Internet Evidence Finder

Download Brochure
Request a Quote

INTERNET EVIDENCE FINDER® (IEF®) is a digital forensics software solution used by thousands of forensics professionals around the world to find, analyze and present digital evidence found on computers, smartphones and tablets.

FIND

Designed for forensics professionals who must recover digital evidence from computers, smartphones and tablets, an IEF Search finds hundreds of digital forensic artifacts by parsing and carving data from allocated and unallocated space.

IEF Supported Systems
Supported Operating Systems Windows XP, Windows Vista, Windows 7, Windows 8, Windows 8.1, Mac OSX, iOS, Android, Kindle Fire
Supported File Systems NTFS, HFS+, HFSX, EXT2, EXT3, EXT4, FAT32, EXFAT, YAFFS2
Search Input Sources Drives, volumes/partitions, images, files & folders, network shares, volume shadow copies, live RAM captures, physical & logical mobile images, file dumps
Supported Forensic Image File Formats E01, Ex01, L01, Lx01, AD1, dd, raw, bin, img, ima, dmg, flp, vfd, bif, vmdk, vhd, vdi, xva, zip, tar
Target Search Locations pagefile.sys, $MFT, $Logfile, files and folders, hiberfil.sys, unallocated clusters,unpartitioned space, file slack space, swap file, uninitialized file area
Disk Encryption Detects encrypted disks/volumes including Truecrypt, Bitlocker, PGP, and Safeboot

FIND INTERNET ARTIFACTS:
Recover evidence from 265+ types of Internet Artifacts from Windows and Mac computers

  • Social networking applications like Facebook and Twitter
  • Webmail applications like Gmail and Hotmail/Outlook.com
  • Instant messenger & chat applications like GoogleTalk and iChat
  • P2P File Sharing Applications like Ares and eMule
  • Cloud Based Services like Dropbox and Flickr
  • Web browser activity from Internet Explorer, Chrome, Safari and others
  • Refined browsing results like rebuilt webpages and Google Maps queries
  • Pictures and videos with EXIF data
  • Web video recovery from applications like Chatroulette and YapChat
  • Mobile Backups from iOS smartphones
  • Usenet Files from applications like Xnews and Grabit
  • Mapping queries from Google Maps and Bing Maps
  • Search Toolbar activity from Google and Bing

FIND BUSINESS APPLICATIONS & OS ARTIFACTS:
Recover evidence from 58 types of Business Applications & OS Artifacts from Windows and Mac computers

  • Corporate Email and Instant Messaging artifacts including Outlook OST & PST files, mbox email archives, and Microsoft Lync/OCS IM
  • Document files including .pdf, .doc, .docx, .xls, .xlsx, .ppt, .pptx
  • Windows Operating System artifacts including user accounts, USB device history, lnk files, prefetch files, shellbags, jumplists, event logs and others

FIND MOBILE ARTIFACTS:
Recover 165+ types of Mobile Artifacts from iOS and Android smartphones and tablets

  • Native Mobile OS Applications, including:
    • SMS
    • Contacts
    • Email
    • Voicemail
    • Browsers
    • Mapping
    • Pictures and Video
    • Notes
    • Downloads
    • Phone Call Logs
    • Caches
  • 3rd Party Mobile Applications, including:
    • Chat Applications like WhatsApp, Kik Messenger and Snapchat
    • Social Networking Applications like Facebook and Twitter
    • Cloud Applications like Dropbox
  • Unknown and/or Obscure Chat Applications:
    • Our Dynamic App Finder searches for any potential mobile chat app databases on mobile images or file dumps, then identifies the app name, and maps the four key fields to interpret results from most chat apps: sender, receiver, date/time and message

CONDUCT LIVE SYSTEM FORENSICS:
The IEF Triage Module runs from a USB dongle and enables the forensic examination of live systems

  • Supports Windows-powered computers
  • Detects active full disk encryption like Truecrypt, Bitlocker, PGP and more
  • Captures live RAM
  • Collects volatile data from live system artifacts, including:
    • Network connections
    • Running processes
    • Connected network shares, drives and remote connections
    • Network Interfaces
    • Logged on Users
    • Scheduled Tasks and Services
  • ‘Quick Capture’ feature allows an investigator to capture RAM, live system artifacts, and run a quick search for evidence in a single step
  • Conduct a quick on-scene search and pre-screen evidence to qualify computers for seizure and further examination
  • Maintains forensic integrity of data

Search results are organized in IEF Report Viewer, where they can be analyzed by a digital forensics professional to identify the evidence that is most important to a case.

ANALYZE

IEF SEARCH RESULTS CAN BE ANALYZED QUICKLY & EFFICIENTLY USING OUR BUILT-IN ANALYSIS TOOLS, SO YOU CAN GET TO CRITICAL EVIDENCE FAST:

  • Use Keyword Searches, Filters and Bookmarks to identify important evidence.
  • Rebuild Webpages: View webpages in their original format as they were seen by the user.
  • Mapping: Plot geo-location data on a world map to identify physical locations.
  • Timeline: View artifacts graphed in a chronological sequence to observe overall activity patterns, and drill-down to isolate artifacts from a specific time period.
  • Picture Analysis: Identify and categorize images recovered by an IEF search with built-in picture and analysis tools:
    • Refine results using skin tone filters
    • View PhotoDNA, MD5 and SHA-1 hashes for recovered files
    • Import hash values from Project Vic or custom hash databases to quickly identify and categorize illicit images

IEF search results can be exported into a number of report formats that are easy to understand and present.

PRESENT

IEF’S FLEXIBLE REPORTING OPTIONS MAKE IT EASY TO UNDERSTAND EVIDENCE, AND COLLABORATE AT ALL STAGES OF THE INVESTIGATION:

  • Export a report in HTML, PDF, Excel, CSV, XML and tab-delimited formats.
  • IEF Portable Case: Share an IEF Portable Case with colleagues, who can then view all search results without having an IEF license.
  • Chat Thread Visualization: Create a representation of a chat thread to add to your report or presentation as a visual element.
2017-09-01T14:51:19+00:00