Forensic Explorer is a tool for the preservation, analysis and presentation of electronic evidence.
Forensic Explorer combines a flexible graphic user interface (GUI) with advanced sorting, filtering, keyword searching, previewing and scripting technology. It enables investigators to:
Manage the analysis of large volumes of information from multiple sources in a case file structure;
Access and examine all available data, including hidden and system files, deleted files, file and disk slack and unallocated clusters;
Automate complex investigation tasks;
Produce detailed reports; and,
Provide non forensic investigators a platform to easily review evidence.
Intel® Core i7 CPU
8 GB of RAM
Developed for Win 7 and 8.
32Bit (runs on 32 and 64 bit PCs). Full 64 bit version coming soon.
Supported File Formats
Forensics Explorer supports the analysis of the following file formats:
DD or RAW;
EnCase® (.E01, .L01, Ex01);
FTK® (.E01, .AD1 formats);
Forensic File Format .AFF
ISO (CD and DVD image files);
Supported File Systems
Forensic Explorer supports analysis of:
Windows FAT12/16/32, exFAT, NTFS,
Macintosh HFS, HFS+
Hardware and Software RAID: JBOD, RAID 0, RAID 5
Email Analysis Formats
Email module supports the analysis of .PST files.
The Index Search module (DTSearch) supports the index and keyword search of .PST files.
Customizable Interface: The forensic explorer interface has been designed for flexibility. Simply drag, drop and detach windows for a customized workspace. Save and load your own workspace configurations to suit investigative needs.
International Language Support: Forensic Explorer is Unicode compliant. Investigators can search and view data in native language format such as Dutch or Arabic.
Complete Data Access: Access all areas of physical or imaged media at a file, text, or hex level. View and analyze system files, file and disk slack, swap files, print files, boot records, partitions, file allocation tables, unallocated clusters, etc.
Fully Threaded Application: Run multiple functions and scripts in threads.
Multiple Core Processing: Maximize PC processors for intensive functions like keyword searching, data carving, hashing, signature analysis.
Powerful Pascal Scripting language: Automate analysis using a provided script library, or write your own analysis scripts. Automate tasks such as:
Run skin tone analysis on graphics files;
Extract user, hardware system information from the registry;
Locate and analyze transcripts from Internet chats; etc.
Data Views: Powerful data views including:
File List: Sort and multiple sort files by attribute, including, extension, signature, hash, path and created, accessed and modified dates.
Disk: Navigate a disk and its structure via a graphical view. Zoom in and out to graphically map disk usage.
Gallery: Thumbnail photos and image files.
Display: Display more than 300 file types. Zoom, rotate, copy, search. Play video and music.
Filesystem Record: Easily access and interpret FAT and NTFS records.
Text and Hexadecimal: Access and analyze data at a text or hexadecimal. Automatically decode values with the data inspector.
File Extent: Quickly locate the location of files on disk with start and end sector runs.
Byte Plot and Character Distribution: Examine individual files using Byte Plot graphs and ASCII character distribution.
Quickly flag or bookmark files of interest
Categorize and Custom Filter:
Filter any list view to show folders and files that match a set criteria. Script your own filters.
Display files in Categories view where files are grouped by extension, signature, attribute, etc.
Quickly flag files of interest.
RAID Support: Work with physical or forensically imaged RAID media, including software and hardware RAID, JBOD, RAID 0 and RAID 5.
Hashing: Apply hash sets to a case to identify or exclude known files. Hash individual files for analysis.
Keyword search: Sector level keyword search of entire media using RegEx expressions.
Keyword index: Built in DTSearch index and keyword search technology.
Bookmarks and Reporting: Add case notes to identify evidence and include case notes in a custom report builder.
Data Recovery and Carving: Recover folders, files and partitions. Use an inbuilt data carving tool to carve more than 300 known file types or script your own.
File Signature Analysis: Forensic Explorer can automatically verify the signature of every file in a case and identify those mismatching file extensions.
Registry analysis: Open and examine Windows registry hives. Filter, categorize and keyword search registry keys. Automate registry analysis with RegEx scripts.
Shadow Copy analysis: Easily add and analyze Shadow Copy Volumes.