Suitable for new or experienced investigators, Forensic Explorer combines a flexible and easy to use GUI with advanced sort, filter, keyword search, data recovery and script technology. Quickly process large volumes of data, automate complex investigation tasks, produce detailed reports and increase productivity. Manage all aspects of the investigation, including:
forensic-explorer-facts-sheet (English) |
Anti-Virus: |
In built Cisco Clam anti-virus. |
Artificial Intelligence |
Forensic Explorer uses advanced AI-powered image recognition and delivers high detection accuracy with near-zero false positives. Includes a CSAM detection addon for law enforcement. |
Bookmark: |
Bookmark, flag, or categorize potential evidence. |
Case Management: |
Create, save and load case files. |
Data Access: |
Access all areas of physical or imaged media at a file, text, or hex level. View and analyze system files, file and disk slack, swap files, print files, boot records, partitions, file allocation tables, unallocated clusters, etc. |
Data Carving: |
Inbuilt data carving tool to carve more than 300 known file types. |
Data Views: |
Powerful data views including:
|
Email: |
Email support for PST, OST, EDB, MBOX formats. Full keyword and index search capabilities for email. |
Export: |
Export files to disk, or direct to .L01 forensic evidence files. |
GUI: |
Detach drag and drop views for a customized work-space on multiple monitors. Save and load personal work-space configurations to suit investigative needs. |
Hash: |
Apply hash sets to a case to identify or exclude known files. Hash individual files for analysis.
|
Index: |
Built-in DTSearch index capability. |
Keyword Search: |
Cluster, sector, or byte level keyword search of entire media using text, regex or hex expressions. |
Language: |
Forensic Explorer is Unicode compliant. Investigators can search and view data in native language format such as Dutch or Arabic. |
Language GUI: |
FEX GUI language can be set to EN, DE, ES, FR, ID, TR, ZH on install (language option set in registry). |
Metadata: |
Extract and report file metadata, including EXIF, GPS, MS Office and more. |
Mount (MIP): |
Mount forensic image files as a Windows drive letter (Mount Image Pro). Full access to deleted, system, unallocated, etc. Full CLI capabilities. |
RAID: |
Work with physical or forensically imaged RAID media, including software and hardware RAID, JBOD, RAID 0, RAID 5, RAID 6. |
Recovery: |
Recover deleted folders and partitions. |
Registry: |
Open and examine Windows registry hives. Filter, categorize and keyword search registry keys. Automate registry analysis. |
Reporting: |
Custom report builder with pre-defined reporting templates. |
Scripting: |
Inbuilt powerful Delphi scripting language. Inbuilt scripts for:
|
Servlet (Network): |
Connect to and examine remote drives using a deploy-able network servlet. |
Shadow Copy: |
Easily add and analyze shadow copy files. Learn more about Forensic Explorer Shadow Copy Volumes. |
Signature: |
Forensic Explorer can automatically verify the signature of every file in a case and identify those mismatching file extensions. |
Triage: |
Automatically triage and report on common forensic search criteria. |
Virtual Live Boot: |
Virtualize Windows and MAC forensic image and physical disks using VirtualBox or VMWare. |
Yara Rules |
Yara rules enable investigators to quickly and efficiently identify malware and other forms of malicious software within digital evidence. By leveraging Yara Rules, examiners can apply a set of customizable, text-based rules that are designed to match specific data characteristics. |