Getdata Forensics Explorer
About Forensic Explorer™
Forensic analysis software
Suitable for new or experienced investigators, Forensic Explorer combines a flexible and easy to use GUI with advanced sort, filter, keyword search, data recovery and script technology. Quickly process large volumes of data, automate complex investigation tasks, produce detailed reports and increase productivity. Manage all aspects of the investigation, including:
• File System Analysis
• Keyword & Index Search
• Live Boot Virtualization
• Registry
• Report
Key Features
Forensic Explorer includes a stand-alone license of Mount Image Pro.
No major version upgrade costs (valid maintenance give access to the latest build).
Software features include:
Anti-Virus: | In built Cisco Clam anti-virus. |
Bookmark: | Bookmark, flag, or categorize potential evidence. |
Case Management: | Create, save and load case files. |
Data Access: | Access all areas of physical or imaged media at a file, text, or hex level. View and analyze system files, file and disk slack, swap files, print files, boot records, partitions, file allocation tables, unallocated clusters, etc. |
Data Carving: | Inbuilt data carving tool to carve more than 300 known file types. |
Data Views: | Powerful data views including:
|
Email: | Email support for PST, OST, EDB, MBOX formats. Full keyword and index search capabilities for email. |
Export: | Export files to disk, or direct to .L01 forensic evidence files. |
GUI: | Detach drag and drop views for a customized work-space on multiple monitors. Save and load personal work-space configurations to suit investigative needs. |
Hash: | Apply hash sets to a case to identify or exclude known files. Hash individual files for analysis.
|
Index: | Built-in DTSearch index capability. |
Keyword Search: | Cluster, sector, or byte level keyword search of entire media using text, regex or hex expressions. |
Language: | Forensic Explorer is Unicode compliant. Investigators can search and view data in native language format such as Dutch or Arabic. |
Language GUI: | FEX GUI language can be set to EN, DE, ES, FR, ID, TR, ZH on install (language option set in registry). |
Metadata: | Extract and report file metadata, including EXIF, GPS, MS Office and more. |
Mount (MIP): | Mount forensic image files as a Windows drive letter (Mount Image Pro). Full access to deleted, system, unallocated, etc. Full CLI capabilities. |
RAID: | Work with physical or forensically imaged RAID media, including software and hardware RAID, JBOD, RAID 0, RAID 5, RAID 6. |
Recovery: | Recover deleted folders and partitions. |
Registry: | Open and examine Windows registry hives. Filter, categorize and keyword search registry keys. Automate registry analysis. |
Reporting: | Custom report builder with pre-defined reporting templates. |
Scripting: | Inbuilt powerful Delphi scripting language. Inbuilt scripts for:
|
Network Servelet: | Connect to and examine remote drives using a deploy-able network servelet. |
Shadow Copy: | Easily add and analyze shadow copy files. Learn more about Forensic Explorer Shadow Copy Volumes. |
Signature: | Forensic Explorer can automatically verify the signature of every file in a case and identify those mismatching file extensions. |
Triage: | Automatically triage and report on common forensic search criteria. |
Virtual Live Boot: | Virtualize Windows and MAC forensic image and physical disks using VirtualBox or VMWare. |