ElcomSoft Distributed Password Recovery 2.99.351 has been released.
To learn more visit www.Elcomsoft.com
~Hew
This Blog was created to keep track of Current Versions and New Updates for various Forensic Tools.
Friday, December 28, 2012
Passware has a new version
Passware Forensic 12.1 has been released.
To read more about Passware Forensic visit www.LostPassword.com
For purchase and training visit www.H11DFS.com
~Hew
To read more about Passware Forensic visit www.LostPassword.com
For purchase and training visit www.H11DFS.com
~Hew
Black Bag has a new version of BlackLight
BlackLight 2012 4.1 has been released.
Some of the new features include:
~Hew
Some of the new features include:
- Enhanced Skype Analysis
- View Skype chat and voice communiations
- Sort evidence by Skype account name, participant, and other key application artifacts
- Side-by-side Evidence Analysis
- Open multiple BlackLight windows to compare evidence
- More Advanced Filters
- VMWare virtual machine recognition and data processing!
- Time Machine (Time Capsule) data import and hard link resolution
- Comprehensive iOS 6 and OS 10.8.2 support
- Others
~Hew
Micro Systemation has released a new version of XRY
XRY 6.4.2 has been released.
The big change here is Windows 7 64bit support
For more information visit www.MSAB.com
~Hew
The big change here is Windows 7 64bit support
For more information visit www.MSAB.com
~Hew
Cellebrite has two updates
UFED Touch 1.8.1.0 has been released.
UFED Physical Analyzer 3.6.1 has been released.
These are maintenance updates.
The UFED Touch update is to resolve the following:
For more information please visit www.Cellebrite.com
For purchase and training visit www.H11DFS.com
~Hew
(Also note that the UFED Classic application number was updated to the same "version" of the UFED touch to avoid multiple number schemes.)
UFED Physical Analyzer 3.6.1 has been released.
These are maintenance updates.
The UFED Touch update is to resolve the following:
- UFED Touch unit presented inaccurate start/end date and time of the extraction itself in the UFD/HTML/XML reports generated as apart of the extraction.
- Restoration of the UI languages available in the UFED Touch settings
- Ability to export contact pictures with XML and UFDR Reports
- iPhone decoding improvements of deleted MMS, SMS, and iMessages
For more information please visit www.Cellebrite.com
For purchase and training visit www.H11DFS.com
~Hew
(Also note that the UFED Classic application number was updated to the same "version" of the UFED touch to avoid multiple number schemes.)
Tableau has a new Firmware Update
Tableau Firmware updater 6.98 has been released.
Remember the Firmware Updater is used for most of the Tableau devices.
There is no way to update the updater. You need to uninstall the updater and install the newer version.
In looking through the list of items updated since the last updater release in April, the following Tableau tools have updates:
Fore more information visit www.Tableau.com
For purchase and training visit www.H11DFS.com
~Hew
Remember the Firmware Updater is used for most of the Tableau devices.
There is no way to update the updater. You need to uninstall the updater and install the newer version.
In looking through the list of items updated since the last updater release in April, the following Tableau tools have updates:
- T3458is Forensic Bridge
- T34589is Forensic Bridge (UltraBay II)
- T35689iu Forensic Combo Bridge
- TD2 Forensic Disk Duplicator 2 v3.26
Fore more information visit www.Tableau.com
For purchase and training visit www.H11DFS.com
~Hew
Access Data has a new version of FTK Imager
FTK Imager 3.1.2 has been released.
This update has improved the detection of handling og corrupt$I30 index allocations.
If you are having trouble using the image mounting function of FTK Imager use the following steps:
FTK Imager is a free tool. If you are not using it, you should consider looking into it.
~Hew
This update has improved the detection of handling og corrupt$I30 index allocations.
If you are having trouble using the image mounting function of FTK Imager use the following steps:
- As an adminsitrator, open a command prompt
- In Run, type CMD. Right-click on the command prompt and select run as administrator
- Type "sc delete cbdisk" without the quotations
- Type "sc delete cbdisk2" without the quotations
- Reboot the computer
- This will update the drivers for Imager
FTK Imager is a free tool. If you are not using it, you should consider looking into it.
~Hew
Guidance Software Releases a new version of EnCase
EnCase 7.05.02 has been released.
Updates include:
For more information please visit www.GuidanceSoftware.com
For training visit www.H11DFS.com
~Hew
Updates include:
- Enhanced McAfee ePolicy Orchestrator (ePO) Support
- The SAFE has been updated to version 7d2
- USGCB Compliance
- More Encryption Support
Vendor | Product | Supported Versions | 64-bit Support |
---|---|---|---|
Check Point | Check Point Full Disk Encryption (formerly Pointsec PC) | 6.3.1 up to 7.4 | Yes |
CREDANT | Mobile Guardian | 5.2.1, 5.3, 5.4.1, 5.4.2, 6.1 through 6.8 | No |
GuardianEdge | Encryption Plus/Anywhere | 7 and 8 | No |
GuardianEdge | Hard Disk Encryption | 9.2.2, 9.3.0, 9.4.0, 9.5.0, 9.5.1 | Yes |
McAfee | EndPoint Encryption (formerly SafeBoot) | 4.5.6 (for Windows and Macintosh computers) | No |
Microsoft | BitLocker and BitLocker To Go | Vista 7, Server 2008 | Yes |
Sophos | SafeGuard Easy and Enterprise (formerly Utimaco) | 4.5, 5.5, 5.6 | Yes (only for SafeGuard Easy, not for Enterprise) |
Symantec | PGP Whole Disk Encryption | 9.8, 9.9, 10, 10.1, 10.2 | Yes |
Symantec | Endpoint Encryption | 7.0.2, 7.0.3, 7.0.4, 7.0.5, 7.0.6, 7.0.7, 7.0.8, 8.0 | Yes |
WinMagic | SecureDoc Full Disk Encryption | 4.5, 4.6 | No |
For more information please visit www.GuidanceSoftware.com
For training visit www.H11DFS.com
~Hew
Monday, December 10, 2012
X-Ways forensics has some new releases
X-Ways Forensics 16.8 has been released
X-Ways Investigator 16.8 has been released
X-Ways WinHex 16.8 has been released
The X-Ways website doesn't give much in new release update notes, but to read more visit X-Ways.com
~Hew
X-Ways Investigator 16.8 has been released
X-Ways WinHex 16.8 has been released
The X-Ways website doesn't give much in new release update notes, but to read more visit X-Ways.com
~Hew
Magnet Forensics has a new release
Magnet Forensics releases Internet Evidence Finder (IEF) 5.7.1
New features include:
~Hew
New features include:
- Improved un-partitioned space search for mounted images
- Enhanced support for eMule, Skype, Chatsync, Safari History, and JPG Pictures
- More
~Hew
Cellebrite has a new release.
Cellebrite has some new releases
UFED Touch 1.8.0.0 Firmware has been released.
UFED Physical Analyzer 3.6 has been released
New support includes:
To purchase visit H11DFS.com
~Hew
UFED Touch 1.8.0.0 Firmware has been released.
UFED Physical Analyzer 3.6 has been released
New support includes:
- More support for Samsung Galaxy SIII family
- Android 4.2.x Logical, File System, and Physical support
- Nokia BB5 Physical extraction from an additional 21 locked and unlocked devices
- More
To purchase visit H11DFS.com
~Hew
Micro Systemation has a new version
XRY 6.4.1 has been released
Quite a bit has been added with this release including but not limited to:
~Hew
Quite a bit has been added with this release including but not limited to:
- MTK Android physical support
- Blackberry Physical support
- Nokia BB5 Physical support
- MTK Chinese chipset Physical support
- iOS 6 deleted message recovery
- Windows Phone 7 and 8 Logical File system support
- More
~Hew
Guidance Software releases a new EnCase 6
EnCase 6.19.7 has been released
It seems the big change is that EnCase 6.19.7 can read the electronic license for EnCase 7. No need for multiple dongles!
They have also fixed an issue with Outside In when creating a transcript of a fragment of a deleted and overwritten file from unallocated space.
There are also a few know issued when working with Office 2007. Guidance recommends using Office 2010.
To read more visit GuidanceSoftware.com
To purchase visit H11DFS.com
~Hew
It seems the big change is that EnCase 6.19.7 can read the electronic license for EnCase 7. No need for multiple dongles!
They have also fixed an issue with Outside In when creating a transcript of a fragment of a deleted and overwritten file from unallocated space.
There are also a few know issued when working with Office 2007. Guidance recommends using Office 2010.
To read more visit GuidanceSoftware.com
To purchase visit H11DFS.com
~Hew
New F-Response Release
F-Response 4.0.5 has been released
Some of the enhancements include:
To purchase visit H11DFS.com
As a side note, if you have never used F-Response you are missing a potential case saver.
This is one of the tools I recommend every forensic toolkit has.
F-Response makes network acquisitions simple, and effective. Do yourself and your clients a favor and check these guys out!
~Hew
Some of the enhancements include:
- Improved cloud connector
- Better support for current Linux distributions
- Support for FreeBSD 64bit
- Windows 8 Support for all tools
- 64bit COM objects
- More
To purchase visit H11DFS.com
As a side note, if you have never used F-Response you are missing a potential case saver.
This is one of the tools I recommend every forensic toolkit has.
F-Response makes network acquisitions simple, and effective. Do yourself and your clients a favor and check these guys out!
~Hew
New Access Data releases.
MPE+ 5.1.2 has been released
DNA / PRTK 7.0 has been released
MPE+ 5.1.2 has the following updates:
For purchase please visit H11DFS.com
~Hew
DNA / PRTK 7.0 has been released
MPE+ 5.1.2 has the following updates:
- Enhanced iOS support
- Addition of 200 MediaTek Chinese phones
- Enhanced driver support with Galaxy SII and iOS driver access
- UNIX date conversion within Hex interpreter
- PLIST files from iOS devices are displayed regardless of extension.
- More...
- GPU units can now be used!!
- This works on Microsoft Windows computers with CUDA-enabled GPUs
- I'm looking forward to trying it!
For purchase please visit H11DFS.com
~Hew
Monday, November 12, 2012
Magnet Forensics has a new release
Magnet Forensics has a new release of Internet Evidence Finder.
Internet Evidence Finder (IEF) 5.7 has been released!
New features in this release are:
To read more visit Magnet Forensics
Also Magnet Forensics has Webinar Demonstrations, if you have not checked these guys out, you are potentially missing tons of information!
~Hew
As a side note for any of you curious. Incognito and Private browsing does leave traces, usually in flash cookies. I am assuming that is where IEF is parsing this information. (Maybe other locations as well.) If so, it is cool that someone is now taking those cookies and parsing them out.
Internet Evidence Finder (IEF) 5.7 has been released!
New features in this release are:
- Chrome Incognito & Firefox Private Browsing History
- Carbonite & Google Maps Artifacts
- Web History Categorization
- Support for Ex01, Lx01, and L01 images
- Dates and time are now converted to local or a specified time zone.
- Picture and Video Analysis, Carving and Parsing
- EXIF Data
- Skin Tone & Body Part Detection
- Others
To read more visit Magnet Forensics
Also Magnet Forensics has Webinar Demonstrations, if you have not checked these guys out, you are potentially missing tons of information!
~Hew
As a side note for any of you curious. Incognito and Private browsing does leave traces, usually in flash cookies. I am assuming that is where IEF is parsing this information. (Maybe other locations as well.) If so, it is cool that someone is now taking those cookies and parsing them out.
Friday, November 9, 2012
BlackBag Technologies has a new release.
BlackLight 2012 R4 has been released.
New features include:
~Hew
New features include:
- Skype analysis - View Skype chat and voice communications
- Side-by-side evidence analysis - Open multiple Black Light window instances to simultaneously compare and analyze related evidence
- Virtual Machine Support
- Time Machine Support
- iOS 6 and Mountain Lion (10.8.2) support
- And More
~Hew
Logicube has released new firmware for CellXtract
CellXtract 1.4.0.5 has been released.
Updates include:
For Logicube sales and training visit H-11 Digital Forensics
~Hew
Updates include:
- Support for iOS 6
- Support for iPhone 5 (No cable has been supplied yet, so users must use an "off the shelf" cable.)
- Android extractions of email from default and Gmail locations
- Improved rooting for Android 2.3.5 and 2.3.6
- Support for Apple iPad and iPhone devices with back-up passwords (user must know tha password and enter it when extracting.)
- Others
For Logicube sales and training visit H-11 Digital Forensics
~Hew
X-Ways has released some updates
X-Ways Forensic, X-Ways Investigator, and WinHex are all on Version 16.7
To read more visit X-Ways
~Hew
To read more visit X-Ways
~Hew
Cellebrite has released a new version of Physical Analyzer
Cellebrite has released Physical Analyzer 3.5
In viewing the release notes some of the changes include the following:
For training or to purchase Cellebrite visit H-11 Digital Forensics
~Hew
In viewing the release notes some of the changes include the following:
- New decoding of Blackberry Messenger (groups, attachments, and deleted data)
- Nokia BB5 File system reconstruction and decoding
- View Android application files
- Improved TomTom trip-log decryption
- Export Locations to KML files
- Export Emails to EML files
- Embedded Text Viewer
- Others
For training or to purchase Cellebrite visit H-11 Digital Forensics
~Hew
Guidance Software has released a new version of EnCase
EnCase 7.05.01 has been released.
The main update is:
For Sales or Training with EnCase 7 please visit H-11 Digital Forensics.
~Hew
The main update is:
- SMS Checking - Prevents you from running a version of EnCase released after your SMS has expired.
- An encryption error with BitLocker, where upon closing and re-opening the Evidence tab the volume was displayed as encrypted.
- The IsValidCreditCard() string does not accommodate strings with more than 16 characters.
- An EnServer configured to use NAS (Network Authentication Server) does not accept a HASP dongle configured to run Version 7.
- After creating a search and selecting "Save Results" EnCase crashes.
- Others
For Sales or Training with EnCase 7 please visit H-11 Digital Forensics.
~Hew
Changes to the blog.
Due to the random nature of release dates. I will be making updates every Friday. This will save me some time, and hopefully you as well, as Friday will be "new post day."
This way I can allot a solid block of time to the blog and be more thorough.
Thankyou
~Hew
This way I can allot a solid block of time to the blog and be more thorough.
Thankyou
~Hew
Thursday, October 25, 2012
Cellebrite has two new updates.
Cellebrite Physical Analyzer 3.3 has been released.
iOS support package 4.2 has been released.
Physical Analyzer 3.3 mainly gives support for iOS 6 on devices that were currently supported by Cellebrite.
The new iOS package gives support for older versions of iOS.
To read more visit Cellebrite
To be trained with the Cellebrite tool and on cellular technologies in the Forensics environment, visit H-11 Digital Forensics
~Hew
iOS support package 4.2 has been released.
Physical Analyzer 3.3 mainly gives support for iOS 6 on devices that were currently supported by Cellebrite.
The new iOS package gives support for older versions of iOS.
To read more visit Cellebrite
To be trained with the Cellebrite tool and on cellular technologies in the Forensics environment, visit H-11 Digital Forensics
~Hew
Thursday, October 11, 2012
Cellebrite has some new releases
To start I have added the Cellebrite Touch to the "Current Versions" page.
The Releases are:
Cellebrite Touch Application 1.7.0.0
Cellebrite Classic Application 1.2.2.3
Physical Analyzer 3.2
Logical Analyzer 3.2
Phone Detective 1.1.7
Updates include:
For training visit H-11 Digital Forensics
~Hew
The Releases are:
Cellebrite Touch Application 1.7.0.0
Cellebrite Classic Application 1.2.2.3
Physical Analyzer 3.2
Logical Analyzer 3.2
Phone Detective 1.1.7
Updates include:
- iPhone 5 file system support
- iOS 6 file system extractions (I know this pretty much includes the iPhone 5...)
- Android 4.1 "Jelly Bean" physical and file system support including, pattern, pin, or passcode lock bypass during physical extraction
- 550 new logical extractions (remember, this can mean multiple versions of the same phone as "multiple" new devices"
- 34 new physical extractions
- 6 new file system extractions
- 4 new password extractions
- And more
For training visit H-11 Digital Forensics
~Hew
Wednesday, October 10, 2012
Passware has released a new version
Passware 12.0 has been released.
To read up on what it can do for you visit Passware
To purchase visit H-11 Digital Forensics
~Hew
To read up on what it can do for you visit Passware
To purchase visit H-11 Digital Forensics
~Hew
Vound Software has a new version of Intella
Intella 1.6.2 has been released.
The main changes include:
To purchase visit H-11 Digital Forensics
~Hew
The main changes include:
- Improved the reporting of indexing errors
- Faster performance and heightened stability
- An experimental 64 bit version is now available on request.
To purchase visit H-11 Digital Forensics
~Hew
Access Data has released some new versions.
FTK Imager 3.1.1 has been released!
License Manager 3.1.5
Mobile Phone Examiner Plus 5.1
Codemeter Runtime 4.5.0b (both 32 bit and 64 bit)
FTK Imager release notes mention that it now:
To purchase or for even more information visit H-11 Digital Forensics
~Hew
License Manager 3.1.5
Mobile Phone Examiner Plus 5.1
Codemeter Runtime 4.5.0b (both 32 bit and 64 bit)
FTK Imager release notes mention that it now:
- Supports creating, reading, and verifying E01 files of drives greater than 2 TB
- When performing a memory capture, you can now include the pagefile and save memory as an AD1
- A fixed issue with reading exFAT partitions even if there is a slight difference between the sector count of the volume and the partition information.
- A Social Analyzer Spoke Chart that allows you to visually represent multiple contacts on a cluster
- Performance enhancements
- Support of DD8 images
- More support for iOS devices
- Ability to mount any image as a drive letter
To purchase or for even more information visit H-11 Digital Forensics
~Hew
Guidance Software release EnCase 7.05
EnCase 7.05 has been released!
Guidance Software also released EnCase Portable 4.01
For the most part, this update revolves around speeding up processing time within EnCase 7. The release notes talk about:
Or to purchase and get trained on EnCase visit H-11 Digital Forensics
~Hew
Guidance Software also released EnCase Portable 4.01
For the most part, this update revolves around speeding up processing time within EnCase 7. The release notes talk about:
- Faster processing
- Prioritized processing
- Ability to embed Hyperlinks in Exported Reports
- Two new ways to filter
- Filter the current table and stay in the same view with all the metadata available
- Filter across all pieces of evidence in your case and view the responsive items in the results view.
- You can now review search hits while EnCase is processing, rather than waiting for EnCase to finish.
- In the Search and Results Tabs you can now copy files, copy folders, add results to the hash library, and save results!
- PGP 10.1 and 10.2 support
- Mac OS 10.6 and OS 10.7 supported
- Enhancements were made to the Windows Event Log Parser.
- And more
Or to purchase and get trained on EnCase visit H-11 Digital Forensics
~Hew
An Apology
I feel the need to apologize to any of my readers.
I have been traveling for the past few weeks and updating the blog from different areas has been problematic in the past so I avoided doing so. I promised myself that I would update over the weekends, but that did not happen.
There have been a few updates since my last post so here they are...
Well, in the the next couple posts... ;)
~Hew
I have been traveling for the past few weeks and updating the blog from different areas has been problematic in the past so I avoided doing so. I promised myself that I would update over the weekends, but that did not happen.
There have been a few updates since my last post so here they are...
Well, in the the next couple posts... ;)
~Hew
Monday, September 17, 2012
Micro Systemation has a new XRY release
Micro Systemation has released XRY Complete 6.3.2
New features include:
To learn more about imaging smart phone visit us at H-11 Digital Forensics.
~Hew
New features include:
- Bypass of some iOS passcodes
- Full support for new iOS6
- RAM disk extraction for iOS devices
- Logical Support for Samsung Galaxy SIII
- New Word export funtionality
- New agent for extracting data from Windows Phone 7
- New support for extracting information from .sbu backup files
- Others
To learn more about imaging smart phone visit us at H-11 Digital Forensics.
~Hew
Magnet Forensics has a new release
Magnet Forensics (Formerly JAD Software) has released Internet Evidence Finder 5.6.1
New features include:
~Hew
New features include:
- The ability to rebuild web pages as they were viewed by the suspect
- Recovery from iOS backups
- Enhanced support for Skype carved messages, Facebook chat, and Gmail and Google Drive
- Carving for Skype sync chat, ooVoo chat, and Mail.RU chat client
~Hew
Access Data has released a new version of MPE+
Mobile Phone Examiner Plus (MPE+) 5.0 has been released.
New features include:
To purchase visit us at H-11 Digital Forensics.
~Hew
New features include:
- Physical imaging of the Samsung Galaxy II Series
- Physical imaging of Android 2.5.3
- New Interface
- Others
To purchase visit us at H-11 Digital Forensics.
~Hew
Guidance Software has released EnCase 6.19.6
This was released to fix some bugs.
Fore training with EnCase visit us at H-11 Digital Forensics.
~Hew
- EnCase stops responding when adding evidence with 4KB sectors
- Copy/Unerase and Copy Folders were exporting corrupted RMS content
- New Outside In security update applied
- Fixes in hashing with the encase.hash sets
Fore training with EnCase visit us at H-11 Digital Forensics.
~Hew
Thursday, August 23, 2012
Elcomsoft has released a new version of their Phone Password Breaker
Elcomsoft Phone Password Breaker 1.86.1399 has been released.
With each release more devices are supported.
To learn more visit: Elcomsoft
~Hew
With each release more devices are supported.
To learn more visit: Elcomsoft
~Hew
F-Response has released a new version.
F-Response 4.0.0.4.1 has been released.
Updates include:
www.f-response.com
~Hew
Updates include:
- F-Response cloud connector now supports Windows Azure Blob Storage
- Now has improved handling of non-standard mount points in Linux
- Improved Physical Memory access stability based on further input from the Volatility Project
www.f-response.com
~Hew
Vound Software has released a new version of Intella
Intella Version 1.6.1 has been released!
Some of the major highlights include:
To purchase Intella visit: H-11 Digital Forensics
~Hew
Some of the major highlights include:
- Indexing of Cellebrite, XRY, and Oxygen cellphone reports
- New Smart Search Capability
- New Case Backup Feature
- Chinese Language Support
- Resolved an issue of Intella failing to render through remote desktop connections
- Improvements to negate the impact of virus scanners on Intella's database
- Dongle Manager has been updated
- Many more improvements
To purchase Intella visit: H-11 Digital Forensics
~Hew
Black Bag Technologies has released a new version of Black Light
Black Light 2012 R3 has been released.
Some of the updates are:
~Hew
Some of the updates are:
- Encrypted iOS Image Support
- Automated iOS Backup Folder Recovery
- Network-based (LAN) Licensing
- and more
~Hew
Cellebrite has released a new UFED Application
Since my last Cellebrite update post UFED Application 1.2.1.1 has been released.
I have not found any documentation concerning this release as of yet.
I will update this post when I know more.
~Hew
I have not found any documentation concerning this release as of yet.
I will update this post when I know more.
~Hew
X-Ways Forensics has released a new version.
X-Ways Forensic, X-Ways Investigator, and WinHex 16.6 has been released.
To see about the release visit them at: www.x-ways.net
~Hew
To see about the release visit them at: www.x-ways.net
~Hew
Friday, August 3, 2012
Wetstone Technologies has released some new tools
Gargoyle Forensics Pro Edition and G-Flash 5.2.1 has been released.
The Gargoyle Investigator Enterprise Module 3.2.0 has been released
And the newest dataset for Gargoyle has been released: June 2012
For more information please visit: www.wetstonetech.com
~Hew
- G-Pro command line capability now uses G-Pro's fibonacci hashing
- -XML command line now gives users the ability to export to XML reports via command line
- Index column added for reporting for easier identification of specific hits
- Clarifies the results screen to distinguish between program and category hits
The Gargoyle Investigator Enterprise Module 3.2.0 has been released
And the newest dataset for Gargoyle has been released: June 2012
For more information please visit: www.wetstonetech.com
~Hew
Monday, July 30, 2012
Cellebrite has some new releases
Cellebrite has released the following:
Firmware Update 1.2.1.0
Physical Analyzer 3.1
Logical Analyzer 3.1
Phone Detective 1.1.6
Firmware Update:
45 New Physical Extractions
78 New File System Extractions
4 New Password Extractions
~Hew
Firmware Update 1.2.1.0
Physical Analyzer 3.1
Logical Analyzer 3.1
Phone Detective 1.1.6
Firmware Update:
- Enhances Logical reporting
- Replaces report manager
- Nokia 100 Logical Support
- Nokia BB5 Physical Extraction
- More UFED Chinex Support
- Supports Instant Messaging Attachments
- Excel reports compatible with Open Office
- Decoding Improvements
- Croatian Language Support
- Allows users to perform basic analysis on logical extractions
- Functionalities include Filters, Watch Lists (manual or automatic), Timelines, Chronological Conversation Viewer, Bookmarking, and more
- More customizable report creator
45 New Physical Extractions
78 New File System Extractions
4 New Password Extractions
- LG VS-740
- Samsung SGH-A885
- Samsung GT-S3600i
- UniMile PR-600
~Hew
Tuesday, July 24, 2012
F-Response has released a new version
F-Response has announced the new version 4.0.0.4 of their line of tools.
Some of the upgrades include:
For anyone that hasn't tried F-Response I give it a huge recommendation as a great Forensic Tool for the aid in imaging.
~Hew
Some of the upgrades include:
- F-Response cloud connector that allows examiners a read-only connection to Amazon S3, Rackspace Cloud Files, HP Public Cloud, and more
- Updates to better locate non-standard storage paths
- Physical memory improvements
- A new powershell script for automating physical memory imaging
- And more
For anyone that hasn't tried F-Response I give it a huge recommendation as a great Forensic Tool for the aid in imaging.
~Hew
Friday, July 6, 2012
Elcomsoft has released a new version of their IM Password Recovery
Elcomsoft IM Password Recover 4.3 has been released.
This is a tool to retrieve login and password information for various instant messengers.
For more information visit www.elcomsoft.com
~Hew
This is a tool to retrieve login and password information for various instant messengers.
For more information visit www.elcomsoft.com
~Hew
Blackbag has released a new version of BlackLight
Black Light 2012 R2 has been released.
Some of the new features include:
~Hew
Some of the new features include:
- Automated iOS Backup Folder Recovery
- Custom template for Import and Export
- Video Frame Analysis
- Network-based License Authorization
- And others
~Hew
Wednesday, June 27, 2012
Logicube has released two new updates
The Forensic Dossier version 3.3.3RC13 has been released!
The Forensic Talon Enhanced version 3.3.3RC13 has been released!
Both of these updates now give the Talon Enhanced and the Dossier Spanish Menus.
...Finally!
For more information visit us at: http://h11dfs.com/dossier-forensic-capture-tool.php
or for the Talon Enhanced visit: http://h11dfs.com/talon-e-data-capture.php
You can also visit Logicube at: www.logicube.com
~Hew
The Forensic Talon Enhanced version 3.3.3RC13 has been released!
Both of these updates now give the Talon Enhanced and the Dossier Spanish Menus.
...Finally!
For more information visit us at: http://h11dfs.com/dossier-forensic-capture-tool.php
or for the Talon Enhanced visit: http://h11dfs.com/talon-e-data-capture.php
You can also visit Logicube at: www.logicube.com
~Hew
JAD Software has released a new version of IEF
JAD Software has released a new version of the Internet Evidence Finder (IEF)
Some of the notable updates:
~Hew
Some of the notable updates:
- Recover browser history from IE10
- Recover evidence from Dropbox, Google Docs, Google Drive, SkyDrive, and Flikr
- Enhancements for Twitter and Facebook
- Chat now supports Skype 3
- Improved support for Hotmail and Yahoo
- Reported faster speeds
- A new user interface
- And More
~Hew
Tuesday, June 26, 2012
Cellebrite has three new updates.
Cellebrite has released Physical Analyzer 3.0.1
Firmware (Application) 1.2.0.0
Phone Detective 1.1.5
Some of the releases for this version of Physical Analyzer include:
For training on Cellebrite visit http://h11dfs.com/cellebrite-training-courses.php
~Hew
Firmware (Application) 1.2.0.0
Phone Detective 1.1.5
Some of the releases for this version of Physical Analyzer include:
- This adds Physical Extraction from locked Nokia BB5 (base band 5) devices
- Logical Extraction of the Samsung Galaxy S III
- Improved Parsing of SQLite databases
- 71 new devices supported for logical dump
- 47 new devices supported for physical dump
- 84 new devices supported for file system dump
- Others
For training on Cellebrite visit http://h11dfs.com/cellebrite-training-courses.php
~Hew
I have added a new tool (Lightgrep) to the current versions page.
Lightbox Technologies has a tool that I have been told about called Lightgrep. It has been added to the current versions page of the blog.
Lightgrep is, and I quote, "a Perl-compatible regular expression search engine for forensics that's several times faster than EnCase's keyword search." It looks to be a promising add-on for EnCase!
I look forward to trying it out!
Check them out at Lightbox Technologies
~Hew
Lightgrep is, and I quote, "a Perl-compatible regular expression search engine for forensics that's several times faster than EnCase's keyword search." It looks to be a promising add-on for EnCase!
I look forward to trying it out!
Check them out at Lightbox Technologies
~Hew
Tuesday, June 19, 2012
Guidance Software releases EnCase 7.04.01
EnCase 7.04.01 has been released!
This release seems primarily to be a bunch of Bug Fixes, some of which are detailed below:
For more information visit: http://h11dfs.com/encase-forensic-v7.php
www.guidancesoftware.com
~Hew
This release seems primarily to be a bunch of Bug Fixes, some of which are detailed below:
- Preview of a network node fails when the user has only one connection
- EnCase crashes shortly after starting a memory acquisition from a remote machine
- Text and Hex tabs the Go To option is missing
- Hash calculation of deleted files with a size greater than one cluster on FAT and EXT volumes is incorrect
- When bookmarking transcript text, text is not displayed in the report, only metadata
- Others
For more information visit: http://h11dfs.com/encase-forensic-v7.php
www.guidancesoftware.com
~Hew
Elcomsoft has released a few updates
Elcomsoft has released 4 updates for various tools this month.
Elcomsoft Distributed Password Recovery 2.97.311
Advanced PDF Password Recovery 5.5
Elcomsoft Phone Password Breaker 1.84.1350
Elcomsoft Blackberry Backup Explorer 10.01
Fore more information visit: http://elcomsoft.com/download.html
~Hew
Elcomsoft Distributed Password Recovery 2.97.311
Advanced PDF Password Recovery 5.5
Elcomsoft Phone Password Breaker 1.84.1350
Elcomsoft Blackberry Backup Explorer 10.01
Fore more information visit: http://elcomsoft.com/download.html
~Hew
Wednesday, June 13, 2012
Logicube has a CellXtract Update
Logicube has, as promised, released the update for the CellXtract
Version 1.3.0.7 has been released.
http://www.logicube.com/knowledge/cellxtract
To purchase visit H11 Digital Forensics
~Hew
Version 1.3.0.7 has been released.
http://www.logicube.com/knowledge/cellxtract
To purchase visit H11 Digital Forensics
~Hew
Friday, June 8, 2012
AccessData releases a new version of FTK
FTK version 4.0.2 has been released.
Some of the changes are as follow:
Available at H11 Digital Forensics
Also Access Data has announced that as of October 2012 FTK 1.8x will no longer be available for download. They will also stop all support for it October 2013.
It was a great tool and had a great run!
~Hew
Some of the changes are as follow:
- Improved handling of unallocated space on Android EXT4 and YAFFS partitions
- Ability to back up multiple cases simultaneously
- Expanded decryption support for YAFFS 1 and 2, and iOS systems
- Support for the Ex01 Evidence File Format
- You can now bookmark more than 9,999 items at a time
- New OCR support with a new engine has been added
- Others
Available at H11 Digital Forensics
Also Access Data has announced that as of October 2012 FTK 1.8x will no longer be available for download. They will also stop all support for it October 2013.
It was a great tool and had a great run!
~Hew
Wednesday, June 6, 2012
Logicube's CellXtract adds physical capture
Logicube has announced the release of the CellXtract-TNT as well as an upgrade for existing CellXtract units.
CellXtract-TNT will be released next week and will support Chinese knock-off as well as legitimate Chinese phones.
Both CellXtract units will also add Physical extraction for Android devices.
Current Android O/S versions supported are 1.6 - 2.3.4
I look forward to this release!
For more information visit our CellXtract page.
Or visit Logicube
~Hew
CellXtract-TNT will be released next week and will support Chinese knock-off as well as legitimate Chinese phones.
Both CellXtract units will also add Physical extraction for Android devices.
Current Android O/S versions supported are 1.6 - 2.3.4
I look forward to this release!
For more information visit our CellXtract page.
Or visit Logicube
~Hew
Monday, June 4, 2012
Added Elcomsoft Phone Password Breaker to Current Versions
Elcomsoft is one of the leaders in password cracking technologies.
This tool can grant access to the backup files of various phones.
See more at: http://elcomsoft.com/eppb.html
~Hew
This tool can grant access to the backup files of various phones.
See more at: http://elcomsoft.com/eppb.html
~Hew
X Ways Forensic has released a new version of their tool/s.
X-Ways Forensic 16.5 has been released
X-Ways Investigator 16.5 has been released
Winhex 16.5 has been released.
Visit them at: www.x-ways.net
~Hew
X-Ways Investigator 16.5 has been released
Winhex 16.5 has been released.
Visit them at: www.x-ways.net
~Hew
Thursday, May 31, 2012
Cellebrite Announces a new Device
Cellebrite has announced a new device!
The UFED touch.
Take a look - www.cellebrite.com
Aside from a touch screen and a new look it seems to be very similar to its predecessor, with reported faster capture speeds. I look forward to trying it out!
~Hew
The UFED touch.
Take a look - www.cellebrite.com
Aside from a touch screen and a new look it seems to be very similar to its predecessor, with reported faster capture speeds. I look forward to trying it out!
~Hew
Microsystemation releases a new version of XRY
XRY v6.3 has been released.
Some of the new features include:
~Hew
Some of the new features include:
- New agent for extracting data from Windows Phone 7
- Support added for Samsung .sbu backup files
- Keychain password support for iPhones
- Logical Application decoding for iPhones
- Motorola iDEN decoding support
- Improved IPD decoding and BBM extraction for Blackberry
- Possible to have multiple SQLite viewers open simultaneously
- Others
~Hew
Tuesday, May 29, 2012
Blackbag Releases new version of Macquisition
Macquisition 2012 R3 has been released.
New features include:
~Hew
New features include:
- Live disk Imaging
- E01 image file format support
- Improved Speeds
- Optional Hash Processing
~Hew
Tuesday, May 15, 2012
JAD Software released a new version of IEF
JAD Software has released a new version of the Internet Evidence Finder (IEF)
IEF v5.4 is out.
Some of the included updates:
www.jadsoftware.com
~Hew
IEF v5.4 is out.
Some of the included updates:
- Support for LinkedIn email added - support for browser cache and carving
- Support for Trillain chat added
- Improved support for other chat carving (now supports Yahoo Messenger v11)
- Stealth mode now removes IEF related prefetch files
- Auto decompress of gzipped files prior to searching. This means for artifacts are found
- Non-License report viewer has been added for ease of sharing findings
- Large exports to html are now split into multiple files with an easy to use index
- Exported URLs are now hyperlinked
www.jadsoftware.com
~Hew
Monday, May 14, 2012
Logicube has another new update.
The CellXtract v1.2.0.15 has been released.
Three things have been announced with this release:
www.logicube.com
~Hew
Three things have been announced with this release:
- Validated support for 21 new phones
- Improved support for Android Ad-Hoc Rooting
- Support for Android Location Information
www.logicube.com
~Hew
Cellebrite has a new Release
The Cellebrite UFED has two new releases
UFED Application 1.1.9.7
Physical Analyzer 3.0
www.cellebrite.com
~Hew
UFED Application 1.1.9.7
Physical Analyzer 3.0
www.cellebrite.com
~Hew
Thursday, May 10, 2012
Logicube has a couple new releases!
Logicube has released the following:
Talon Enhanced 1.1.1RC22
Forensic Dossier 2.2.1RC22
CellDek 1.22.0.1
The Talon update includes the following:
The Cell Dek update includes the following:
www.logicube.com
~Hew
Talon Enhanced 1.1.1RC22
Forensic Dossier 2.2.1RC22
CellDek 1.22.0.1
The Talon update includes the following:
- Timestamp for completion time added in log files for E01 and DD images.
- Bug Fixes
- Timestamp for completion time added in log files for E01 and DD images.
- Bug Fixes
The Cell Dek update includes the following:
- Support for 20 new phones
- Support for Android Location
- Improved Android ad-hoc rooting
www.logicube.com
~Hew
Guidance Software releases Encase 7.04 and Portable 3.1.2
EnCase 7.04 has been released.
A few of the updates:
New automatic case backup feature has been added. It allows you to backup all or some of your cases as a scheduled backup.
Enhancement to the "file carver" has been added. Now the "file carver" automatically checks file headers for file length information to better ascertain the length of the file. This will hopefully cut down on extra data being carved out for certain files.
It is now a bit easier to create templates for reporting.
EnCase has added iOS 5.0 and 5.1 iPhone and iPad device support.
More password integration with Passware.
others...
EnCase Portable 3.1.2 has also been released.
www.guidancesoftware.com
~Hew
A few of the updates:
New automatic case backup feature has been added. It allows you to backup all or some of your cases as a scheduled backup.
Enhancement to the "file carver" has been added. Now the "file carver" automatically checks file headers for file length information to better ascertain the length of the file. This will hopefully cut down on extra data being carved out for certain files.
It is now a bit easier to create templates for reporting.
EnCase has added iOS 5.0 and 5.1 iPhone and iPad device support.
More password integration with Passware.
others...
EnCase Portable 3.1.2 has also been released.
www.guidancesoftware.com
~Hew
Thursday, May 3, 2012
Wetstone has released a new version of Gargoyle
Gargoyle 5.2 has been released.
Also, if you own Gargoyle remember to log on at least monthly to get the Gargoyle Dataset Updates.
The most recent dataset update was for March of 2012!
www.wetstonetech.com
~Hew
Also, if you own Gargoyle remember to log on at least monthly to get the Gargoyle Dataset Updates.
The most recent dataset update was for March of 2012!
www.wetstonetech.com
~Hew
Friday, April 20, 2012
Comparison of Handheld Forensic Duplicators
Let me start by saying that I have been fortunate to have had the ability to try out a number of different duplicators in my career. For this post I want to show some of the strengths and weaknesses of three of the duplicators that I currently use on a semi-regular basis.
The first I would like to discuss is the Talon Enhanced by Logicube.
The second I would like to discuss is the TD2 by Tableau.
The third and final is the Forensic Dossier also by Logicube.
The Talon Enhanced and the TD2 are very similar machines. The Forensic Dossier has a few extra capabilities that I will discuss in the Dossier section (coming soon). I will detail a couple speed tests that I have done with the tools. I will also list some strengths, weaknesses, and key difference between the tools.
All three tools report roughly the same transfer speeds. It is my hope to document tests I have personally run using the same Hard Drives in each test. This will show some differences that you can draw conclusions from yourselves.
The Talon Enhanced
Strengths:
Source is a Samsung 64GB SSD 830 Series Model: MZ -- 7PC064 with 44.7 GB of data on it
Destination is a WD 500GB HDD Model: WD5000KS wiped previous to each image.
Speed Test 1:
Destination formatted FAT32, E01 option with compression, Hashed
Time to completion: 00:30:50
Size of Image: 44.7 GB
Speed Test 2:
Destination formatted FAT32, E01 option with no compression, Hashed
Time to completion: 00:31:36 (yes it took longer w/o compression)
Size of Image: 59.6 GB
Speed Test 3:
Destination formatted FAT32, DD, Hashed
Time to completion: 00:30:38
Size of Image: 59.6 GB
Speed Test 4:
Destination formatted NTFS, E01 option with compression, Hashed
Time to completion: 00:29:58
Size of Image: 44.7 GB
There are more options available for imaging but I believe that the above four (4) give a reasonable showing of the Talon's capabilities.
TD2
Strengths:
Speed Tests:
Source is a Samsung 64GB SSD 830 Series Model: MZ -- 7PC064 with 44.7 GB of data on it
Destination is a WD 500GB HDD Model: WD5000KS wiped previous to each image.
Speed Test 1:
Destination formatted FAT32, E01 option with compression, Hashed
Time to completion: 00:31:07
Size of Image: 44.5 GB
Speed Test 2:
Destination formatted FAT32, DD, Hashed
Time to completion: 00:32:35 (yes this is slower than an E01 w/compression)
Size of Image: 59.6 GB
Forensic Dossier:
Coming Soon...
www.h11dfs.com
~Hew
The first I would like to discuss is the Talon Enhanced by Logicube.
The second I would like to discuss is the TD2 by Tableau.
The third and final is the Forensic Dossier also by Logicube.
The Talon Enhanced and the TD2 are very similar machines. The Forensic Dossier has a few extra capabilities that I will discuss in the Dossier section (coming soon). I will detail a couple speed tests that I have done with the tools. I will also list some strengths, weaknesses, and key difference between the tools.
All three tools report roughly the same transfer speeds. It is my hope to document tests I have personally run using the same Hard Drives in each test. This will show some differences that you can draw conclusions from yourselves.
The Talon Enhanced
Strengths:
- Formats Destination FAT32 or NTFS
- Will create two copies of the source (can copy simultaneously to two destinations)
- Can act as a write-blocker via USB or eSATA for computer access
- Stealth mode to hide what the Talon is currently doing
- Will image to E01 (compressed and non-compressed) or DD (Raw) format.
- Full QWERTY keyboard for inputting case information
- Touch Screen for easy navigation
- (10/May/2012) As of release 1.1.1RC22 the Talon now logs the time of processes!
- Larger than the TD2, however with the first destination located inside, the desk space is about the same.
- Source inputs from the top of the Talon and the Destination/s go inside or to the right.
- Has NTFS Format Option
- Allows examiner to plug the Talon into a computer via USB or eSATA and use as a write-blocker.
- Options to wipe once (1) or DoD wipe which wipes seven (7) times. TD2 offers one (1) wipe or three (3) wipes
- Gives options for compressed E01 and non-compressed E01
Source is a Samsung 64GB SSD 830 Series Model: MZ -- 7PC064 with 44.7 GB of data on it
Destination is a WD 500GB HDD Model: WD5000KS wiped previous to each image.
Speed Test 1:
Destination formatted FAT32, E01 option with compression, Hashed
Time to completion: 00:30:50
Size of Image: 44.7 GB
Speed Test 2:
Destination formatted FAT32, E01 option with no compression, Hashed
Time to completion: 00:31:36 (yes it took longer w/o compression)
Size of Image: 59.6 GB
Speed Test 3:
Destination formatted FAT32, DD, Hashed
Time to completion: 00:30:38
Size of Image: 59.6 GB
Speed Test 4:
Destination formatted NTFS, E01 option with compression, Hashed
Time to completion: 00:29:58
Size of Image: 44.7 GB
There are more options available for imaging but I believe that the above four (4) give a reasonable showing of the Talon's capabilities.
TD2
Strengths:
- Size, The TD2 is smaller than the Talon.
- Will create two copies of the source (can copy simultaneously to two destinations)
- Will image to E01 compressed or DD (Raw) format.
- Logs the time for an image to complete as well as the average speeds.
- All Tableau tools are updated using the same update utility.
- Quick Start. Allows user to setup a common setup and use it as the first and only option
- Does not Format destinations NTFS. Tableau has said that an ExFAT option will be released later this year.
- Only seven buttons that are used with up and down arrows for inputting case information.
- In my tests the TD2 image time logs were off by about 30 seconds. It recorded a time 30 seconds faster than the actual time on a 64GB source.
- Source drive is placed on the left and destination is placed on the right
- Options to wipe once (1) or three (3) times. Talon Enhanced and Dossier offer one (1) wipe or DoD wipe which is seven (7) passes.
Speed Tests:
Source is a Samsung 64GB SSD 830 Series Model: MZ -- 7PC064 with 44.7 GB of data on it
Destination is a WD 500GB HDD Model: WD5000KS wiped previous to each image.
Speed Test 1:
Destination formatted FAT32, E01 option with compression, Hashed
Time to completion: 00:31:07
Size of Image: 44.5 GB
Speed Test 2:
Destination formatted FAT32, DD, Hashed
Time to completion: 00:32:35 (yes this is slower than an E01 w/compression)
Size of Image: 59.6 GB
Forensic Dossier:
Coming Soon...
www.h11dfs.com
~Hew
Monday, April 16, 2012
I added X-Ways forensics to the "Current Versions" page
X-Ways has been added to the "current versions" page
I also added Win Hex which can be found on their home page as well.
www.x-ways.net
~Hew
I also added Win Hex which can be found on their home page as well.
www.x-ways.net
~Hew
Katana releases a new version of Lantern
Katana has released a new version of Lantern. Version 2.3
I also added Lantern Lite Imager to the current versions page.
www.katanaforensics.com
~Hew
I also added Lantern Lite Imager to the current versions page.
www.katanaforensics.com
~Hew
Access Data releases a new version of the FTK
FTK 4.0.1 has been released.
Quite a bit has been updated with this release.
http://accessdata.com/downloads/current_releases/ftk/FTK_4_0_1_RN.pdf
From the Release notes:
www.accessdata.com
~Hew
Quite a bit has been updated with this release.
http://accessdata.com/downloads/current_releases/ftk/FTK_4_0_1_RN.pdf
From the Release notes:
- You can now obtain metadata from PDFs. This feature also allows you to extract attachments, but not embedded graphics.
- Additional Registry data processing
- New index processing option "Do Not include document metadata in filtered text"
- Speed for optical character recognition has been improved
- KFF processing through a Postgres SQL database has been improved
- Reporting process times for the log file and progress window have been improved
- When bookmarking index.dat entries, the 'Create Bookmark' dialog now provides an option to include the entry's parent index.dat file in the bookmark
- Improvement in the exportation of NSF emails into MSG format
- A new default filter named 'Cerberus Static Analysis' has been added to let you see the files that have had Cerberus Stage 2 Analysis run against them
- Improved support for finding hidden processed
www.accessdata.com
~Hew
Monday, April 9, 2012
Tableau has released a new Firmware Updater
Tableau has released firmware updater 6.90!
Looking in the Firmware Versions section of the updater the only update I see is a new TD2 update.
This takes the TD2 to version 3.15
www.tableau.com
~Hew
Looking in the Firmware Versions section of the updater the only update I see is a new TD2 update.
This takes the TD2 to version 3.15
www.tableau.com
~Hew
Wednesday, April 4, 2012
Guidance Software has released a new version of EnCase
EnCase 7.03.02 has been released.
The primary bug fixes they have listed are the following:
I will be reading all of the release notes and playing with the new build more this week. I will post more on version 7.03.02 the beginning of next week.
~Hew
I read up on the the release notes, and there are a few more things to be mentioned.
The primary bug fixes they have listed are the following:
- HFS+ hard link, Extents Overflow and .rtd files not reading correctly on Apple Macintosh computers
- Data in HFS+ resource forks not displaying correctly.
- File Carver using default length instead of footer to carve files.
- Compound queries with "and" or "or" operators not completing in certain cases.
I will be reading all of the release notes and playing with the new build more this week. I will post more on version 7.03.02 the beginning of next week.
~Hew
I read up on the the release notes, and there are a few more things to be mentioned.
- Fixed an issue where acquiring a remote device via the evidence processor always resulted in the same acquisition hash for an Ex01 file
- Fixed an issued where the Evidence tab "rescan" capability was not working
Tuesday, March 27, 2012
Passware Releases a new Version
Passware 11.5 has been released.
Acceleration using GPU / TACC has been enhanced.
More file types are supported.
For full notes visit: http://www.lostpassword.com/kit-forensic.htm
There is not listing of what is new versus what was present in release 11.3.
~Hew
Acceleration using GPU / TACC has been enhanced.
More file types are supported.
For full notes visit: http://www.lostpassword.com/kit-forensic.htm
There is not listing of what is new versus what was present in release 11.3.
~Hew
Friday, March 23, 2012
BlackBag Technolgies Released new Black Light
Black Light 2012 Release 1 is out!
The new features listed are still for 2011 Release 5.
www.blackbagtech.com
~Hew
The new features listed are still for 2011 Release 5.
www.blackbagtech.com
~Hew
Wednesday, March 21, 2012
Micro Systemation releases a new version of XRY
Micro Systemation XRY 6.2 has been released!
Things that have been updated/changed
www.masb.com
~Hew
Things that have been updated/changed
- Apple iOS - passcode, dumping, and encryption
- Android - automatic rooting and swipe codes
- Support for an additional 70 Chinese clones
- Blackberry - Improved physical support
- More CDMA and iDEN support
www.masb.com
~Hew
Current Versions
Just a reminder.
The first post in January (the first post of the blog) is a listing of all the tools I have been following, and their current release versions.
The is an up to date list that I update weekly.
~Hew
mail.h11dfs.com
The first post in January (the first post of the blog) is a listing of all the tools I have been following, and their current release versions.
The is an up to date list that I update weekly.
~Hew
mail.h11dfs.com
Monday, March 19, 2012
AccessData releases new PRTK and DNA
Access Data has released a new version of PRTK v.6.6.0
They have also released a new version of DNA v.3.6.0
This release has seen the following updates/changes:
New Modules:
http://accessdata.com/support/adownloads
~Hew
They have also released a new version of DNA v.3.6.0
This release has seen the following updates/changes:
- Enhanced processing to utilize multiple cores more effectively
- No longer run as a Windows Service
- Installation must be done as an Administrator
- Uses the latest patched version of Java 1.6
- More efficient on 64bit workers
- Dictionary Utility can work against passwords that are longer than 64 characters
- Users can now select multiple dictionaries of a similar name using shift+alt
- User Interface cleanup in the job properties dialog
New Modules:
- Cypherus
- DGCA
- iPhone
- TightVNC
- Leet Speak
- Case Permutations
- Tertiary
http://accessdata.com/support/adownloads
~Hew
Friday, March 16, 2012
Updated the Comparrison of Hardware Requirements entry.
Guidance Software sent me the official specifications for EnCase and it has now been updated.
Also I have listed the specs of both computers I have that are running EnCase 7x and FTK 3.
Hope this is interesting.
~Hew
www.h11dfs.com
Also I have listed the specs of both computers I have that are running EnCase 7x and FTK 3.
Hope this is interesting.
~Hew
www.h11dfs.com
Thursday, March 15, 2012
Comparison of Hardware Requirements
This is a list of Hardware Requirements that I have been able to find concerning some of the leading tools.
A number of people have asked me during trainings, what is the hardware requirement of various tools.
I thought it would be nice to make a brief list of the these requirements, it was harder than I thought to find these.
*Please note this is what I have been able to dig up myself (and with help from the vendors now.) I will not guess on anything (unless otherwise stated) and will only use data that I have found on the vendor websites.
**Guidance Software sent me an official specifications sheet today! (16-Mar-2012)
EnCase
EnCase 7 - I am running it on my computer and am satisfied with the speeds.
Minimum Setup
EnCase 7 Processor - Guidance has released the following specifications:
FTK 3 and FTK 4
Minimum Setup
I hope this helps anyone who has been curious.
~Hew
www.h11dfs.com
matt@h11dfs.com
A number of people have asked me during trainings, what is the hardware requirement of various tools.
I thought it would be nice to make a brief list of the these requirements, it was harder than I thought to find these.
*Please note this is what I have been able to dig up myself (and with help from the vendors now.) I will not guess on anything (unless otherwise stated) and will only use data that I have found on the vendor websites.
**Guidance Software sent me an official specifications sheet today! (16-Mar-2012)
EnCase
EnCase 7 - I am running it on my computer and am satisfied with the speeds.
Minimum Setup
- Dual-core Processor
- 4 GB RAM
- First Hard Drive for OS and Software with 300 MB available space
- Second Hard Drive for cases
- Windows XP Pro, Server 2003, Server 2008, Vista, 7 (32bit)
- Gigabit network
- Quad-core Processor (Intel Itanium is not supported)
- 16 GB RAM
- First Hard Drive for OS and Software with 300 MB available space (I really like the WD velociraptor for its speed of 10,000 rpm)
- Second Hard Drive should be a RAID array for I/O speeds and redundancy
- Windows 7 (64bit)
- Gigabit network
- 2.67 GHz Quad-core processor (Intel Q9400)
- 8 GB of RAM DDR3 PC3-10600
- Velociraptor 10,000rpm Operating System Drive
- 1 TB Drive for Cases
- Windows 7 Professional (64 bit)
EnCase 7 Processor - Guidance has released the following specifications:
- CPU Quad-core i7
- 16 GB of RAM
- Drive 1: Operating System and Pagefile
- Drive 2: Evidence
- Drive 3: Primary Evidence Cache (This drive should be as fast as possible)
- Windows 7 (64bit) or Windows Server 2k8 R2 (64bit)
- (Make sure you have a Gigabit network before trying this)
FTK 3 and FTK 4
Minimum Setup
- One Computer with
- Quad-core processor
- 2 GB RAM per core. A Quad-core would have 8 GB RAM
- First Hard Drive with FTK and 500 MB of free space
- Second Separate large Hard Drive for the database
- (I have found no recommendation for Windows but with the RAM constraints it must be a 64bit install)
- (I have attempted this with FTK 3.0. It was extremely bogged down. I would personally recommend a minimum of a dual quad-core with 16 GB of RAM if you are going to run this on a single computer.)
- Separate Computers (You must have a Gigabit network for this to work properly)
- First Computer runs FTK
- Dual Quad-core (8 cores)
- 2 GB RAM per core. Dual Quad-core would have 16 GB RAM
- 5 GB available space for install of FTK
- (I have found no recommendation for Windows but with the RAM constraints it must be a 64bit install)
- Second Computer
- Dual Quad-core (8 cores)
- 2 GB RAM per core. Dual Quad-core would have 16 GB RAM
- Separate HDD RAID 5 or 6 for Database
- (I have found no recommendation for Windows but with the RAM constraints it must be a 64bit install)
- Third+ Computer/s can be added as processors
- Dual Quad-core Xeon 2.5Ghz
- 16 GB RAM DDR3
- First Hard Drive 7200rpm for OS and Software
- Second Hard Drive RAID 5 for redundancy and I/O speeds. This is the database drive array.
- Windows 7 Ultimate (64bit)
I hope this helps anyone who has been curious.
~Hew
www.h11dfs.com
matt@h11dfs.com
Wednesday, March 14, 2012
Logicube releases a new software update for the Quest 2
Software update 1.08 has been released for the Quest 2.
It appears the only change in this update is the addition of Chinese Language support (both Traditional and Simplified)
www.logicube.com
It appears the only change in this update is the addition of Chinese Language support (both Traditional and Simplified)
www.logicube.com
AccessData releases new License Manager
License Manager 3.1.3.60 has been released.
Access Data also released a new CodeMeter Runtime v. 4.4.0
Both 32 bit and 64 bit
www.AccessData.com
Access Data also released a new CodeMeter Runtime v. 4.4.0
Both 32 bit and 64 bit
www.AccessData.com
Monday, March 12, 2012
Guidance Software Releases EnCase 7.03.1 and 6.19.4
Guidance Software has released two new versions of EnCase.
EnCase 7.03.1 fixed a bug in relation to mounting compound files.
EnCase 6.19.4 now allows support of Sophos Safeguard.
www.guidancesoftware.com
~Hew
EnCase 7.03.1 fixed a bug in relation to mounting compound files.
EnCase 6.19.4 now allows support of Sophos Safeguard.
www.guidancesoftware.com
~Hew
Thursday, March 8, 2012
EnCase 7.03 Experiences 002
I stated at the end of EnCase 7.03 Experiences 001 that I would go into greater detail a concern about the copy folders / files option.
I currently have a ticket open with Guidance Software concerning the below issue and will update this post when they respond, and share their response.
The issue:
Again, this is an issue that I have noticed with EnCase 7.03
I have tried three different scenarios and have come up with similar results on all of them. Two are listed below.
The issue is that when exporting folders from EnCase 7.03, EnCase reports that it is going to export more "space" than is on the volume. I will explain in more depth by walking through my scenarios:
Scenario 1: A small FAT32 Partition from a Windows 7 Machine.
In the report of the volume the:
Total Capacity = 39.1 MB
Total Allocated = 8.9 MB
Total Unallocated = 30.2 MB
When I blue check all and export folders the total size displayed is 43.8 MB which is more than the capacity of the volume. I followed through to see if just the report was in error, and 43.8 MB exported.
I removed the unallocated sectors (unchecked) and exported the remainder and was shown 13.6 MB which is more than previously reported.
I tried just the unallocated (only it checked) and was shown 30.2 MB unallocated, which was the previously shown total.
It appears that the allocated area is having an issue.
Scenario 2: A small NTFS Partition from a Windows Vista Machine.
In the report of the volume the:
Total Capacity = 14.6 GB
Total Allocated = 4.4 GB
Total Unallocated = 10.3 GB
This one was similar to the previous but even more pronounced...
With Export all I had a total size of 35.4 GB, more than twice the partition size.
With the removal of unallocated it showed 25.1 GB.
With just unallocated it showed 10.3 GB.
Again it appears the issue is somewhere in the allocated memory. Is there any reason that this would report such a vast discrepancy?
www.h11dfs.com
~Hew
Update for EnCase 7.03.01
Sadly this hasn't been fixed. The errors are still the same.
~Hew
**I got an update on this from Guidance.
The discrepancy is caused by a file named $BadClus.Bad
If/when bad clusters are found they are mapped to this file. The initialized size is 0 so it is safe, and recommended to be skipped. This file can potentially be as large as the volume so be careful to deselect it when copying out files.
There is a series of posts in the support files of the Guidance Software site discussing this issue.
I currently have a ticket open with Guidance Software concerning the below issue and will update this post when they respond, and share their response.
The issue:
Again, this is an issue that I have noticed with EnCase 7.03
I have tried three different scenarios and have come up with similar results on all of them. Two are listed below.
The issue is that when exporting folders from EnCase 7.03, EnCase reports that it is going to export more "space" than is on the volume. I will explain in more depth by walking through my scenarios:
Scenario 1: A small FAT32 Partition from a Windows 7 Machine.
In the report of the volume the:
Total Capacity = 39.1 MB
Total Allocated = 8.9 MB
Total Unallocated = 30.2 MB
When I blue check all and export folders the total size displayed is 43.8 MB which is more than the capacity of the volume. I followed through to see if just the report was in error, and 43.8 MB exported.
I removed the unallocated sectors (unchecked) and exported the remainder and was shown 13.6 MB which is more than previously reported.
I tried just the unallocated (only it checked) and was shown 30.2 MB unallocated, which was the previously shown total.
It appears that the allocated area is having an issue.
Scenario 2: A small NTFS Partition from a Windows Vista Machine.
In the report of the volume the:
Total Capacity = 14.6 GB
Total Allocated = 4.4 GB
Total Unallocated = 10.3 GB
This one was similar to the previous but even more pronounced...
With Export all I had a total size of 35.4 GB, more than twice the partition size.
With the removal of unallocated it showed 25.1 GB.
With just unallocated it showed 10.3 GB.
Again it appears the issue is somewhere in the allocated memory. Is there any reason that this would report such a vast discrepancy?
www.h11dfs.com
~Hew
Update for EnCase 7.03.01
Sadly this hasn't been fixed. The errors are still the same.
~Hew
**I got an update on this from Guidance.
The discrepancy is caused by a file named $BadClus.Bad
If/when bad clusters are found they are mapped to this file. The initialized size is 0 so it is safe, and recommended to be skipped. This file can potentially be as large as the volume so be careful to deselect it when copying out files.
There is a series of posts in the support files of the Guidance Software site discussing this issue.
https://support.guidancesoftware.com/forum/showthread.php?t=36504&highlight=bad+clusters
~Hew
EnCase 7.03 Experiences 001
This is an initial review of EnCase 7.03 as it relates to experiences with 7.02.04.
There are some major positives that I would like to share!
The right-click has returned. The majority of the functions that were available with a right-click in EnCase 6.x have finally returned, some are listed below...
www.h11dfs.com
Hew
There are some major positives that I would like to share!
The right-click has returned. The majority of the functions that were available with a right-click in EnCase 6.x have finally returned, some are listed below...
- Recover Folders (This is great and I will explain in detail below the list.)*
- Remove Recovered Folders
- Bookmark
- Copy Files / Folders (An issue with this is explained below.)***
- View File Structure (YAY)
- Add To Hash Library
- Hash / Run Signature on Selected (See below for added bonus to this)*
- Acquire E01 / Ex01
- Acquire L01
- Disk View (A Limitation listed below)**
- Restore
- Scan Disk Config
- Share with PDE / VFS
- Share with Enterprise View
- Modify Time Zones
- Send To File Viewers
- This is independent of the Evidence Processor!
- This means that you can do it multiple times prior to running the Evidence Processor, and select which volumes to run the recover folders on.
- If you select disk view from a right-click you will go to the cluster of that file. Not the Sector.
- The limitation is that there is no way to un-check the cluster view box and stay where you are located. Once you un-check cluster view you are taken to the start of the volume.
- Make sure to document the Physical Sector in the data bar (GPS) so that you can return to the correct Sector!
- Instead of going into full detail here I will create a new post concerning this issue.
www.h11dfs.com
Hew
New Cellebrite Release
Cellebrite has released Firmware update 1.1.9.4
With Regards,
Hew
- This updates their support of Chinese phones
- This is also an update for more support for logical extractions from Android phones
With Regards,
Hew
Friday, March 2, 2012
Vound Software releases New Intella
Intella 1.5.4 was released on March 01.
Intella is a great tool for email and data investigations. If you are unfamiliar with them you can download a fully functional time limited trial version.
http://www.vound-software.com/download-request
Whenever I have a case where email is an artifact I use Intella, so give them a try!
Hew
Intella is a great tool for email and data investigations. If you are unfamiliar with them you can download a fully functional time limited trial version.
http://www.vound-software.com/download-request
Whenever I have a case where email is an artifact I use Intella, so give them a try!
Hew
Saturday, February 25, 2012
A momentary lapse of reason in the Current Versions Post...
Sorry for any inconvenience. An update while in Mexico on a computer running a Spanish OS caused the Current Versions post to break down. It has now been fixed and updated with the newest releases once again.
Remember that the first post (Current Versions) is an updated list of the current versions of multiple tools!
Thanks,
Hew
Remember that the first post (Current Versions) is an updated list of the current versions of multiple tools!
Thanks,
Hew
Guidance Software Releases EnCase Portable 3.1.1
EnCase Portable 3.1.1 has been released to work with the new functions of EnCase 7.03
www.guidancesoftware.com
www.guidancesoftware.com
Friday, February 24, 2012
New hash libraries for EnCase 7.03
There has been a new release of the NSRL hash library
The new release is 2.90GB and has a hash of:
The new release is 2.90GB and has a hash of:
- DEAEDA24413ADC057236A707544A552A
Thursday, February 23, 2012
EnCase 7.03 has been released!
EnCase 7.03 is here!
According to Guidance Software the following changes have been made:
I have not seen that they allow multiple passes with the source processer.
I did not see anything about a fix for when EnCase crashes when a partition is rebuilt.
If you have any other questions, please send a post and I will try to answer them over the weekend.
Please check EnCase out at www.guidancesoftware.com
Check me out at www.h11dfs.com
According to Guidance Software the following changes have been made:
- There is now an option for a seperate processor dongle. This will allow an examiner to use a second computer to aid in the processing of cases. It states that you can queue processes on a seperate machine while you examine already processed evidence.
- Evidence Processor is 2-3 times as fast. (I hope so!)
- Indexing Text in both File Slack and Unallocated Space.
- System Info in the processor now supports NetShare and USB Registry information.
- Support for Google Chrome Artifacts has been added!! (Finally!)
- You can now process from the local view and the network preview. You no longer need to acquire a case to process it. Indexing is not supported with this feature yet.
- A Review package option has been added where you can export search results into an easily opened web browser tool. (This will hopefully make sharing results a bit simpler.) An important part of this is that the recipient can review and make tags that can be imported back into EnCase for you to see.
- The Text and Hex tabs will now show search hits! You don't have to use the Transcript tab only now!
- EnCase 7.03 now allows Enterprise functionality involving the SAFE and servlets.
- The ability to rescan previewed drives has been added.
- You now have the ability to view the status of remote devices as they are being acquired.
- A few default text styles have been added.
- Support for EXT 4 Linux Software RAID arrays
- iOS 5 Beta support
- When acquiring a physical device, only the first logical partition is acquired.
- The default error granularity for memory acquisitions is 64, causing large sections of memory to be missed in memory acquisitions. (I'm not sure what it has been changed to. I will report on this when I see!)
- Time zone names are not saving and loading correctly.
- Evidence Processor's file carver module creates multiple identical records.
- Windows 7 Thumbcache files do not display in Pictures/Doc tabs. (I am taking this to mean that EnCase 7.03 now supports the thumbcache files. I will report on this when I have a chance to play with it.)
I have not seen that they allow multiple passes with the source processer.
I did not see anything about a fix for when EnCase crashes when a partition is rebuilt.
If you have any other questions, please send a post and I will try to answer them over the weekend.
Please check EnCase out at www.guidancesoftware.com
Check me out at www.h11dfs.com
JADSoftware Has released Internet Evidence Finder 5.2
JAD Software has released a new Internet Evidence Finder!
For those of you unaware of this tool, I highly recommend it. It is great for carving out email, and chat logs from numerous browsers.
The new release notes include:
Check JAD Software out at www.jadsoftware.com
Hew
For those of you unaware of this tool, I highly recommend it. It is great for carving out email, and chat logs from numerous browsers.
The new release notes include:
- Skype Message Carving from the newer SQLite logs
- Safari Web History carving has been added. This is awesome because now IEF carves from, Internet Explorer, Firefox, Chrome, Sfari, and Opera!
- The new Triage version searches on a low level to avoid changing axxess times of files it has searched. JAS is also claiming to have the ability to erase any trace of dongle evidence in the System Hive.
Check JAD Software out at www.jadsoftware.com
Hew
Tuesday, February 21, 2012
New Cellebrite Release
Cellebrite has released the Application version 1.1.9.3!
This release sees the support of Android 2.3.x for physical extractions.
Unlock Pattern decoding from an Android image file.
And more.
Check it out at www.cellebrite.com
This release sees the support of Android 2.3.x for physical extractions.
Unlock Pattern decoding from an Android image file.
And more.
Check it out at www.cellebrite.com
Friday, February 17, 2012
AccessData FTK 4.0 Release
AccessData has officially relaased their FTK 4.0.
There has also been new releases for both the Oracle and the Postgre KFF
http://accessdata.com/support/adownloads
There has also been new releases for both the Oracle and the Postgre KFF
http://accessdata.com/support/adownloads
Tableau Firmware Update
Tableau has released a new firmware updater.
v6.87 has been released.
This update is for models T8, T35e, TDW1, and the TD1.
www.tableau.com
v6.87 has been released.
This update is for models T8, T35e, TDW1, and the TD1.
www.tableau.com
Thursday, February 9, 2012
It has been one month!
I have been online with this Blog for one month now. It has been a lot more enjoyable than I had hoped. It gives me an excuse to constantly be reading the new updates and visiting the various vendor's websites.
As a reminder to everyone, the first entry back on 09-Jan-2012 is an up to date list of the current versions of various tools. As stated in that post, please contact me if there are other tools you want to be on the list.
With regards,
Hew
www.h11dfs.com
As a reminder to everyone, the first entry back on 09-Jan-2012 is an up to date list of the current versions of various tools. As stated in that post, please contact me if there are other tools you want to be on the list.
With regards,
Hew
www.h11dfs.com
Thursday, February 2, 2012
Cellebrite Physical Analyzer New Version
UFED Physical Analyzer 2.4.2.1 has been released.
New release notes:
www.cellebrite.com
New release notes:
- Decoding of blackberry physical extraction
- Opening and Decoding of iPhone
- MMS decoding of LG CDMA VM-510 physical extraction
- SMS decoding of Sanyo 6760 physical extraction
www.cellebrite.com
Wednesday, February 1, 2012
Cellebrite Physical Analyzer Success
Today I had an iPhone 4S (CDMA) that I needed to image. It was locked and the password was unknown. Cellebrite Physical Analyzer was able to crack the password, and get a physical dump of the phone in under two (2) hours.
Physical analyzer is becoming stronger and stronger with each new release. I am excited to see what new abilities will be available in the near future!
www.h11dfs.com
Physical analyzer is becoming stronger and stronger with each new release. I am excited to see what new abilities will be available in the near future!
www.h11dfs.com
Logicube Updates
A new Forensic Dossier Software has been released.
Version 2.2.1RC02
Chinese Language Packs added
Logicube also states that other bugs have been fixed.
A new Talon Enhanced Software has been released
Version 1.1.1RC02
Chinese Language Packs added
Logicube also states that other bugs have been fixed.
This is a step in the right direction for Logicube. Finally a foreign language pack has been added to the tool, hopefully with more to soon follow!
www.logicube.com
Version 2.2.1RC02
Chinese Language Packs added
Logicube also states that other bugs have been fixed.
A new Talon Enhanced Software has been released
Version 1.1.1RC02
Chinese Language Packs added
Logicube also states that other bugs have been fixed.
This is a step in the right direction for Logicube. Finally a foreign language pack has been added to the tool, hopefully with more to soon follow!
www.logicube.com
Sunday, January 29, 2012
Intella New Version
Intella has released version 1.5.3
Whats new:
General
Date Format setting in the preferences, so you can display the dates in the format of your region
Solved an issue of the main process not stopping properly when a user exits Intella
Java heap size of the main and child processes can no be adjusted
Numerous Index features added as well
www.vound-software.com
Whats new:
General
Date Format setting in the preferences, so you can display the dates in the format of your region
Solved an issue of the main process not stopping properly when a user exits Intella
Java heap size of the main and child processes can no be adjusted
Numerous Index features added as well
www.vound-software.com
Thursday, January 26, 2012
Cellebrite Release
Cellebrite has released two new versions of software.
Physical Analyzer 2.4.1.3 has been released
Cellebrite Application 1.1.9.2 Firmware Update has been released
Four (4) new Blackberry devices supported via physical:
www.cellebrite.com
Physical Analyzer 2.4.1.3 has been released
Cellebrite Application 1.1.9.2 Firmware Update has been released
Four (4) new Blackberry devices supported via physical:
- GSM - 8520 Curve
- GSM - 8120 Pearl
- GSM - 8910
- CDMA - 9650 Bold
- Blackberry Logical Extractions
- Blackberry 8900 curve physical extraction
- Android Physical Extractions
- New Decoding for the following
- HTC: ADR6400L, ADR6425, PG41200
- Motorola: A953, A956, MB810, MB855, MB870, XT610, XT865
- UFED Physical Analyzer Improvements to iPhone backups and the decryption and decoding of Blackberry email.
www.cellebrite.com
Wednesday, January 25, 2012
EnCase 6 New Version
EnCase 6.19.3 has been released
Items fixed as of the release:
Fluctuating CPU speeds with On Demand machines causes values in the Registry to change, which in turn stops the SAFE.
A user cannot decrypt RMS devices with known good credentials
The default error granularity (64) for memory acquisitions is too high. It should be 1.
CREDANT file decryption intermittently fails to properly process a file, resulting in a hash mismatch.
www.guidancesoftware.com
Items fixed as of the release:
Fluctuating CPU speeds with On Demand machines causes values in the Registry to change, which in turn stops the SAFE.
A user cannot decrypt RMS devices with known good credentials
The default error granularity (64) for memory acquisitions is too high. It should be 1.
CREDANT file decryption intermittently fails to properly process a file, resulting in a hash mismatch.
www.guidancesoftware.com
Friday, January 20, 2012
Cellebrite Blackberry Physical
It is here. It works.
This is not a chip off examination. The blackberry was not damaged by this imaging!
I have tried it on one phone so far and intend to keep playing with the tool. I had a successful physical dump from a blackberry!
The Cellebrite dumped this into a .bin file that you can look at with any tool that allows you to view hex. (Physical Analyzer, EnCase, FTK Imager, or any others.)
www.cellebrite.com
This is not a chip off examination. The blackberry was not damaged by this imaging!
I have tried it on one phone so far and intend to keep playing with the tool. I had a successful physical dump from a blackberry!
The Cellebrite dumped this into a .bin file that you can look at with any tool that allows you to view hex. (Physical Analyzer, EnCase, FTK Imager, or any others.)
www.cellebrite.com
Thursday, January 19, 2012
Encase 7 New Version
Encase 7.02.04 is here.
Foreign language support is here!
Items Fixed:
An Internal error occasionally displays when running Case Analyzer, casing Case Analyzer to not start.
When using the format DD/MM/YY, EnCase reports a "Date is out of range" error. This occurs only for European customers.
www.guidancesoftware.com
Foreign language support is here!
Items Fixed:
An Internal error occasionally displays when running Case Analyzer, casing Case Analyzer to not start.
When using the format DD/MM/YY, EnCase reports a "Date is out of range" error. This occurs only for European customers.
www.guidancesoftware.com
Thursday, January 12, 2012
Cellebrite Update!
New Cellebrite Version is out.
Application 1.1.9.0
Physical Analyzer 2.4 is also out
Cellebrite is claiming Blackberry Support. I will test it this week and report back on it here.
Thanks for tuning in!
Remember to keep a copy of the previous versions just in case an error occurs. This happens with all Forensic tools on occasion and it is better to be safe than sorry.
www.cellebrite.com
Application 1.1.9.0
Physical Analyzer 2.4 is also out
Cellebrite is claiming Blackberry Support. I will test it this week and report back on it here.
Thanks for tuning in!
Remember to keep a copy of the previous versions just in case an error occurs. This happens with all Forensic tools on occasion and it is better to be safe than sorry.
www.cellebrite.com
Monday, January 9, 2012
Current Versions
Listed are some of the tools I use and the current versions. I will update this blog weekly and edit this list as a Master of these tools. If there are any tools you want added to the list please ask.
The homepages for the listed tools are linked as well. For most of the sites you will need to create user accounts to gain access.
If you want/need to purchase any of these tools visit us at: http://www.h11dfs.com or call us 801-596-2727
Regards Hew
Guidance Software
www.guidancesoftware.com
EnCase 7.06
EnCase 6.19.7
EnCase Portable 4.01
Access Data
www.accessdata.com
FTK 4.2
FTK 3.4.1
FTK 1.81.6
Registry Viewer 1.6.3
FTK Imager 3.1.2
FTK Imager Lite 3.1.1
PRTK 7.0
DNA 7.0
PORT 2.0.3
License Manager 3.1.5
Mobile Phone Examiner Plus 5.2.1
MPE+ Investigator 5.2.1
Paraben
www.paraben.com
Device Seizure v6
P2 Commander v2
E-mail Examiner v7.1
X-Ways
www.x-ways.net
X-Ways Forensic 16.8
Investigator 16.8
Win Hex 16.8
Lightbox Technologies
www.lightboxtechnologies.com
Lightgrep Search 1.01
Tableau
www.tableau.com
Firware Updater 7.01
Logicube
www.logicube.com
Forensic Dossier 3.3.3RC13
USB/Firewire Cloning 0.27
Talon Enhanced 3.3.3RC13
Quest 2 1.08
Talon (Legacy) 2.57
CellXtract 1.4.0.5
Cellebrite
www.cellebrite.com
UFED Touch Application: 1.8.5.0
UFED Classic Application: 1.8.5.0
Full 1.0.2.9_34
Tiny 1.0.2.1
UFED Physical Analyzer 3.6.5
Phone Detective 1.1.7
Micro Systemation
www.msab.com
XRY 6.5 current
Black Bag
www.blackbagtech.com
MacQuisition 2013 Release 1
BlackLight 2012 Release 4.1
Katana Forensics
http://katanaforensics.com
Lantern 2.4.1
Lantern Lite Imager 0.7.2
Intella
www.vound-software.com
Intella 1.6.3
WetStone
www.wetstonetech.com
Gargoyle Forensic Pro 5.2.1
Latest Gargoyle Data-set is November 2012
Fibonacci Dataset Creator 1.0
Gargoyle Investigator Enterprise Module (GEM) 3.2.0
Stego Hunt 6.0
Stego Break 6.0
Stego Analyst 6.0
SARC
www.sarc-wv.com
StegAlyzer
F-Response
www.f-response.com
F-Response Field Kit 4.0.6
F-Response Consultant 4.0.6
F-Response Enterprise 4.0.6
Magnet Forensics (Formerly JAD Software)
www.magnetforensics.com
Internet Evidence Finder v5.8.1
Passware
www.lostpassword.com
Passware Kit Forensic 12.3
Elcomsoft
www.elcomsoft.com
Distributed Password Recovery 2.99
Office Password Recovery 5.11
Office Password Breaker 3.02
Phone Password Breaker 1.87
H-11 Digital Forensics offers training on many of the tools listed above. If you have questions about any of the tools feel free to email me. Matt@h11dfs.com
If you are interested in training check out our training pages:
www.h11-digital-forensics.com/h11-tap-training.php
The homepages for the listed tools are linked as well. For most of the sites you will need to create user accounts to gain access.
If you want/need to purchase any of these tools visit us at: http://www.h11dfs.com or call us 801-596-2727
Regards Hew
Guidance Software
www.guidancesoftware.com
EnCase 7.06
EnCase 6.19.7
EnCase Portable 4.01
Access Data
www.accessdata.com
FTK 4.2
FTK 3.4.1
FTK 1.81.6
Registry Viewer 1.6.3
FTK Imager 3.1.2
FTK Imager Lite 3.1.1
PRTK 7.0
DNA 7.0
PORT 2.0.3
License Manager 3.1.5
Mobile Phone Examiner Plus 5.2.1
MPE+ Investigator 5.2.1
Paraben
www.paraben.com
Device Seizure v6
P2 Commander v2
E-mail Examiner v7.1
X-Ways
www.x-ways.net
X-Ways Forensic 16.8
Investigator 16.8
Win Hex 16.8
Lightbox Technologies
www.lightboxtechnologies.com
Lightgrep Search 1.01
Tableau
www.tableau.com
Firware Updater 7.01
Logicube
www.logicube.com
Forensic Dossier 3.3.3RC13
USB/Firewire Cloning 0.27
Talon Enhanced 3.3.3RC13
Quest 2 1.08
Talon (Legacy) 2.57
CellXtract 1.4.0.5
Cellebrite
www.cellebrite.com
UFED Touch Application: 1.8.5.0
UFED Classic Application: 1.8.5.0
Full 1.0.2.9_34
Tiny 1.0.2.1
UFED Physical Analyzer 3.6.5
Phone Detective 1.1.7
Micro Systemation
www.msab.com
XRY 6.5 current
Black Bag
www.blackbagtech.com
MacQuisition 2013 Release 1
BlackLight 2012 Release 4.1
Katana Forensics
http://katanaforensics.com
Lantern 2.4.1
Lantern Lite Imager 0.7.2
Intella
www.vound-software.com
Intella 1.6.3
WetStone
www.wetstonetech.com
Gargoyle Forensic Pro 5.2.1
Latest Gargoyle Data-set is November 2012
Fibonacci Dataset Creator 1.0
Gargoyle Investigator Enterprise Module (GEM) 3.2.0
Stego Hunt 6.0
Stego Break 6.0
Stego Analyst 6.0
SARC
www.sarc-wv.com
StegAlyzer
F-Response
www.f-response.com
F-Response Field Kit 4.0.6
F-Response Consultant 4.0.6
F-Response Enterprise 4.0.6
Magnet Forensics (Formerly JAD Software)
www.magnetforensics.com
Internet Evidence Finder v5.8.1
Passware
www.lostpassword.com
Passware Kit Forensic 12.3
Elcomsoft
www.elcomsoft.com
Distributed Password Recovery 2.99
Office Password Recovery 5.11
Office Password Breaker 3.02
Phone Password Breaker 1.87
H-11 Digital Forensics offers training on many of the tools listed above. If you have questions about any of the tools feel free to email me. Matt@h11dfs.com
If you are interested in training check out our training pages:
www.h11-digital-forensics.com/h11-tap-training.php
Subscribe to:
Posts (Atom)