SoftwareThe Digital Forensic Examiner's Power Pack is a software solution built upon Guidance Software, Inc.'s (GSI) forensic application EnCase and is designed from the working examiner's perspective. The development of this solution is built upon many years of experience in the field, and many of the issues encountered by its practitioners.
The Power Pack is being sold as a subscription service, which will include updates throughout the subscription year. This will include updates to the current scripts as well as entirely new scripts. The current expectation is to add two (2) new scripts per subscription year, but that could change to ensure that each script is up to 42 LLC’s standards before they are released. All of these updates will be available as long as your subscription is current.
All scripts received during a subscription year will be perpetual, including major bug fixes, but continued subscription will be required to receive updated versions and new scripts. This means that what you get as a part of your subscription year is yours forever.
The following is a short list of the capabilities of the Power Pack. Additional information regarding the Power Pack is outlined in the user manual, as well as their supporting white papers.
Advanced Link File Parser
- Extracts information from Windows shortcut (.LNK) files
- Uses signature analysis to locate potential link files
- Extracts all metadata found in valid Link Files
- Verifies if the target file still exists
- Searches for “potential” target file matches based on metadata
- Searches unallocated space for Link Files
- Output to tab delimited file for use in spreadsheets or databases
- Carves data from evidence based on keyword search results
- Can be run against previously saved keyword search results
- Exports blocks of data specified by user ( sectors, clusters, bytes, KB, MB )
- Analyzes drive fragmentation to filter into contiguous runs of unallocated space
- Can filter out non-human-readable and redundant control characters (i.e. multiple lines of page breaks), resulting in text files that only contain ASCII (low and high) human-readable text
- Can export exact binary data to text files
- Extracts logs from windows deletion record files (INFO2) and their slack space
- Searches unallocated space and reports on identified INFO2 records
- Output to tab delimited file for use in spreadsheets or databases
- All INFO2 metadata is extracted
- Searches slack space of files without requiring hash sets
- Can utilize both Case and Global keywords
- Searches for Social Security Numbers and minimizes false positives
- Validates hits are potentially valid, utilizing information periodically published by the Social Security Administration
- Can utilize pre-run searches
- Can be run against a single file or manually entered SSN
- Output to tab delimited file for use in spreadsheets and databases
- Logical File Collection of potentially valid hits (with full file content or just file metadata)
- Extracts email, PIN messages, call logs, SMS, Photos, and Video from *.IPD files
Product Licensing Info
All scripts received during a subscription year will be perpetual, including major bug fixes, but continued subscription will be required to receive updated versions and new scripts. This means that what you get as a part of your subscription year is yours forever. You will need to purchase one license per EnCase dongle. This will work with all v6 dongles and editions of the EnCase GUI (i.e. FIM, EE, Forensic). If you have NAS you will need to specify that in the notes.