Lesson 5, Topic 2
In Progress

Proprietary Forensics Tools for Microsoft Windows

Lesson Progress
0% Complete

Proprietary Microsoft Windows Forensics Tools

Guidance Software Encase Forensic

Guidance Software markets their forensics offering, EnCase Forensic 7, as the global standard in digital investigation technology for forensic practitioners who need to conduct efficient, forensically-sound data collection and investigations using a repeatable and defensible process.  The product is sold with a promise to rapidly acquire data from the widest variety of devices, help with unearthing potential evidence with disk-level forensic analysis, produce comprehensive reports on your findings and maintain the integrity of your evidence in a format the courts have come to trust. For further details and evaluation, please visit the website below.



Paraben P2 Commander

Paraben markets their P2 Commander as a comprehensive digital investigation tool with over ten years of court-approved use by forensic examiners. In addition to standard computer forensics ability, P2 Commander claims to specialize in email analysis, chat analysis, registry analysis, Internet file analysis and pornography detection. It claims advanced features like Data Triage analysis and file sorting along with comprehensive reporting and a case audit trail to give investigators everything they need to present their findings in a repeatable and visually pleasing way. For further details and evaluation, please visit the website below.



Technology Pathways ProDiscover Forensics

ProDiscover markets their forensics offering, Prodiscover Forensics, as a key tool for effective computer forensic analysis. They claim ProDiscover Forensics reads the disk at the sector level which is the least intrusive approach that allows you to examine the files without altering any valuable metadata such as last time accessed. ProDiscover® Forensics helps to recover deleted files, examine slack space and access Windows Alternate Data Streams including allowing you to preview, search and image the Hardware Protected Area (HPA) of the disk utilizing their patent pending process. It offers an extensive on-line help capability and easy to use GUI interface that allows a quick start. For further details and evaluation, please visit the website below.



X-Ways Forensics

X-Ways Forensics markets itself as an advanced work environment for computer forensic examiners  that runs under Windows XP/2003/Vista/2008/7/8*, 32 Bit/64 Bit. X-Ways Forensics claims to be more efficient to use after a while, often runs faster and projects itself as not as resource-hungry as some of its competitors. The low cost makes it a very viable proposition for enterprises on shoestring budgets. X-ways Forensics offers an efficient workflow model where computer forensic examiners can share data and collaborate with investigators that use X-Ways Investigator, another product by the same company.

For further details and evaluation, please visit the website below.



Access Data FTK

Access Data market their product, Forensic Toolkit also known as FTK, as a court-accepted digital investigations platform built for speed, stability and ease of use. It claims to provide comprehensive processing and indexing up front, so filtering and searching is faster than with any other product. It supports massive data sets owing to its database-driven, enterprise-class architecture claiming stability and processing speeds. The latest release boasts capabilities such as data visualization for automated graphical timeline construction and social analysis, Explicit Image Detection (EID), addition of Access Data’s proprietary Cerberus Malware Triage & Analysis to Forensic Toolkit and a trial 30 day license for MPE+ Essential, Access Data’s tool for iOS and Android devices. For further details and evaluation, please visit the website below.



Belkasoft Evidence Center

Belkasoft claims their Evidence Center makes it easy for an investigator to search, analyze, store and share digital evidence found on the hard drive or the computer’s volatile memory. The toolkit is marketed to have the capability to extract digital evidence from multiple sources by analyzing hard drives, volatile memory dumps, iOS, Blackberry and Android backups. Evidence Center also claims to help investigators quickly locate and analyze information found in social network remnants, instant messenger logs, Internet browser histories, mailboxes of popular email clients, peer-to-peer data, multi-player game chats, office documents, pictures, videos, encrypted files, mobile backups and system and registry files. For further details and evaluation, please visit the website below.