Forensic
Explorer is a tool for the analysis of electronic evidence. Primary users of
this software are law enforcement, corporate investigations agencies and law
firms. Forensic Explorer has the features you expect from the very latest in
forensic software. Inclusive with Mount Image Pro, Forensic Explorer will
quickly become an important part of your forensic software toolkit.
It enables investigators to:
·
Manage the analysis of large volumes of
information from multiple sources in a case file structure;
·
Access and examine all available data, including
hidden and system files, deleted files, file and disk slack and unallocated
clusters;
·
Automate complex investigation tasks;
·
Produce detailed reports; and,
·
Provide non forensic investigators a platform to
easily review evidence.
Supported File Formats
Forensics
Explorer supports the analysis of the following file formats:
·
Apple DMG
·
DD or RAW;
·
EnCase® (.E01, .L01, Ex01);
·
Forensic File Format .AFF
·
FTK® (.E01, .AD1 formats);
·
ISO (CD and DVD image files);
·
Microsoft VHD
·
NUIX File Safe MFS01
·
ProDiscover®
·
SMART®
·
VMWare®
·
XWays E01 and CTR
First
Download Forensics Explorer From here and install in
your pc. And Click on New Option
Enter the Case
Name and click on new option in
Investigator TAB
Here
in next step you have to enter the FULL
NAME, TITLE, and Organization, Department and email details and click on ok to proceed to next step.
Select the cases
folder where Forensic Evidence will be created. And click on ok
Now Click ‘Add Image.
Now select the path of RAW Image. To create RAW Image Select
the given LINK.
http://www.hackingarticles.in/how-to-create-copy-of-suspects-evidence-using-ftk-imager/
Now Select tasks to be processed on RAW image from given
list and click on Start.
After
Process completion, it will show Result for all the tasks selected earlier.
Now
Click on File System. The File System module is the primary Forensic Explorer
window where actions such as highlighting, selecting, sorting,
filtering, flagging, exporting and opening occur.
Select Registry analysis: Open and examine
Windows registry hives. Filter, categorize and keyword search registry keys.
Automate registry analysis with RegEx scripts.
Bookmark
selection enables almost any item (e.g. file, folder, keyword, search hit,
etc.), or a selection from an item (e.g. a fragment of text from a file or
unallocated clusters), to be bookmarked and listed in the Bookmarks
module.
Reports: The purpose of the Reports
Module is to assist in the generation of a report that documents the forensic
analysis. The Reports module is based on the use of templates that can be
re-used across multiple investigations.
0 comments:
Post a Comment