Computer Forensic Products

AD eDiscovery

 
Litigation Hold
  • Easy-to-use and wizard-driven.
  • Hold notifications can include documentation, interview questions, notification to other required entities.
  • Real-time hold status.
  • Comprehensive reporting.

Collection

  • Collect from workstations, laptops, network shares, email servers, databases, 30+ structured data repositories and the web including: (Google Docs, Exchange 2003/2007/2010, Exchange Pre-index, SharePoint 2003/2007/2010, Oracle URM, FileNet, Opentext, Documentum, Office 365 SharePoint, Xerox Docushare, IMAP & POP email, Symantec EV (journal/archive/files), websites, both Domino (Lotus) inbox and filtered, and others)
  • Collect all custodian data (even when custodian is off-network) or perform a targeted collection.
  • Perform incremental collections on data that has changed since a previous collection or pick up where an interrupted collection left off.
  • Reuse & associate collections with multiple cases.

AD Enterprise

 
AccessData® Enterprise takes network-enabled digital investigations to the next level. Built on our industry-standard, court-accepted Forensic Toolkit® technology, AD Enterprise delivers state-of-the-art incident response and deep dive analysis of both volatile and static data. An intuitive incident respone console, secure batch remediation, unsurpassed searching and filtering, and comprehensive logging and reporting are just a few of the reasons AD Enterprise is the investigative tool of choice among government agencies and Fortune 500 companies.

The ability to forensically analyze multiple computers across your enterprise simultaneously is critical when performing root cause analysis and internal investigations. Furthermore, proactive use of this technology allows you to detect threats that have circumvented the typical signature-based tools, such as antivirus, intrusion detection and other alerting systems.

  • Detect, Analyze and Remediate Malware, Advanced Persistent Threats and Zero-Day Events
    Proactively or reactively scan thousands of computers identify rogue processes (even those that are hidden) and anomalous activity. Analyze the compromise to understand how it operates, conduct a network-wide compromise assessment to identify all affected nodes AND remediate all compromised computers from a central location.
  • Detect and Stealthily Investigate Fraud, Data Theft and Other Employee Misconduct
    AD Enterprise gives you visibility into all activity on your employee computers, network shares and peripheral devices. Investigative tasks will continue to be performed, whether suspect employees are logged into your network or not…. whether they are online or not… and information will be sent back to you every time they go online.
  • Facilitate Regulatory Compliance
    Visibility into desktops, laptops, peripheral devices and network shares allows you to maintain compliance with regulations, such as Sarbanes-Oxley, PCI requirements, HIPAA, FISMA, and internal policies.
  • Detect and Quickly Respond to Unapproved Application Use
    Scan thousands of machines for unapproved processes, and if policies allow, IT personnel with the proper credentials can simply right-click to kill a specific process or schedule a batch remediation to quickly remediate thousands of computers running unapproved or unknown applications.

AD Triage

 
AD Triage is an easy-to-use forensically sound triage tool for the on-scene preview and acquisition of computers that are live or have been shut down. Built on FTK technology, AD Triage is ideal for users who are inexperienced with computer forensics software, but need to preserve evidence in the field. Now, forensic examiners and non-forensic personnel alike can acquire volatile and all or targeted hard drive data from a system in just minutes. It’s a great option for corporate and government teams who often need to acquire data from live or dead boxes for internal investigations, FOIA or even subpoenas. Law enforcement officers can preserve evidence securely without having to wait hours for a forensics expert to arrive on scene. Finally, attorneys, paralegals and litigation support personnel can easily preserve ESI for the purposes of e-discovery when handling smaller legal matters.

Using AD Triage you can preview the file system and target data by criteria, including keyword(s), hash, regular expression, file size, date and time, extensions, file path and illicit images. In addition, users can collect network and system information, as well as live memory. It allows you to acquire the full disk, a volume, or peripheral devices, saving data to a USB device, an external hard drive and export the data to a designated location on the same network. You can preconfigure your AD Triage device to automatically acquire only the data you’ve selected, allowing inexperienced users to safely and effectively use the tool. Or experienced forensic examiners can use AD Triage in manual mode for true triage at the scene.

AD Lab

 
Computer Forensics Software Solutions to Ease the Burden on Digital Investigations Labs Everywhere

AccessData® enables computer forensics labs of all sizes, facing an array of challenges, to work more effectively. A single-person lab can radically speed up the processing of cases with the four-worker distributed processing available with FTK®. Computer forensics labs handling a greater number of cases with larger data sets benefit significantly from the distributed processing and collaborative analysis capabilities found in FTK Pro. Finally, large labs handling massive data sets, utilizing a distributed workforce, or looking to collaborate with attorneys, HR personnel or other non-forensic parties can step up to AccessData Lab. AD Lab adds powerful and intuitive web-based review functionality, expanded distributed processing capabilities with a centralized processing farm, and a centralized database infrastructure. Regardless of the size, scope or mission of your computer forensics lab, AccessData has a solution that will meet your needs.

AntAnalyzer – Forensic Workstation

 
Enterprise Edition:

– Computer Case
5.25″ Drive Bay 7 Exposed (without the use of exposed 3.5
3.5″ Drive Bay 4 ( Hidden ) ; 1 Exposed (converted from one 5.25
I/O Panel USB 2.0 x 4, IEEE 1394 x 1, Audio x 1, SPK x 1, eSATA x 1
Cooling Bottom fan ( intake ) :120 mm x 1, 1200 rpm, 22 dBA (included)
Steckkarten-Plätze 7

– Power Supply
1200W Modular Power Supply ATX, EPS12V, PS/2

– Mainboard
1. Dual socket R (LGA 2011) supports Intel® Xeon® processor E5-2600
2. Intel® C602 chipset; QPI up to 8.0GT/s
3. Up to 512GB DDR3 1600MHz ECC Registered DIMM; 16x DIMM sockets
4. Expansion slots: 3x PCI-E 3.0 x16, 2x PCI-E 3.0 x8 & 1x PCI-E 3.0 x4 (in x8)
5. Intel® i350 Dual port GbE LAN
6. 8x SATA2 and 2x SATA3 ports
7. 4x USB 3.0 and 7x USB 2.0 ports

– CPU
2x XEON E5 Series 2,4GHz 20MB Cache aktive Intel Termal Solution Six Core & HT
– RAM 64GB or up to 512GB 
8 x 8GB 1333MHZ DDR3 ECC REG W/PA 

– HDD-Intern*
2 x 256GB SSD’s (System)
5 x intern 2TB SATA-III Workstation Edition or 1 TB Enterprise SAS 6GB/s Hard Drives
Data RAID 5 via Adaptec RAID battery powered Controller 1 Hotspare
1 x 5xSATA/SAS Backplane

– HDD Tray
3x SAS/SATA screwless hot-swap tray for additional hard disk drives

– Graphic Board
GF GTX 1024MB GDDR5 PCI-E DVI M-HDMI DX11

– Optical Drives
DVD BluRay -DVD BluRay Writer – SATA
– Controller
1 x PCI-Express USB 3.0
1 x RAID Controller 8x 512MB PCI-E Battery powered

– Forensic-Bridge
T35689iu Forensic SATA/IDE/SAS/USB/FireWire Combo Bridge, incl. “Ice Bay HDD Cooler” and all cables and adapters

– Forensic Card Reader 
Compact Flash Card (CFC) – MicroDrive (MD) – Memory Stick Card (MSC)
Memory Stick Pro (MS Pro) – Smart Media Card (SMC) – xD Card (xD)
Secure Digital Card (SDC and SDHC) – MultiMedia Card (MMC)

– In/Output
Keyboard/Mouse Kit

– Software
Windows 7 Ultimate 64-bit, Forensik Software: TIM (Tableau Imager, FTK Imager, Tableau Disk Monitor)

Tested and certified for use with AccessData (FTK 4.x) & EnCase Forensic v7

– 36 months Warranty & Made in Germany –

F-Response Consultant Edition

 
The Consultant Edition of F-Response is our non-covert (GUI) version of F-Response uniquely designed around the needs of larger and geographically distant consulting or E-Discovery teams needing direct access to a wide array of potential target machines.

Using F-Response Consultant Edition and the F-Response Consultant Connector(FCC) investigators can connect to a virtually limitless number of remote target machines. F-Response Consultant allows you the examiner to obtain completely vendor neutral, write protected access to remote physical disks, logical volumes, and in some cases physical memory from over ten different remote operating system environments.
F-Response Consultant Edition also includes access to the F-Response Accelerator, a secondary connectivity tool allowing for an unlimited number of remote examiners.

Full Live Read-Only Access, No File Level Locking

F-Response provides direct, live, read-only access to the remote target computer’s disks, volumes, and in certain cases physical memory. Since all access is at the physical level there is no file level locking, F-Response gives you access to any and all content on the remote target, including protected system content (Registry files, Email PSTs, Database Files, etc).

F-Response Executable and Software
The F-Response Consultant functions as a single executable (“exe”) on the remote target computer that requires no drivers or installation components, as well as no reboot when deployed and started. In addition, the F-Response Consultant Connector was designed to use minimal resources and is highly portable, requiring only the minimum resources necessary to run Windows XP. F-Response Consultant is 100% Windows 7 validated and carries the Microsoft Windows 7 Validation logo.

F-Response Flexdisk™ Support
The F-Response Flexdisk™ (Patent Pending) is a web based disk access and representation tool. The Flexdisk™ uses standard web technologies (HTTPS/REST ) to provide direct access to the remote target machines Logical and Physical targets in both raw and logical format. The Flexdisk™ can be accessed and used from any modern web browser and also exposes a feature rich and extensible application programming interface (API) accessible from any system capable of making and interpreting web queries and JSON .

F-Response Targets and Platform Support
F-Response works with all RAID disks, physical drives, logical volumes, and physical memory (32 & 64 bit Windows). In addition, F-Response Consultant includes target executables for over ten (10+) operating system environments, including exotic hardware such as IBM AIX and HPUX. Furthermore based on its unique vendor neutral patented design, F-Response works with all Computer Forensics, eDiscovery and Data Recovery software packages, simply put, if your package reads from a hard drive, it will work with F-Response.

F-Response Scripting and Programming
F-Response Consultant Edition includes access to a fully scriptable COM Object capable of automating many of the F-Response Enterprise Management Console tasks from any programming environment that supports COM.

F-Response Enterprise Edition

 
The Enterprise Edition of F-Response is our covert service based (Non GUI) version of F-Response uniquely designed for consultants and internal corporate investigations.

F-Response Enterprise was designed from the ground up to for simplicity of operation. The F-Response Enterprise Management Console or FEMC for short enables investigators to perform any size network deployment to a virtually limitless number of remote target machines. F-Response Enterprise allows you the examiner to obtain completely vendor neutral, write protected access to remote physical disks, logical volumes, and in some cases physical memory from over ten different remote operating system environments.

F-Response Enterprise also includes access to the F-Response Accelerator, a secondary connectivity tool allowing for an unlimited number of remote examiners as well as optional HIPAA compliant and industry standard AES 256-bit Encryption for connections to almost all supported target platforms.

F-Response Enterprise deployment and connectivity was designed to be covert and efficient allowing the investigator to access multiple machines quickly without concern for alerting the end user.
Best of all, F-Response Enterprise is not licensed on a seat basis, one license of F-Response Enterprise provides unlimited client installations, unlimited target connections, and unlimited examiner connectionsfor one or three year(s).

F-Response Field Kit Edition

 
The F-Response Field Kit Edition is a value priced single user version of the F-Response patented software suite.
An F-Response Field Kit, when physically connected to the remote computer, will give you complete read-only forensically sound access to all the physical drives, logical volumes, and physical memory on that remote computer via the network.

Best of all the Field Kit is licensed for one year and priced at less than one typical hour of consulting time!

FTK ® – Forensic Toolkit ®

 
FTK is a court-accepted digital investigations platform that is built for speed, analytics and enterprise-class scalability. Known for its intuitive interface, email analysis, customizable data views and stability, FTK lays the framework for seamless expansion, so your computer forensics solution can grow with your organization’s needs.
In addition AccessData offers new expansion modules delivering an industry-first malware analysis capability and state-of-the-art visualization. These modules integrate with FTK to create the most comprehensive computer forensics platform on the market.

Cerberus
Cerberus is a malware triage technology that is available as an add-on for FTK 4. The first step towards automated reverse engineering, Cerberus provides threat scores and disassembly analysis to determine both the behavior and intent of suspect binaries.

Visualization
View data in multiple display formats, including timelines, cluster graphs, pie charts and more. Quickly determine relationships in the data, find key pieces of information, and generate reports that are easily consumed by attorneys, CIOs or other investigators.

Internet Evidence Finder

 
INTERNET EVIDENCE FINDER™ (IEF) v5.7 is the most comprehensive and easy to use version of IEF to date, helping you recover more data and save more time.

IEF is designed to help users in a range of fields conduct thorough, effective computer investigations while preserving the forensic integrity of the data. Used for a variety of investigations including cybercrimes, violent crimes, property crimes, white-collar crimes and street crimes, IEF has become the standard in digital forensic software.

IEF v5.7 features:

-Picture & Video Analysis 
– Carving/Parsing
– Skin Tone & Body Part Detection
– EXIF Data
-Chrome Incognito & Firefox Private Browsing History
-Carbonite & Google Maps Artifacts
-Web History Categorization
-Support for Ex01, Lx01 & L01 Images
-Dates and times now converted to local or specified time zone

IEF software mainstays include:

Single Search for 160+ Digital Artifacts
Search in 3 Easy Steps for Fast Results
Web Page Rebuilding
iOS Backup Support
Rich & Comprehensive Reporting

Robust Search & Dependable Results

IEF can recover more types of data than any other solution, which makes it more likely to uncover critical evidence. You can do a single search and find all Internet-related evidence without having to try keywords, manually carve data, or run individual scripts. It’s the closest thing to a “Find All Evidence” button.

With our patent-pending technology, IEF finds more forms of Internet artifacts and filters out false positives. IEF is able to recover data from not only deleted data, but also live RAM captures, which often hold vital evidence.

Accelerate Investigations & Reduce Case Backlog

With the ever-growing hard drive capacities and the explosive growth in both case loads and complexity, organizations and agencies of all kinds require an accurate and comprehensive solution for recovering data. IEF is a rapid automated solution that saves a tremendous amount of time and allows you to work on other parts of the investigation while it’s searching. It’s as straightforward as hitting search and coming back to a comprehensive report to review the results.

User Friendly

Both experienced and new forensic examiners/investigators find the IEF user interface flexible, intuitive and easy to use. And because its reporting options are as impressive as it analytical capabilities, producing professional reports for both internal or external audiences is equally simple and straightforward. Time is of the essence and that is why there is no complex configuration or setup.

The Gold Standard in Data Recovery

IEF is considered the defacto standard for the recovery of data and is used by thousands of the most prestigious national security agencies, law enforcement teams, and corporations around the world.

Court Admissible

The reporting feature that’s built into IEF provides the information examiners require to manually verify all results.

Media Clone

Belkasoft Evidence Center 2012

Please contact us for more
information and pricing
Belkasoft Evidence Center makes it easy for an investigator to search, analyze and store digital evidence found in instant messenger logs, internet browser histories, mailboxes of popular email clients, social network remnants, peer-to-peer data, multi-player game chats, office documents, pictures, videos, encrypted files and mobile backups.
Benefits
Belkasoft Evidence Center offers a number of important benefits making the product a perfect match for law enforcement, military, intelligence and business customers.
Forensically sound solution 
Does not alter or modify data on hard drives or disk images being investigated.
Comprehensive examination 
Discovers more than 230 types of artifacts, supporting all major IM’s, browsers, email clients, social networks, P2P and file transfer tools etc. Search includesVolume Shadow Copy and other special Windows areas.
Less missing evidence 
Looks for hidden data, searches unusual places and examines files in little-known formats to discover more evidence than ever.
Blazing fast operation
Analyzes information at the rate of disk data transfer.
Quick to learn and easy to use 
Designed to be usable in the field, Belkasoft Evidence Center is extremely easy to operate, and feasible even for single-incident investigations.
Usable in the field 
Portable edition can be plugged into any PC with no installation or configuration required.
Reports can be presented in court 
Generates clean and concise reports that can be presented to the court.
Recovers destroyed evidence 
Data carving allows locating evidence that was deleted, destroyed, or never stored on the hard drive at all (page file, hibernation file and live RAM analysis). Read more
Collaboration support 
Enterprise edition allows working on cases together with set permissions and centralized data storage.
Trusted solution 
Forensic investigators all over the world, Fortune 500 companies and multiple private security specialists use Belkasoft software. Customers include the FBI, the US Army, German police, and more than 500 government organizations from over 30 countries. More information
Less Missed Evidence
Belkasoft Evidence Center can locate a huge number of artifacts, retrieving user’s chats, communications, Web browsing and file sharing activities occurring in a wide range of software. These artifacts include:
All major office document types (Microsoft Office, OpenOffice, PDF, RTF)
All major 80+ instant messengers (Windows, Mac OS X and Linux)
All major Web browsers
All popular email clients
Major peer-to-peer (P2P) software
Social networks and cloud applications
Encrypted files detection
Popular online multi-player games
Still images and video files analyzed for pornography, faces and embedded text (e.g. scanned documents)
Mobile device backups (iPhone, iPad and Blackberry)

Major Features
Case Management
Evidence can be stored broken by cases.
Data Carving and Live Memory Analysis 
Recovers deleted and destroyed evidence as well as evidence stored in memory dumps, page and hibernation files. More on Live memory (RAM) analysis and page/hibernation file analysis
Industry standard
Mounts EnCase, SMART and DD images including Windows and MacOS drives. Integrated with EnCase v.7 and Passware Kit Forensic
Large case support 
Cases containing hundreds of gigabytes of evidence are supported
Easy collaboration 
Enterprise edition allows for multi-user simultaneous work
Persistent data analysis 
Analyzed data will be persistently stored in the database

NOTE: The list of features may vary between different editions of the product.

Compare Editions

CD/DVD Inspector

Professional software for intensive analysis and extraction of data from CD-R, CD-RW and all types of DVD media – including HD DVD and Blu-Ray.. Tailored for professionals in data recovery, forensics, and law enforcement. Building on the data recovery technology in CD/DVD Diagnostic™, it adds detailed displays and enhanced media search abilities, improving performance and usability. With the release of the 4.1 version, this is now the forensic tool you should be using. 

CD/DVD Inspector reads all major CD and DVD filesystem formats including ISO-9660, Joliet, UDF, HSG, HFS and HFS+. When the disc being examined contains more than a single filesystem, all filesystems found are displayed. Multiple filesystems are present for hybrid Macintosh/PC discs as well as for discs that are produced by DirectCD and other packet-writing software. DVD Video discs include both the UDF and ISO-9660 filesystem as well.

CD/DVD Inspector now includes a flexible report generator which can be tailored to your specific requirements. Over 50 separate data items can be selected for reports with output in direct to print, HTML, text file or CSV. With printed and HTML reports thumbnails can be included for pictures. Reports can be sorted by any data item included in the report.

Features
Flexible Report Generator
Reports can be produced for print, HTML, text file or CSV output with over 50 different data items selectable. An unlimited number of user-defined reports can be created.

Automated Media Collection
Put up to 300 discs at once in one of the supported Robotic Loader systems and it will automatically collect all content from every disc. Flexible reporting for each disc processed. Import the results directly into EnCase or FTK. Optionally photograph each disc as it is processed.

Complete CD Imaging
Now CD/DVD Inspector can create an image file containing all of the information required to completely process any disc in a set of two files. The first file contains the complete “raw” track data with all subchannels from a CD and all of the user sector data from all sessions on a DVD. The second file is in XML format and contains all of the information that CD/DVD Inspector has extracted from the various control structures on the disc and the file systems.

Transfer data collected to EnCase, FTK, etc.
Captures all files, even those not part of the directory structure (deleted or damaged)
One-step image collection from otherwise inaccessible CD or DVD discs.
Use of ‘hard links” minimizes size of the image file while retaining complete content of the disc.
Drag-and-drop a single file per disc
File scanning
“Inaccessible” discs files can be searched using scan specification syntax, including regular expressions.
Built-in Image Viewer
This tool identifies files containing graphic content (ART, BMP, GIF, JPEG, TIFF, etc.) independent of the file extension.
Supports RAW images from over 125 different digital cameras.
Low-level sector examination and scanning
Displays sectors in hexadecimal and character. It also scans all sectors of a disc for particular data For example, it locates an email address on a disc regardless of what file the mail may be in. This searches the complete disc, not just areas identified as belonging to files.
Data pane
Allows direct examination of the contents of files on the disc from the main window. The information can be displayed in either character or hexadecimal/character form. The data pane can be resized and scrolled as needed.
Disc Memory and Checkpoint
This feature eliminates lengthy re-discovery of the disc’s contents. Additionally, it allows for interruption of a disc examination and then resumption of that same examination at a later time. This is useful as some disc examinations can be lengthy, often taking more than 12 hours.
Intensive Disc Examination
Locates data on discs that has been dropped from the file system, either because of software glitches, deletion or user action. This is now done for all format discs.
Expanded Retry Capabilities
Permits users to select the level of automatic retries performed whenever a data error is encountered. This can make otherwise unreadable data sectors readable again. This allows the user to balance examination speed with thoroughness.
CD Text, ISRC and RID Audio Disc Display.
CD Text contains album, track and artist names on Sony and home-produced music CDs.
ISRC is the acronym for International Standard Recording Code. It is a code used to identify the recording studio and publisher of a music track. 
RID is the acronym for Recorder Identification. It is written to music CDs recorded on standalone CD recorders used with audio systems. 

Data Copy King

Hard drive duplicator, data wiping hardware, forensic data capture

Data Copy King (DCK) is a newly designed hard drive duplicator from SalvationDATA technology, with color touch screen and build-in SATA/IDE support, USB support with additional adapters. Data Copy King is the only hard drive duplicator with ‘UNIC’ disk imaging solutions which is able to copy data from good drives or drives with severe bad sectors or drives with unstable heads but still detected in the bios.

SalvationDATA is one of the leading manufacturers for data recovery tools with solutions to head/platter replacement, firmware corruption, RAID failure covering all kind of logical and physical failures of hard drives, flash memories(SSD is included), RAID system, and cell phones. In order to meet a higher level of disk image tools, SalvationDATA developed this disk image hardware integrating data wiping, forensic data capture and hard drive duplication. This hard drive duplicator can be used widely among data recovery companies, computer forensic agencies, security agencies, IT after sale departments, Banks, Universities, hosting companies, individuals, etc.

Forensic Cube

Favourable mobile System for the taking of evidence in the field
(with Touchpad-LCD)

Key Features:
Small as Barebone PC – powerful as a Workstation – quiet like an IPod
Only one power cable needed to start working
Only standard computer components
USB 3.0 and SATA 6 Gb/s are already on board
2nd Generation of Core -i7 INTEL CPU up to 3,4 GHz (installed)
Up to 16GB of DDR3 RAM (8Gb are installed)
SSD Super Fast System Drive 120GB
2 x Removable up to 1 TB Data Drives – hot swap and screwless
Convenient Transportation Case
Only 10 Kg (about 15 lb.)

Forensic Components:
Makes simultaneously up to TWO Forensic Copies from all kind of media*
2 x T35689iu Tableau Forensic Bridge
Tableau T35689iu Forensic SATA/IDE/SAS/USB/FireWire Combo Bridge incl. all cables, adapters and ext. HDD Fans
“The T35689iu is the latest integrated OEM forensic bridge from Tableau. This product supports write-blocked acquisitions of four different types of storage media: SATA/SAS/IDE/USB/FireWire.”
External Forensic Card Reader
Compact Flash Card (CFC) – MicroDrive (MD) – Memory Stick Card (MSC); 
Memory Stick Pro (MS Pro) – Smart Media Card (SMC) – xD Card (xD);
Secure Digital Card (SDC and SDHC) – MultiMedia Card (MMC)
Software
Windows 7 Ultimate 64-bit
Tableau Imager “TIM”, FTK Imager and more
Ready for use with TMSS-S1 – Forensic Tableau Modular Storage System (up to 9 TB Capacity)
What you get: Forensic Cube (Barebone Computer System with integrated Touch Display) incl. Hard Transportation Case & Accessories (BlueTooth Keyboar/Mouse, Toolkit, HDD coolers, Cable set and Adapter)
Tested and certified for use with AccessData (FTK 4.x) & EnCase Forensic v7

36 months Warranty & Made in Germany
Trolley
The Forensic Cube can be easily transported with the fully padded trolley made of hard plastic. One person can handle it eaven with all accessoires you need.

Forensic Dossier

Supports NTFS File Format For 2TB+ Hard Drives!

Designed exclusively for forensic data capture, the Forensic Dossier is the 6th generation of computer forensic solutions from Logicube. The Dossier provides cutting-edge technology with an easy to use interface. A compact and lightweight design makes the Dossier perfect for field or lab imaging requirements; including data collection for eDiscovery and compliance, digital forensic investigations conducted by federal, state and local law enforcement and corporate security forensic investigations.

Capture Two Hard DrivesThe Dossier captures data from one or two suspect hard drives to one or two evidence drives.

Dossier Connectivity OptionsThe Dossier provides built-in support for SATA and IDE drives and includes built-in connectivity for firewire and USB

Capture and AuthenticateCapture and authenticate at speeds over 7GB/min (speeds will vary depending on type and size of drives).
E01 Evidence File Format and Compression Support (optional)The E01 file format support (optional on the Forensic Dossier) allows users to capture hard disk drive data directly into the E01 format. Supports Encase® v6.x and FTK® v3.x and above. Features hardware-based compression to maintain line-speed performance and MD5 hash authentication.
Support for SCSI and SAS Drives (optional)SCSI and SAS drives are supported with optional adapters

MD5 and SHA-256 AuthenticationUses the highest level of authentication computing MD5 and SHA-256 hash concurrently in real time at full capturing speed
Built-in Support for RAID drive PairThe Dossier features built-in support for capture from a RAID drive pair; 0, 1, JBOD
NTFS File FormatNTFS file format for support of 2TB and greater capacity hard drives and for support of single, disk-wide dd image capture; capture a full disk with a single segment file.
Drive SpanningCapture from one large suspect drive to two smaller evidence drives
Advanced Keyword SearchSearch for hundreds of words while capturing at full speed. Store multiple groups of pre-defined keyword lists on compact flash. Retrieve search results directly to Windows. Search for suspect
names, phone numbers, and any other incriminating information. Add new words while in the field, using the built-in keypad.
Compatible With Self-Encrypting DrivesThe Dossier can be used with Self-Encrypting hard disk drives. Using hardware-based encryption, (encryption resides on the disk drive subsystem) provides a more secure method of encryption. Using the ATA security command feature of Dossier, users can set password and lock evidence drives
Capture From Flash MediaThe Dossier features a built-in media reader that provides the ability to capture from a variety of flash media devices including compact flash, memory sticks, SD and multi-media cards
100% Write ProtectionProvides 100% write-protection (source drives) – providing the ability to use as an external write-blocker for easy drive preview/image transfer without additional write-block hardware
Audit Trail ReportingGenerate and write to compact flash for review and printing. The log file is time-stamped.
Unidirectional Data TransferCopies only from the external data source to prevent inadvertent over-writing or corruption of a suspect’s drive. This ensures that the captured image will meet the requirements of law enforcement, corporate security, and cybercrime investigation and prosecution.
Proprietary O/SVirus vulnerability is virtually eliminated with Logicube’s proprietary operating system.
Security SystemFeatures a password-based security system (based on the ATA security specification T13) to protect evidence drives from unauthorized access. Two security levels, High or Maximum, are featured and users can set a Master along with a User password.
eSATA and microSATA Drives (optional)Supports eSATA and microSATA drives with optional cables
Unique Slide-In DesignEvidence or Destination drives are fully protected and secured inside the Dossier with a unique slide-in design

Capture via USB or FireWireCapture directly from a desktop/laptop and from MAC computers (via PC interface) with the Forensic USB/FireWire Cloning Software. Software CD-ROM is included with the Forensic Talon or Forensic Dossier data capture solution.
Dossier Erase OptionsThe Dossier can perform a standard WipeClean, a DoD wipe or a high-speed Security Erase (if drive model supports) of a single destination drive or both destination drives simultaneously.
Solid State DrivesSupports solid state drives
Extended Life Rechargeable Battery (optional)The extended life rechargeable battery provides 3 hours of extended use for the Forensic Dossier . This battery is used to power the Forensic Dossier whenever connection to a standard AC outlet is either undesirable or not possible. Use part number F-BATTERY-EXTND.
Internal Flash MemoryAn internal flash memory stores keyword lists, software updates, reports and more. The flash memory is accessible via USB or firewire connection
High-Speed USB Drive Acquisition (optional)Optional support for USB 2.0 acquisition speeds (up to 1.5GB/min) of USB enclosures, USB thumb/flash drives. Requires the purchase of a software key code to activate software and either the SCSI or SAS adapter for USB plug-in.
Compatible With The MPFSThe Forensic Dossier is compatible with the Logicube MPFS (Massive Portable Forensic Storage) solution. The MPFS provides up to 8TB of storage capacity.
Optional Adapters (optional)1.8″, 2.5″ and ZIF drive adapters are available
Save Configuration SettingIncludes a Save Configuration Setting that allows the operator to save frequently used capture settings. Settings will be saved from last capture session.
Language SupportMenu support for Chinese (both Simplified and Traditional) and Spanish languages
Networking OptionThe Forensic Dossier is compatible with the NETConnect™ networking module. Connect the Dossier tray to the NETConnect for immediate network connectivity. Preview or transfer data directly from Dossier via a gigabit ethernet interface to network locations using NETConnect.
Unique Design Eliminates Drive Heat Build-upThe Dossier’s unique design has been engineered specifically to eliminate drive heat build-up.
HPA And DCO CaptureDetect and capture Host Protected Areas (HPA) and Device Configuration Overlay (DCO) hidden areas on the source (suspect) drive.
Integrated KeypadA fully integrated QWERTY alphanumeric keypad is featured for easy entry of file names, user credentials, keyword searches, passwords and other data entry functions.
4K Sector DrivesCompatible with 4K Sector Advanced Format Hard Disk Drives
Bundled Configurations OfferedThe Forensic Dossier is available as part of a bundled solution with the MPFS and/or NETConnect. Contact our sales team today for information and pricing.
One-year Standard WarrantyThe system comes complete with a one year parts and labor warranty. Both an optional 1 year extended warranty ( total of 2 years) and a 2 year extended warranty (total of 3 years) are available.
In The BoxThe Forensic Dossier is available as a standalone or as a kit. Both are packed in a convenient, sturdy carrying case
Standalone VersionIncludes power supply, two 5″ and 9″ data and power cables, SATA, firewire and USB cables, a compact flash card, screwdriver, flashlight, a CD-ROM with Dossier software and a users’ manual
Dossier Kit VersionPacked in a rugged, hard-sided carrying case, the kit includes a power supply, two each of 5″, 9″ and 18″ data and power cables (both UDMA and SATA), SATA, firewire and mini USB cables, eSATA and microSATA cables, E01 file format software option, a compact flash card, 2.5″, 1.8″ IDE and ZIF IDE adapters, screwdriver, flashlight, a CD-ROM with Dossier software and a users manual

 

 

OktaGraph

High-End Password Recovery with up to 10648 Gigaflops
Passwords have never been recovered faster as the Graphic Board Cluster. A 4 RU server case includes up to 8 NVIDIA Tesla graphic boards of the series M2050/ M2070/ M2090.
The system is tested and certified to use with Passware Kit Forensic and ElcomSoft Password Recovery.

Hardware:
4 RU server case with 19″ Rackmount Kit
Redundant power supplies
up to 8x NVIDIA Tesla graphic boards of the series M2050/ M2070/ M2090
2x Dual Xeon processores with up to 3.4 GHz and 24 cores
up to 144 GB DDR3 RAM
2x 300 GB HDD (RAID 0 or RAID 1)

Software:
OS Windows 7 64-bit
Passware Kit Forensic 
ElcomSoft Password Recovery

OmniClone 10Xi

Specifically designed for high-volume duplication, the OmniClone® 10Xi features transfer speeds of up to 4GB/min. This cloning solution features advanced software and built-in support for SATA and IDE hard drives. Engineered for continuous cloning without interruption between sessions, this feature-rich solution is a workhorse – perfect for production environments where speed and accuracy are a priority.

Hard Drive DuplicationTen target, IDE/SATA hard drive to hard drive duplication. Support for IDE/SATA hard drives is built-in, optional adapters for 2.5″/1.8″/ZIF IDE drives are available.

Brand unimportantMaster & target drives can be different sizes, brands, & models.

Data Transfer RateThe OmniClone 10Xi clones hard drives at speeds up to 4GB/min

USB ConnectivityIntegrated USB port allows users to connect the OmniClone directly to any PC that runs Windows,providing the ability to modify, defragment, reformat and manage the master drive contents.

eSATA&microSATA Support (optional)Supports eSATA and 1.8″ microSATA hard drives with optional cables

Solid State DrivesThe OmniClone supports solid state drives

4K Sector DrivesCompatible with 4K Sector Advanced Format Hard Disk Drives

Mirror CopySimple sector-by-sector copying for all partition types (includes proprietary O/S, e.g. Mac, Linux, Unix, Sun, support). Mirror cloning recommended for all proprietary OS along with the following; Mac, Linux, Unix, Sun & OS6.

CleverCopy™CleverCopy technology copies only data areas and skips blank sectors. It also scales master partitions to precisely fit the target, making all the necessary adjustments on-the-fly. CleverCopy supports DOS, Windows 95/98/NT/ME/SE/2000/XP/VISTA/7 based systems. CleverCopy automatically scales FAT16/32.CleverCopy technology for NTFS file systems is available with the NTFS CleverCopy software option. For Windows 7 O/S Logicube’s optional Selective Partitions software is required if Master and Target drives are different sizes. Refer to the Logicube Windows 7 Cloning Guide for instructions and details.

Light StackThe Omniclone 10Xi offers a standard tri-color visual light stack which is attached directly to the unit chasis. The light stack colors represent ongoing status visibility which frees up the user for additional workloads.

Target Drive StructuresAdjusts all necessary target drive structures to ensure target will boot (e.g. Windows 95/98/ME/SE/NT/2000/XP/VISTA/7).

O/S IndependentClone any operating system. Scales DOS, FAT 16/32 & NTFS. Compatible with all operating systems including Windows 7, Windows Vista and Windows XP. Please refer to Logicube’sWindows 7 Cloning Guide for limitations with some cloning methods and Windows 7

Images any Operating SystemThe system supports DOS, FAT16/32 & NTFS file-systems. CRC 16 verification for all partition types during UDMA transfer selection. (Includes mirror cloning support for proprietary O/S, Mac, Linux, Unix, Sun, & OS6).

Verification Station™ (Option)This optional feature provides added security for sensitive data duplication-clone and verify exact replication of source drive using MD5 hash algorithm

Panasonic Toughbook EnclosuresLogicube solutions can be used with Panasonic Toughbook enclosures. A Panasonic SATA Adapter is required. This adapter can be purchased through online retailers. Contact Panasonic directly for information on this adapter. Part Number: CF-K30JG001. Description: CF-30/19/74/52 HDD Connector

Paper White Fine Touch ScreenIntuitive navigation is easy with a sealed, “paper-white” fine-touch screen. Allows for easy data and text entry and allows the user to edit volume labels, enter passwords and store pre-defined settings.

Cooling FanA built-in cooling fan ensure that there will be no data loss due to drive overheating

System Compact Flash CardA built-in compact flash card provides an easy method for software updates

Comprehensive Diagnostics (optional)OmniDiagnostic™. Scan a drive for bad or weak sectors. Repair bad or weak sectors. Wipe a drive clean up to a 7 pass DOD specification.

Database Software (Optional)Enables the user to scan and log hard drive cloning sessions.

Serial Remote Link (Optional)Gives users the ability to receive commands from a PC, controlling the OmniClone from a remote terminal. Includes a 3 meter serial link cable.

Free Software Updates & Technical SupportFree lifetime software updates & phone technical support.

One-year Standard WarrantyThe system comes complete with a one year parts and labor warranty. Both an optional 1 year extended warranty (total of 2 years) and a 2 year extended warranty (total of 3 years) are available

 

 

Rescue Drive

InfinaDyne announces the availability of its new, patent-pending Rescue Drive™. This new hardware works in conjunction with CD/DVD Inspector or CD/DVD Diagnostic to recover data from discs that are otherwise unreadable. This isn’t for marginally-readable discs that mount in a drive but is instead for quick-erased discs and those that will not “mount”. This is often the case with video DVDs that have not been finalized properly or discs with damage at the inside of the data area of the disc. Through the use of a Rescue Drive it is possible to mount discs and read them that would otherwise be inaccessible.

Works with all types of optical media: CD-R, CD-RW, DVD-R, DVD+R, DVD-RW, DVD+RW BD-R, and BD-RW. Works with single and dual layer media. Note that the standard drive configuration is a CD/DVD drive, not a Blu-Ray drive – Blu-Ray is available as an extra-cost option.

A Rescue Drive should be part of the tools available to everyone in either data recovery or forensics. This can make quick work of recovering data or video from discs that clients cannot obtain in any other way and doing so far easier and faster than any other technique. For the forensic examiner such a tool makes it possible to gather evidence from discs that could not otherwise be read – evidence that the suspect probably believes is unobtainable.

Available as either an internal SATA drive or in an external USB 2.0 case. An eSATA external case is optionally available as well. The actual packaging and drive may differ from the picture above. An internal drive has a small circuit board attached to the rear of the drive which does not obstruct the connections.

TreCorder

Maximum of Performance plus High-End Quality: The TreCorder the mobile forensic Laboratory

The TreCorder® is the highest performing portable device in the world for mobile digital-evidence-saving in computerforensics.

The TreCorder® was developed on demand and together with different public establishments from our home country and foreign countries

The TreCorder® is equipped with three internal HDD-Writeblocking-Devices (T35689iu), which guarantee a safe and court-suitable copy / cloning without changing the data.


In the practical test the TreCorder® reaches the following parameters:

The TreCorder copies up to 27 GB per minute = 1,62 TB per hour

Tested and certified for use with AccessData (FTK 4.x) & EnCase Forensic v7


– 36 month Warranty & Made in Germany –

X-Way Forensics

Integrated Computer Forensics Software

X-Ways Forensics is an advanced work environment for computer forensic examiners and our flagship product.Runs under Windows XP/2003/Vista/2008/7*, 32 Bit/64 Bit. Compared to its competitors, X-Ways Forensics is more efficient to use after a while, often runs faster, is not as resource-hungry, finds deleted files and search hits that the competitors will miss, offers many features that the others lack, …, and it comes at a fraction of the cost! It is based on the WinHex hex and disk editor and part of an efficient workflow model where computer forensic examiners share data and collaborate with investigators that use X-Ways Investigator.

X-Ways Forensics comprises all the general and specialist features known from WinHex, such as…

Disk cloning and imaging
Ability to read partitioning and file system structures inside raw (.dd) image files, ISO, VHD and VMDK images
Complete access to disks, RAIDs, and images more than 2 TB in size (more than 232 sectors) with sector sizes up to 8 KB
Built-in interpretation of JBOD, RAID 0, RAID 5, and RAID 6 systems (including Linux software RAIDs), Windows dynamic disks, and LVM2
Native support for FAT12, FAT16, FAT32, exFAT, TFAT, NTFS, Ext2, Ext3, Ext4, Next3®, CDFS/ISO9660/Joliet, UDF
Viewing and dumping physical RAM* and the virtual memory of running processes
Various data recovery techniques, lightning fast and powerful file carving
Well maintained file header signature database based on GREP notation
Data interpreter, knowing 20 variable types
Viewing and editing binary data structures using templates
Hard disk cleansing to produce forensically sterile media
Gathering slack space, free space, inter-partition space, and generic text from drives and images
File and directory catalog creation for all computer media
Easy detection of and access to NTFS alternate data streams (ADS)
Mass hash calculation for files (CRC32, MD4, ed2k, MD5, SHA-1, SHA-256, RipeMD, …)
Lightning fast powerful physical and logical search capabilities for many search terms at the same time
Recursive view of all existing and deleted files in all subdirectories
Automatic coloring for the structure of FILE records in NTFS
Bookmarks/annotations
Runs in WinFE, the forensically sound bootable Windows environment, e.g. for triage/preview, with limitations
Ability to analyze remote computers in conjunction with F-Response

Network Forensic Products

E-Detective 

Fox DataDiode 

E-Detective Decoding Centre 

Silent Runner
The Real-Time Data Capture and Advance Visualization

SilentRunner® Sentinel network forensics software is like having a surveillance camera on your network.
SilentRunner® enables you to answer the difficult question of “What happened?” in the aftermath of a security incident by tackling the complicated tasks of capturing, analyzing and visualizing network data. It is a passive network monitoring solution that visualizes network activity by creating a dynamic picture of communication flows, swiftly uncovering break-in attempts, weaknesses, abnormal usage, policy violations and misuse, and anomalies – before, during and after an incident. Operating like a surveillance camera, SilentRunner can play back events from thousands of communications to validate system threats and investigate security breaches. This dramatically boosts incident response capabilities by enhancing your ability to identify offenders, determine root cause, and mitigate the recurrence of the same security incident. In addition, it helps monitor infractions to regulatory controls and policy violations, providing supporting reports for auditing requirements and contributing to your ability to demonstrate compliance.

PRODUCT FEATURES

Real-Time Network Forensics Capture and Visualization Capabilities

  • SilentRunner promiscuously monitors and records network traffic in all seven layers of the Open Systems Interconnection stack.
  • Monitors more than 2,500 protocols and services out of the box.
  • Advanced visualization tools allow you to create a picture of communication flows to swiftly expose anomalies, illegal connections and security and network problems.
    Real-time network data is stored in a central database that can be queried for future digital investigations.
  • Using interactive graphical representations illustrating propagation, you can efficiently analyze users, hosts, domains, applications, protocols and addresses — detecting changes or abnormalities from established network baselines.
  • Capture and analyze wireless Ethernet 802.11b and 802.11g.

Pattern and Content Analysis for Network Forensics

  • Determine the root cause of a security breach or quickly distinguish between diversionary and truly malicious incidents.
  • Build “integrated maps” of certain assets or users — such as after-hours usage spikes, and mapping of virus and worm proliferation.
  • Independent of keyword or linguistic matching, you can determine how proprietary or inappropriate information proliferated from code servers, HR or financial databases, R&D labs and others.

Forensic Analysis and On-Demand Incident Playback

  • SilentRunner stores and catalogs network data into a central repository allowing you to play back the exact sequence of events, ensuring effective and accurate investigations and incident response.
  • Directly visualize audit logs and alerts, and correlate actual network traffic to provide a complete picture of activity around the time a suspicious event occurred.
  • Conduct post-event analysis and reconstruct events in their exact sequence to immediately uncover the source of an incident.
  • SilentRunner maintains a millisecond clock to record packet timing.
  • Quickly determine communication precedent and data proliferation.

Flexible Architecture

  • Leverage distributed monitoring to gain visibility into multiple network segments at once and correlate network data across the enterprise.
  • SilentRunner supports both centralized and distributed database architectures to provide quick and efficient data analysis.
  • Mobile deployments support local policy audits and investigations.

Data Management and System Availability

SilentRunner checks its internal self-health status to ensure healthy operation. With its “self-healing” capability, it will automatically restart failed services without user intervention to reduce downtime.
Configure SilentRunner with several data retention options, defining the length of time that data will be retained and active in the database.

Mobile Forensic Products

Audio Forensic Products

Enhanceaudio

Video Forensic Products

Impress 

 

Videntifier Forensic 

 

VideoFocus Pro 4.0