Product Origin:
China1. One-Click Forensic
Forensics Master is the most easy-to-use forensic analysis software. Investigators can acquire common artifacts from source drive by a three-step operation (Create Case->Add Source->OneKey Forensic).
• System Artifacts: Automatically parse Windows system information, involving OS, network configuration, installed application, services, etc.
• Application Artifacts: Search and acquire application artifacts automatically, including Windows Prefetch, registry UserAssist (ROT13 decryption),Windows search items, thumbnail artifact, printer artifacts (SPL), etc.
• USB Artifacts: Analyze system and application program artifacts; acquire USB usage records.
• Recycle Bin Artifacts: Extract user artifacts and deleted files in the Recycle Bin.
• Web Browser Artifacts: Acquire web history from Internet Explorer, Google Chrome, FireFox, 360, Maxthon, Opera, and other Internet browsers.
• Instant Messaging Artifacts: Load chat logs of Yahoo, Skype, MSN, and other IM programs without password.
• E-Mail Artifacts: Parse Outlook Express(DBX), Office Outlook(PST) and Foxmail (IND,BOX) and e EML compound files; recover deleted items from Outlook Express (DBX) and Foxmail (BOX).
• Anti-Forensic Detection: Search for anti-forensic applications and encryption applications (executable files),including Steganography tools, common encrypted files (Zip,Office, RAR, PDF,etc.) and containers (Private Disk, TrueCrypt, PGP Disk).
2. File System and Image Format Supported
• Disks: Support static disk, dynamic disk, MBR & GPT partitioned disks.
• File system: Support FAT12, FAT16, FAT32, exFAT, NTFS, CDFS, UDF, Ext2/3/4, HFSX/HFS+ file system; recover deleted files from FAT, NTFS, Ext2, and HFSX/HFS+ file system.
• Image Format: Acquire evidence to E01, DD, 001, and L01 image files; support VHD, VMDK, ISO, and AFF virtual machine disk image files.
3. File View Files
• Support fast view file especially pictures
4. Other Features
• Simple keyword search, support most common codepages. Support fragmented email keyword searching (automatic keyword base64 conversion) and regular expression (like GREP).
• Support signature-based file recovery, formatted partition data recovery (like EnCase –Recover Folders) including FAT,NTFS,exFAT file system.
• Support video frame division,including AVI, WMV,ASF,RM,RMVB,etc.
• Parse Windows Event Logs and IIS logs.
• Verify file signatures and search for suspect files automatically.
• MD5, SHA-1, SHA-2 hashing for whole drive or single files.
• Perform forensic analysis in unallocated clusters, Pagefile.sys, and Hiberfil.sys.
• Generate analysis reports automatically.
Critical evidences are hidden under surveillance video. However, formatting, over written or system crash causes data losing. Recovery Master supports to recover data that was lost on surveillance video, in addition to recovery of various formats of data. Such as data from computer, cellphone.
A portable and highly-integrated computer forensics equipment. High performance such as disk duplication rate up to 39GB/min. Customizable forensics workflows of disk duplication, analysis and OS emulation.
Enable disk duplication, imaging OS emulation, data recovery and analysis. Help investigator to duplicate large amounts of data in a short time. Bundled with forensics analysis software.
A password recovery solution with a combination of software and hardware. Unprotect disks and systems, decrypt files and documents. Easy to use and with the fastest numeration speed and the most extensibility.
A multi-task clone device which can complete disk-to-disk & disk-to-image duplication. Support hash verification, data wiping, image-to-disk recovery and 3-to-3 disk duplication.
Hardware-level write-blockers to secure forensically sound and fast digital investigation on various storage media. Compatible with forensic acquisition and analysis software. Plug & play without extra power supply.
Data-destroying devices for various storage media. It allows concurrent data destruction by 12 channels of storage media.
One of the fastest acquisition devices with parallel acquisition technology, which can speed up to 50 GB/min. Designed for online/offline data acquisition from irremovable storages like servers, laptops, pads and all-in-one computers by four transfer channels.
【MEDAS】Mass Email Deep Analysis System
A password recovery solution with a combination of software and hardware. Unprotect disks and systems, decrypt files and documents. Easy to use and with the fastest numeration speed and the most extensibility.
【MEDAS】Mass Email Deep Analysis System
Critical evidences are hidden under surveillance video. However, formatting, over written or system crash causes data losing. Recovery Master supports to recover data that was lost on surveillance video, in addition to recovery of various formats of data. Such as data from computer, cellphone.
