News

Forensic Explorer News and Reviews

» 2013-08-02 - Sydney, Australia - Fast Shadow Copy Access with Forensic Explorer


Australian software company GetData Forensics adds Volume Shadow Copy analysis to Forensic Explorer.

“Volume Shadow Copies are a potential gold mine for the forensic investigator” said GetData Managing Director John Hunter. “Until recent times they have often been overlooked due to difficulty of access. Forensic Explorer changes this”.

The Volume Shadow Copy Service (VSS), introduced in Windows Vista, creates a differential backup of the contents of an NTFS drive. Shadow copies are automatically created by Windows at regular intervals, but they can also be created by installation of third party software, or manually by the user. By examining a Shadow Copy it is possible to view previous versions of a file or directory. Forensic Explorer offers a simple two click process to select and mount one or more shadow copy restore points. An entire shadow copy volume can be mounted, or only those files that are different to the existing file system. A simple color coding system means that different versions of the same document can easily be identified. It is also likely that shadow copies contain deleted files which are no longer present in the existing file system. Shadow copy analysis can truly give access to data that may otherwise be missed. “We are excited to see how Forensic Explorer users put shadow copy analysis to task in their cases” said Hunter. “We are continuing to develop techniques to best visualize this important data in the context of a case”.

Forensic Explorer is available for evaluation at http://www.forensicexplorer.com

==ENDS==

» 2013-05-23 - Orlando, Florida, USA - Forensic Explorer Release

GetData Release "Forensic Explorer" Computer Forensics Software

GetData Forensics has announced the release of its computer forensics analysis software, Forensic Explorer. With an easy to use interface and a strong forensic tool set, Forensic Explorer offers investigators a cost effective but powerful alternative to current industry tools.

Established in 2002 by former law enforcement officers, GetData is already known in the computer forensics community for Mount Image Pro and Recover My Files. “With our investigations background, a forensic analysis tool is a natural progression for our software” said Director John Hunter.

Forensic Explorer supports the analysis of all common forensic image formats, including the latest Ex01, Lx01 and AD1 image files. It can be used to examine FAT, NTFS, HFS and EXT file systems.

With modules for file system analysis, email, keyword search, registry and bookmarking, Forensic Explorer has the essentials. It also integrates DTSearch® keyword indexing technology and Digital Metaphors Report Builder® for automated reporting. Data carving is a clear strength of the program, with out-of-the-box support for more than 300 file types.

The flexibility of Forensic Explorer comes in its strong scripting platform. The user has access to customize many aspects of the program including menus, columns and filters. A comprehensive library of scripts is provided which includes skin-tone, entropy and GPS co-ordinate extraction.

The release price of Forensic Explorer is $999 per license. Bundled with Mount Image Pro and backed with a maintenance schedule that includes major version releases, it offers forensic investigators value for their investment.

An evaluation version is available for download from www.forensicexplorer.com. “We want to give the end user every opportunity to fully road test the software prior to their purchase decision. Forensic Explorer is the culmination of many years development and we are excited to put it into the hands of investigators” said Hunter.

For more information or to download an evaluation version visit http://www.forensicexplorer.com

Forensics Mexico: Introducción a Forensic Explorer de GetData

GetData Debuts Forensic Explorer Embedding dtSearch