Posts Tagged ‘software’

CEMS Case Exhibit Management System v1.8 Released

22/02/2014

CEMS Case Exhibit Management System v1.8 Released, now includes more features more user options. In this release I have added a centralised note keeping feature where user(s) can add individual notes on a per-case basis. All the notes can be printed as contemporaneous notes. For more info or demo copy please contact me http://www.filesig.co.uk

Simple Carver Suite v5.1 Released

15/08/2013

Simple Carver Suite v5.1 Released, new tool added.

Bad Sector Count v1.0, designed to read the FTK Imager Log file, identify any
bad sectors recorded. The bad sectors are counted and includes in a
pre-prepared sentence for inclusion into a report. Includes the option to
specify sector size and auto calculates how much data was not imaged in bytes up
to terabytes.

Example Sentence produced by the software:

There were a total of 24 read errors identified during imaging indicating “bad sectors” on the storage device. Generally this occurs as a result of permanent damage to those sectors. The contents of the sectors that could not be read were replaced with zeros in the image, the total amount of data which could not be read was 12288 bytes (12.00 Kilobytes). The sector size was 512 bytes.

SQLite Forensic Reporter 1.6 Released

20/08/2012

A new version of SQLite Forensic Reporter, Universal SQLite database examination tool is available, version 1.6 now includes more features to analyse, extract and report on information from any SQLite database (not corrupted or encrypted).

Useful for Computer & Phone Forensic Analysts and Data Recovery Technicians.
Searches, indentifies and decodes all SQLite database files in a case. Identify
SQLite databases containing evidence you never knew existed. Available for $125
per license with discounts for Government and Law Enforcement Agencies…

What’s new:

Additional improvements to the software and some fixes to improve usage.

More templates added!!! A total of 232 templates are now available with more to come.

SQLite Forensic Reporter is the only universal SQLite database examination tool
available to date, more information :

http://www.filesig.co.uk/

SQLite Forensic Reporter 1.5 Released

12/08/2012

A new version of SQLite Forensic Reporter, Universal SQLite database examination tool is available, version 1.5 now includes more features to analyse, extract and report on information from any SQLite database (not corrupted or encrypted). Useful for Computer & Phone Forensic Analysts and Data Recovery Technicians. Searches, indentifies and decodes all SQLite database files in a case. Identify SQLite databases containing evidence you never knew existed. Available for $125 per license with discounts for Government and Law Enforcement Agencies…

What’s new:

  • More templates added!!! 202 templates now available to assist in identifying and decoding SQLite databases
  • Additional improvements and bug fixes to software

SQLite Forensic Reporter is the only universal SQLite database examination tool available to date, more information :
SQLite Forensic Reporter (Universal SQLite database examination tool) at http://www.filesig.co.uk

In addition to the above new additions SQLite Forensic Reporter also includes the following features:

  • File Header Analysis for reliable file identification
  • Advanced identification using automated Table Analysis, Column Analysis and Field Data Analysis
  • Easy to manage template interface, create new templates for newly encountered database formats
  • User optional extraction of ‘undecoded’ data during processing for raw data comparison
  • Built-in MD5 hashing
  • Date / Time display user customisable
  • Once installed, can be setup and running in as little as 3 mouse clicks
  • Unattended mode, process an entire case overnite, come back to the results in the morning
  • Optional single folder or recurse folder
  • Handles unlimited number of templates
  • Templates are portable, develop and share with colleagues, can be stored locally or on a network location (ie mapped drive)
  • Supports numerous datatypes including all known date/time formats presently used in SQLite databases
  • User can select and decode columns using built in data types
  • User can selectively extract rows and columns matching any criteria using SQL scripting
  • Decodes Windows FILETIME Date/Time stamps (Big Endian, Little Endian, hexadecimal or numerical)
  • Decodes DOS 32-bit Date/Time stamps (hexadecimal or numerical)
  • Decodes Unix Date/Time stamps (Big Endian, Little Endian, Seconds, Millisecond and Precision based formats, hexadecimal or numerical
  • Decodes MAC Absolute Date/Time stamps
  • Decodes OLE Date/Time stamps
  • Decodes Base64 Encoded Text
  • Decodes PRTIME Date/Time stamps
  • Decodes WEBKIT Date/Time stamps
  • Decodes Julian Date/Time stamps
  • Decodes Display Boolean values (user customisable, Yes/No, True/False)
  • Decodes Uppercase Text
  • Decodes Lowercase Text
  • Decodes Text to Hexadecimal
  • Decodes Integer to Hexadecimal
  • Decodes Display number formatted as filesize (examples: 3 bytes,3GB,3TB)
  • Decodes seconds to hours/minutes/seconds
  • Inexpensive, affordable to both individuals and multiple users, additional discount is available to Law Enforcement & Government
  • Identifies fields containing possible usernames and passwords
  • Advanced Identification not available anywhere else
  • Identify files that have there file extensions renamed, a technique used by developers for basic data protection. also may be used for malicious purposes
  • Unicode enabled, reports will export text correctly (arabic etc)
  • SQLite automatically creates reports in HTML and CSV formats decoded as the user specifies
  • Utilitises both Default (simple SQL processing) and/or Advanced User Defined SQL querying, link and reference tables for automatic decoding and reporting
  • SQLite is available in English, German, Spanish, French, Polish and Indonesian Languages

SQLite Forensic Reporter costs $125 per license includes free customer support and updates. http://www.filesig.co.uk. Discounts are available for Government and Law Enforcement Agencies…

More useful software: http://www.simplecarver.com

SC Suite v4.6 Released.

04/03/2012

A new version of SC Suite is available, version 4.6 now includes more tools to analyse and extract information from a variety of file types and utilities to assist in every day tasks. Continuing user feedback has resulted in the development of 73 tools packaged as a single suite for $95 per license

What’s new:

  • New tool added, File Fragmenter v1.0, this research tool creates sample sets of data
    from known good data for research and/or validation purposes. Allows you to create
    test data to see how a particular program handles an incomplete file format. For
    example in a forensic analysis setting it can be used to demonstrate how much
    picture file data is required to be opened and viewed in a particular viewing program.
    Users may also use this to test their programs and how they respond to incomplete
    data.

A full listing of the tools can be found here:
[url=http://www.simplecarver.com/software.php?cat=All]Simple Carver Suite – All Tools[/url]

In addition to the above new additions SC Suite includes the following tools:

  • New tool added, WMDB Extractor for CurrentDatabase_372 v1.0, reads the Window
    Media Player database from Windows Media Player 12 on Windows 7, exports to CSV and HTML…
  • Various existing tool improvements…
  • Quick Search v1.0, small powerful utility for performing text and hexadecimal search on files…
  • Gather Window Names v1.0, research tool for extracting the window titles from all hidden and visible windows on the running Operating System…
  • Read Time Zone Information v1.0, reads current time zone settings on a running Windows Operating System…
  • Hex Map v1.0, file format research/presentation tool…
  • Format Seconds v1.0, a research tool which will batch converts seconds to a formatted hours/minutes and seconds…
  • Contacts.edb Extractor, a tool designed to extract information contained within the Windows Live Messenger (WLM) contacts file (contacts.edb) file.
  • Windows Photo Gallery Viewer (WPG Viewer), is a tool designed to view and extract information contained within the Vista Windows Photo Gallery data file (pictures.pd4).
  • Archive View, standalone archive viewer supporting many of the popular archive file formats and more…
  • Byte Swapper, a utility useful for conducting research and assisting data recovery allowing the user to manipulate the byte order of a file…
  • Create Folders, utility designed to reduce the repetitive task of folder creation through the use of pre-designed templates…
  • Delete Files, a utility for batch removing empty files from folders(s)…
  • Disk List, lists all physical disks on a computer…
  • Disk Map, utility used to create diskette images for test validation or file carving exercises…
  • Eml2HTML, a utility for batch converting standard MIME email messages into HTML format report…
  • EXE Extractor, batch extracts all version information that may be present within executable and library files…
  • File Lister, searches for files using typical wildcard/mask or by using advanced regular expressions…
  • Filecat, categorises file types(s) based on file extension/file header information, 100% user configurable…
  • FileExt Renamer, batch renames file extensions based on the content of the file (file headers), ideal for recovered data by third party tools…
  • Frag View, standalone utility for reviewing ‘web-based’ fragments…
  • Frequency Count, very useful tool for counting the number of occurrences of words within a file…
  • FTPThumbs Extractor, tool to extract and present the contents of the thumbnail database cache created by the WS_FTP software…
  • Grep Test, basic grep testing utility, very useful for research and developing new search terms…
  • Gzip Auto Extract, batch decompresses gzip files, useful for inspecting compressed live/recovered web content…
  • Hash File, basic MD5 hashing tool…
  • Header Grab Advanced, useful research tool, reads the file header and extension information from a specified volume/folder, stores this information in an Access database for review…
  • HP Thumbs Extractor, a new tool for extracting and presenting the content of the thumbnail cache files created by the HP Digital Imaging and HP Photosmart Essential software…
  • HTML Viewer, 100% standalone HTML viewer…
  • List Video Codecs, lists all currently available codecs installed on the computer system…
  • PMBThumbs Extractor, tool to extract and present the contents of the thumbnail database cache created by the Sony Picture Motion Browser software…
  • PPThumbs Extractor, tool to extract and present the contents of the thumbnail database cache created by the Photophilia software…
  • PSP Browse File Viewer, tool to extract and present the contents of the thumbnail database cache created by the Paint Shop Pro software…
  • Registry Examiner, offline registry viewer supporting registry files from WinNT and above…
  • Sector Search, identify fragments of a known file anywhere on a disk image, or compare the contents of two files at the sector level…
  • Simple Carver, basic data recovery software, the first tool released starting this suite!
  • Skype Extractor, a utility for viewing and extracting user information from the Skype user data files (call logs, contacts information, sms messages, chat messages and more…)
  • Sort Folder, automatically sorts the contents of folder(s) into more manageable sizes…
  • Structured Storage Extractor is a utility for reading and extracting information from the Structured storage format (ole container) files.
  • Text Extract, useful analysis tool which extracts fragments of text from any file…
  • Title Extractor, batch extracts the field information from all specified web pages…
  • URL Previewer, batch extracts the information from Windows URL files, auto decodes date/time information and presents in a single report for review…
  • Video Previewer, utility for creating preview reports producing a basic report showing the overall content of a video file (based on Media Player Classic thumbs option)…
  • Vista Recycle Bin Reader, utility to read the recycle bin records of the recycle bin in Windows Vista…
  • Windows Search Index Extractor, extracts information that may be present within the Windows Desktop Search Database (windows.edb file)…
  • WinHex POS Viewer, a new tool to view and extract the content of POS files (Winhex search results) used by the Winhex program. Useful if you need to use the results from a previous search within a third party tool.
  • WinThumbs Extractor, tool to extract and present the contents of the thumbnail database cache created by Windows OS…
  • WMDB Extractor, a tool designed to extract information contained within the Windows Media Player data file (CurrentDatabase_360.wmdb). Extracts playlist, video, music and photo information to CSV, HTML and Text file report formats.
  • PicViewer Extractor, is a tool designed to view and extract information contained within the PicViewer picture browser thumbnail cache file.
  • LAN Search, perform filtered searches for files and folders across a network
  • ABCThumbs Extractor (ABC Viewer thumbnail cache/database)
  • Directory Opus Extractor (Directory Opus thumbnail cache/database)
  • WinNCThumbs Extractor (WinNC file management tool, thumbnail cache/database)
  • WildbitThumbs Extractor (Wildbit Viewer thumbnail cache/database)
  • ValThumbs Extractor (Vallen Jpegger thumbnail cache/database)
  • PIEThumbs Extractor (Picture Information Extractor software)
  • Windows Live Photo Gallery Viewer (WPG Live Viewer), is a tool designed to view and extract information contained within the Vista Windows Live Photo Gallery data file (pictures.pd5).
  • XLS Worksheet Detect, a tool for detecting hidden worksheets in Microsoft excel spreadsheets supports both xls and xlsx formats
  • Windows Reg. Extract, a tool for previewing operating system ownership details
  • Split Paths a utility which breaks down file paths into component parts and saves to CSV
  • Worksheet Name Extract a utility for reading and extracting the titles of all worksheets from excel spreadsheet files
  • Chrome Thumbs Extractor for extracting webpage thumbnails from the Google Chrome browser software
  • Intel Extract, fully user configurable intelligence gathering tool gathers webmail activity (usernames, email addresses and more), search engine activity (default covers all main search enqines), online auction activity, online shopping activity and more…
  • Drive Harvest, file/folder caturing for ‘offline’ review, includes powerful SQL search querying for searching and filtering…
  • CSV2HTML, portable utility for quickly converting CSV formatting text to HTML format…
  • Base64 Decoder, standalone base64 file decoder, works on single and multiple encoded files…
  • Tested on Microsoft Windows 7 64-bit
  • Windows Mail Store Extractor v1.0, extracts information from the Windows Mail repository file WindowsMail.MSMessageStore…
  • PicIT Extractor v1.0 extracts thumbnail and associated data from the Microsoft Picture It thumbnail cache (piorg.db cache files)
  • New tool added, Average File Sizes v1.0, calculate the average size of a group of
    files, useful for determining the optimal carve size for specific file type recovery…
  • New tool added, Filename Convertor v1.0, batch converts long filenames listing to
    short filename 8.3 format, useful for keyword search creation…
  • Edit File Times v1.0, file date/time manipulation and research tool…
  • Hash File Reviewer v1.0, standalone hash file previewer…
  • Various existing tool improvements…

Simple Carver Suite costs $95 per license and includes all the above tools, includes free customer support and updates.

For more tools visit: