Electronic Evidence Examiner

Universal Data Types

From hard drive data, smartphones, and IoT data. All boundaries that used to exist for digital evidence have been broken with this one universal tool.

Advanced Plug-in Architecture

Create specialized engines that examine elements like e-mail, network e-mail, chat logs, mobile data, file systems, Internet file analysis, smartphones, and more

DS Toolkit Hardware Kit

Included are all the common cables required for processing devices as well as other accessories used in forensics analysis.

Our Amazing Features

  • 64-bit

    64-bit version with the most plug-ins available allowing it to take full advantage of your OS.

  • Python SDK

    You can develop automated scripts for evidence data processing.

  • Image Analyzer

    Find illicit images such as Drugs, Gore, Porn, Terrorism, and Weapons.

  • Windows 10 Artifacts

    Locate Cortana voice commands, Windows applications, and File History.

  • User Activity Timeline

    Determine what actions where performed on a device at certain moment in time.

  • Improved Android Plug-in

    Faster acquisitions, improved logical, and physical extractions.

  • More MTK Chipset Support

    More physical acquisitions of MediaTek devices.

  • iOS 12 Support

    Support of Apple’s latest OS and faster acquisition times.

  • More Devices Supported

    We now support over 30,000 devices in this latest release.

Mobile Phone & Computer Data Recovery & Investigation Tools

iRecovery Stick

iRecovery Stick

Recover deleted data from iPhones, iPads, & iPod Touches. Perform complete investigations of user data, including app data, pictures, documents, & much more. Investigating iOS devices is much more than just recovering deleted text messages.
Phone Recovery Stick

Phone Recovery Stick

Investigate Android phones and tablets. Recover deleted data and download and examine user content like pictures, conversations, applications, internet history, and applications more. More than just data recovery.
Voice Logger for Windows

Voice Logger

Turn Windows computers, laptops, or tablets into a covert voice activated recorder and email the hidden recordings to yourself. Perfect as personal dictation software, computer security software to catch unauthorized computer use, and much more.
Data Recovery Stick

Data Recovery Stick

When it comes to deleted data recovery, trust the forensic experts. Recover deleted data from any NTFS or FAT formatted hard drive or storage device. Recover documents, photos, and MP3s.
Porn Detection Stick

Porn Detection Stick

Scan your computer for unwanted pornography. This easy-to-use porn scanner searches images, videos, and even internet history databases, zip files, and deleted files for pornographic content.
Black Vox Hidden Voice Recorder

Black Vox

Voice activated voice recorder. Under cover audio recorder with 75 day standby battery life and 288 hours of recording time. Powerful magnets help you hide it almost anywhere.
Black Vox Air Freshener Hidden Voice Recorder

Black Vox Air Freshener

Voice activated audio recorder in a functioning air freshener. Under cover audio recorder with 1 year standby battery life and 288 hours of recording time.
SIM Card Seizure

SIM Card Seizure

Older feature phones often store text (SMS) messages on the SIM. Recover deleted messages & last numbers dialed. Includes a USB SIM reader & adapters for all SIM sizes and recovery software.
Photo Backup Stick

Photo Backup Stick

Back up your photos with this USB picture keeper. The Photo Backup Stick is the easiest way to back up your photos. No confusing cloud accounts, no monthly fees, but lots of peace of mind.
Key Logger

Key Logger

Protect your computer and find out exactly what is being done on it with this 16 MB keylogger for USB wired keyboard. 128 bit encryption protects your data.
Keyboard Keylogger

Keyboard Keylogger

Log all the keystrokes on your computer with this keyboard with a built-in keylogger. Name brand keyboard shows no sign it has been altered to have full keylogger capabilities.
Black Vox Calculator

Black Vox Calculator

Black Vox Calculator
Voice activated audio recorder in a functioning calculator. Under cover audio recorder with 75 day standby battery life and 72 hours of recording time.
Chat Stick

Chat Stick

Investigate conversations from popular instant messaging apps. View and analyze chat logs from Yahoo, MSN 6.1, 6.2, 7.0, & 7.5, ICQ 1999-2003b, Trillian, Skype, Hello, & Miranda.

Data Recovery and Investigation Tool Bundles

Cell Phone Investigation Kit

Cell Phone Investigation Kit

Be prepared to recover data and investigate almost any mobile phone. This bundle gives you the software and hardware needed to complete your investigation and data recovery on iPhones, Androids, and SIM cards.
Digital Investigation Kit

Digital Investigation Kit

Expand your data recovery and investigations beyond mobile phones. This bundle includes tools to recover data from cell phones, computers, USB drives, and more as well as scan for pornography, analyze chat logs, and more.

Key Features

File System plug-ins allow you to examine logical and physical disks as well as individual files and folders (local, network, and stored on CD/DVD).

Disk images from the most popular forensic imaging software are supported.

Memory dump files are supported.

E-mail plug-in supports viewing multiple e-mail and network e-mail formats in a special e-mail data viewer (including support for exporting data to E-mail Examiner, EML [rfc822 compliant], Attachments only, MSG [OLE message], and PST [Outlook] e-mail formats).

Chat Database plug-in supports many popular chat clients for viewing chat database contents in a convenient, color-coded format for easy analysis

OLE Storages plug-in supports the parsing and analysis of any OLE storage.

Archive plug-in supports many popular archive types including: zip, jar, xpi, iso, chm, cab, msi, ppt, doc, xls, arj, bzip2, cpio, deb, gzip, lzh, msis, rpm, split, tar, z, wim, and 7z.

Internet Data plug-in supports the parsing and analysis of:

• Mozilla Firefox cache and history

• Internet Explorer cache, cookies, and history

• Google Chrome history, cookies, auto fill items, keywords, logins, and bookmarks

SQLite plugin supports the parsing and analysis of SQLite databases including: *.db, *.Sqlite, *.Sqlite3, *.sqlitedb, *.db3, and others.

Forensic Container plug-in allows: • Creating a new Forensic Container • Adding an existing Forensic Container as evidence • Parsing the content of a Forensic Container as embedded data in the added file system evidence.

Registry plug-in allows analyzing exported registry hives and Windows Registry data on the images of system disks.

Data acquisition of smartwatches from Android & Tizen

Authentication Data capture for Amazon Echo devices

Data analysis for Fitbit systems associated with Android & iOS devices

Support of DJI Drone data from both 3 and 4 versions

The Game Console plug-in allows you to examine images of logical and physical disks with evidence from Xbox 360 including:

• FATX filesystem used by Xbox.

• STFS filesystem data intended to store packages created and downloaded by the Xbox.

• XDBF databases containing gamer profile data.

Multiple reporting options:

  • Mobile Data Review report providing data in the most comprehensive format for forensic investigators.
  • E-mail messages report for mail archives analysis.
  • Mobile data timeline report for analysis of mobile data evidence.
  • HTML, PDF, CSV, TXT, RTF, and Excel reports for presenting data in the most usable format.
  • Special malware report.

Full customization of reports:

  • Possibility to add custom logo, header, and footer.
  • Possibility to add Examination Summary and Examination Conclusion sections directly from the Electronic Evidence Examiner Interface.
  • Investigator and case details sections in reports.
  • Full customization of data to be added to the reports (select columns you want to see in the report).
  • Mobile Data Review report can be localized into Chinese and Spanish.

Exporting:

  • Export any file in its native format.
  • Export multiple files from different folders/disks/evidence types.
  • Export graphics & multimedia
  • Export graphics & multimedia while sorting data
  • Export files/folders to forensic containers.
  • Export mail storage contents to EML, EMX, PST, MHTML, and MSG formats.
  • Export e-mail attachments in their native format.
  • Export GPS data to MapLink.
  • Export from search results and bookmarked data including multi-selection.
  • Batch export for e-mail databases.

An encrypted dynamic Forensic Container creation for storing exported data.

  • File viewers for popular file formats.
  • EXIF data viewer for graphic files including search in EXIF data and adding EXIF data to reports.
  • Special E-mail data viewer for viewing e-mail messages in different formats including viewing attachments.
  • Special Chat RTF viewer for viewing chat history in a convenient format.
  • Parsed data viewer for smartphone Application data.
  • Extracted text viewer with a possibility of language selection for viewing results of optical character recognition.
  • Content analysis results viewer for viewing whether a file has signs of malware and malware scan report.
  • Data Triage.
  • Mobile Data Triage.
  • Adjustable font color and size.
  • Bookmarking for easy navigation and review of data with a tree-view bookmarks structure.
  • Possibility to change time zone representation of date/time in evidence for easier comprehension.
  • Opening data with external viewers.

Logical imaging and physical imaging of a variety of mobile devices

  1. More than 50 plug-ins for working with more than 25 types of devices including: ° Cell/feature phones ° Smartphones (iPhones, Androids, BlackBerry, and Tizens) ° Smartwatches (Androids and Tizens) ° Windows Phones & Portable devices ° PDAs ° Tablets (iPads/iPod Touches and Android tablets) ° Media Devices (iPods and eReaders) ° GPS devices ° Media cards
  2. Acquisition of complete GSM and CDMA SIM card information including deleted data
  3. Device autodetection during acquisition
  4. USB, serial, and Bluetooth (Limited) support
  5. Deleted data recovery on all types of devices
  6. Full flash download for certain models of cell phones, PDAs, and smartphones
  7. Encrypted image files to guarantee image integrity
  8. Data Triage.
  9. Mobile Data Triage.
  10. Adjustable font color and size.

JTAG plugin for analyzing JTAG dumps

Android Pie is now supported for logical acquisition in E3.

Import of device-related desktop data:

  • RIM BlackBerry Backup (IPD & BBB) including BlackBerry 10
  • Apple iPhone Backup (including encrypted back-ups) with parsing of iOS keychain files
  • KML and GPS maps
h4>Import of data from other tools
  • Cellebrite cases
  • Tarantula back-ups (Chinese Phone Support)
h4>Support of data acquisition from cloud-based services:
  • Facebook
  • Gmail
  • Google Drive
  • Google Locations
  • iCloud Backup
  • Twitter
  • Amazon Alexa

And much more!

  1. The Auto-Exam option guides you through the process of evidence examination and does most things automatically without your interaction.
  2. The Keyword Search plug-in creates a keywords database for keywords searches:
    • Perform keywords indexing of any text data
    • Quick keywords search in indexed data including multiple parameters for email evidence
  3. The Malware Scan plug-in allows you to check if an executable file has the signs of malware.
  4. File sorting:
    • Sort binary files by their file type
    • Sort e-mail attachments
    • Sort recovered deleted data
    • Analyze file type/file extension mismatch
  5. [NEW!] Image Analyzer for sorting images by potentially illicit categories (Drugs, Gore, Porn, Swim underwear, Terrorism, and Weapons).
  6. Deleted data recovery.
  7. Hash database features can manage and filter out common hashes (FOCH) including import of hash values from text files to Electronic Evidence Examiner hash databases for filtering out required files.
  8. SHA-256 calculation.
  9. Optical character recognition for images of most popular formats.
  10. Robust advanced searching and filtering options including multi-encoding support:
    • Search within e-mail attachments including search by attachments type
    • Search in deleted data, unallocated disk space, file slack, etc.
    • Multi-parameter search for each type of data.
    • Regular Expressions search.
    • Ability to search for data without searching for its contents (file name/directory names).
    • Multi-selection of search results for adding to a Search results report.