifacts, messenger & mail parser, deleted
data & signature recovery, hash verification, etc.

Facebook Twitter Pinterest LinkedIn 分享

1. One-Click Forensic

Forensics Master is the most easy-to-use forensic analysis software. Investigators can acquire common artifacts from source drive by a three-step operation (Create Case->Add Source->OneKey Forensic).

• System Artifacts: Automatically parse Windows system information, involving OS, network configuration, installed application, services, etc.

• Application Artifacts: Search and acquire application artifacts automatically, including Windows Prefetch, registry UserAssist (ROT13 decryption),Windows search items, thumbnail artifact, printer artifacts (SPL), etc.

• USB Artifacts: Analyze system and application program artifacts; acquire USB usage records.

• Recycle Bin Artifacts: Extract user artifacts and deleted files in the Recycle Bin.

• Web Browser Artifacts: Acquire web history from Internet Explorer, Google Chrome, FireFox, 360, Maxthon, Opera, and other Internet browsers.

• Instant Messaging Artifacts: Load chat logs of Yahoo, Skype, MSN, and other IM programs without password.

• E-Mail Artifacts: Parse Outlook Express(DBX), Office Outlook(PST) and Foxmail (IND,BOX) and e EML compound files; recover deleted items from Outlook Express (DBX) and Foxmail (BOX).

• Anti-Forensic Detection: Search for anti-forensic applications and encryption applications (executable files),including Steganography tools, common encrypted files (Zip,Office, RAR, PDF,etc.) and containers (Private Disk, TrueCrypt, PGP Disk).


2. File System and Image Format Supported

• Disks: Support static disk, dynamic disk, MBR & GPT partitioned disks.

• File system: Support FAT12, FAT16, FAT32, exFAT, NTFS, CDFS, UDF, Ext2/3/4, HFSX/HFS+ file system; recover deleted files from FAT, NTFS, Ext2, and HFSX/HFS+ file system.

• Image Format: Acquire evidence to E01, DD, 001, and L01 image files; support VHD, VMDK, ISO, and AFF virtual machine disk image files.

3. File View Files

• Support fast view file especially pictures

4. Other Features

• Simple keyword search, support most common codepages. Support fragmented email keyword searching (automatic keyword base64 conversion) and regular expression (like GREP).

• Support signature-based file recovery, formatted partition data recovery (like EnCase –Recover Folders) including FAT,NTFS,exFAT file system.

• Support video frame division,including AVI, WMV,ASF,RM,RMVB,etc.

• Parse Windows Event Logs and IIS logs.

• Verify file signatures and search for suspect files automatically.

• MD5, SHA-1, SHA-2 hashing for whole drive or single files.

• Perform forensic analysis in unallocated clusters, Pagefile.sys, and Hiberfil.sys.

• Generate analysis reports automatically.


Next Product
Prev Product
Product Tags computer forensics          digital forensics vs computer forensics          computer forensic technology          computer forensics procedures          computer forensics engineer          computer forensics apprenticeships          computer forensic agent          computer forensics tulsa          mi5 computer forensics         

INQUIRY

Contact us for all information about the product

click here to leave a message
leave a message
If you are interested in our products and want to know more details,please leave a message here,we will reply you as soon as we can.