Forensic Explorer

Forensic Explorer is a tool for the preservation, analysis and presentation of electronic evidence.

Forensic Explorer combines a flexible graphic user interface (GUI) with advanced sorting, filtering, keyword searching, previewing and scripting technology. It enables investigators to:

Manage the analysis of large volumes of information from multiple sources in a case file structure;
Access and examine all available data, including hidden and system files, deleted files, file and disk slack and unallocated clusters;
Automate complex investigation tasks;
Produce detailed reports; and,
Provide non forensic investigators a platform to easily review evidence.

Recommended Requirements:

Intel® Core i7 CPU
8 GB of RAM

Developed for Win 7 and 8.
32Bit (runs on 32 and 64 bit PCs). Full 64 bit version coming soon.

Supported File Formats

Forensics Explorer supports the analysis of the following file formats:

DD or RAW;
EnCase® (.E01, .L01, Ex01);
FTK® (.E01, .AD1 formats);
Forensic File Format .AFF
SMART®
ISO (CD and DVD image files);
VMWare®
ProDiscover®
Microsoft VHD
Apple DMG

Supported File Systems

Forensic Explorer supports analysis of:

Windows FAT12/16/32, exFAT, NTFS,
Macintosh HFS, HFS+
EXT 2/3/4
Hardware and Software RAID: JBOD, RAID 0, RAID 5

Email Analysis Formats

Email module supports the analysis of .PST files.

The Index Search module (DTSearch) supports the index and keyword search of .PST files.

Key Features:

Customizable Interface: The forensic explorer interface has been designed for flexibility. Simply drag, drop and detach windows for a customized workspace. Save and load your own workspace configurations to suit investigative needs.

International Language Support: Forensic Explorer is Unicode compliant. Investigators can search and view data in native language format such as Dutch or Arabic.

Complete Data Access: Access all areas of physical or imaged media at a file, text, or hex level. View and analyze system files, file and disk slack, swap files, print files, boot records, partitions, file allocation tables, unallocated clusters, etc.

Fully Threaded Application: Run multiple functions and scripts in threads.

Multiple Core Processing: Maximize PC processors for intensive functions like keyword searching, data carving, hashing, signature analysis.

Powerful Pascal Scripting language: Automate analysis using a provided script library, or write your own analysis scripts. Automate tasks such as:

Run skin tone analysis on graphics files;
Extract user, hardware system information from the registry;
Locate and analyze transcripts from Internet chats; etc.

Data Views: Powerful data views including:

File List: Sort and multiple sort files by attribute, including, extension, signature, hash, path and created, accessed and modified dates.
Disk: Navigate a disk and its structure via a graphical view. Zoom in and out to graphically map disk usage.
Gallery: Thumbnail photos and image files.
Display: Display more than 300 file types. Zoom, rotate, copy, search. Play video and music.
Filesystem Record: Easily access and interpret FAT and NTFS records.
Text and Hexadecimal: Access and analyze data at a text or hexadecimal. Automatically decode values with the data inspector.
File Extent: Quickly locate the location of files on disk with start and end sector runs.
Byte Plot and Character Distribution: Examine individual files using Byte Plot graphs and ASCII character distribution.

Quickly flag or bookmark files of interest

Categorize and Custom Filter:

Filter any list view to show folders and files that match a set criteria. Script your own filters.
Display files in Categories view where files are grouped by extension, signature, attribute, etc.
Quickly flag files of interest.

RAID Support: Work with physical or forensically imaged RAID media, including software and hardware RAID, JBOD, RAID 0 and RAID 5.

Hashing: Apply hash sets to a case to identify or exclude known files. Hash individual files for analysis.

Keyword search: Sector level keyword search of entire media using RegEx expressions.

Keyword index: Built in DTSearch index and keyword search technology.

Bookmarks and Reporting: Add case notes to identify evidence and include case notes in a custom report builder.

Data Recovery and Carving: Recover folders, files and partitions. Use an inbuilt data carving tool to carve more than 300 known file types or script your own.

File Signature Analysis: Forensic Explorer can automatically verify the signature of every file in a case and identify those mismatching file extensions.

Registry analysis: Open and examine Windows registry hives. Filter, categorize and keyword search registry keys. Automate registry analysis with RegEx scripts.

Shadow Copy analysis: Easily add and analyze Shadow Copy Volumes.

Part No:
AP-FOREXP

REQUEST A QUOTE

First Name(required)

Last Name(required)

Email address(required)

Agency(required)

Phone Number

Street Address (required if requesting a quote)

City

State

Zip Code

What's the best way to contact you?

Phone

SKU/Part Number of Order
(If ordering different products, please list additional products below.)(required)

Quantity(required)

Further Questions / Product Listings

This field should be left blank

Please wait...