PARABEN

• Full Windows 10 compatibility, including UAC and digital signature by Microsoft

• x86 and [NEW!]x64 versions

• Back-end Firebird database for support of massive amounts of data

• Multi-threading and task scheduling capabilities to process more data in less time

• Convenient plug-in architecture

• Easy-to-use registration scheme including a web-based licensing method that allows using the application on any computer without the dongle!

• Ability to save a case along with its Keyword Indexing database and attached evidence file to single archive from the program interface

• Single interface for all types of digital evidence.

File System plug-ins allow you to examine logical and physical disks as well as individual files and folders (local, network, and stored on CD/DVD).

Disk images from the most popular forensic imaging software are supported.

Memory dump files are supported.

E-mail plug-in supports viewing multiple e-mail and network e-mail formats in a special e-mail data viewer (including support for exporting data to E-mail Examiner, EML [rfc822 compliant], Attachments only, MSG [OLE message], and PST [Outlook] e-mail formats).

Chat Database plug-in supports many popular chat clients for viewing chat database contents in a convenient, color-coded format for easy analysis

OLE Storages plug-in supports the parsing and analysis of any OLE storage.

Archive plug-in supports many popular archive types including: zip, jar, xpi, iso, chm, cab, msi, ppt, doc, xls, arj, bzip2, cpio, deb, gzip, lzh, msis, rpm, split, tar, z, wim, and 7z.

Internet Data plug-in supports the parsing and analysis of:

• Mozilla Firefox cache and history

• Internet Explorer cache, cookies, and history

• Google Chrome history, cookies, auto fill items, keywords, logins, and bookmarks

SQLite plugin supports the parsing and analysis of SQLite databases including: *.db, *.Sqlite, *.Sqlite3, *.sqlitedb, *.db3, and others.

Forensic Container plug-in allows: • Creating a new Forensic Container • Adding an existing Forensic Container as evidence • Parsing the content of a Forensic Container as embedded data in the added file system evidence.

Registry plug-in allows analyzing exported registry hives and Windows Registry data on the images of system disks.

Data acquisition of smartwatches from Android & Tizen

Authentication Data capture for Amazon Echo devices

Data analysis for Fitbit systems associated with Android & iOS devices

Support of DJI Drone data from both 3 and 4 versions

The Game Console plug-in allows you to examine images of logical and physical disks with evidence from Xbox 360 including:

• FATX filesystem used by Xbox.

• STFS filesystem data intended to store packages created and downloaded by the Xbox.

• XDBF databases containing gamer profile data.

Multiple reporting options:

• Mobile Data Review report providing data in the most comprehensive format for forensic investigators.
• E-mail messages report for mail archives analysis.
• Mobile data timeline report for analysis of mobile data evidence.
• HTML, PDF, CSV, TXT, RTF, and Excel reports for presenting data in the most usable format.
• Special malware report.

Full customization of reports:

• Possibility to add custom logo, header, and footer.
• Possibility to add Examination Summary and Examination Conclusion sections directly from the Electronic Evidence Examiner Interface.
• Investigator and case details sections in reports.
• Full customization of data to be added to the reports (select columns you want to see in the report).
• Mobile Data Review report can be localized into Chinese and Spanish.

Exporting:

• Export any file in its native format.
• Export multiple files from different folders/disks/evidence types.
• Export graphics & multimedia
• Export graphics & multimedia while sorting data
• Export files/folders to forensic containers.
• Export mail storage contents to EML, EMX, PST, MHTML, and MSG formats.
• Export e-mail attachments in their native format.
• Export GPS data to MapLink.
• Export from search results and bookmarked data including multi-selection.
• Batch export for e-mail databases.

An encrypted dynamic Forensic Container creation for storing exported data.

• File viewers for popular file formats.
• EXIF data viewer for graphic files including search in EXIF data and adding EXIF data to reports.
• Special E-mail data viewer for viewing e-mail messages in different formats including viewing attachments.
• Special Chat RTF viewer for viewing chat history in a convenient format.
• Parsed data viewer for smartphone Application data.
• Extracted text viewer with a possibility of language selection for viewing results of optical character recognition.
• Content analysis results viewer for viewing whether a file has signs of malware and malware scan report.
• Data Triage.
• Mobile Data Triage.
• Adjustable font color and size.
• Bookmarking for easy navigation and review of data with a tree-view bookmarks structure.
• Possibility to change time zone representation of date/time in evidence for easier comprehension.
• Opening data with external viewers.

Logical imaging and physical imaging of a variety of mobile devices

1. More than 50 plug-ins for working with more than 25 types of devices including: ° Cell/feature phones ° Smartphones (iPhones, Androids, BlackBerry, and Tizens) ° Smartwatches (Androids and Tizens) ° Windows Phones & Portable devices ° PDAs ° Tablets (iPads/iPod Touches and Android tablets) ° Media Devices (iPods and eReaders) ° GPS devices ° Media cards
2. Acquisition of complete GSM and CDMA SIM card information including deleted data
3. Device autodetection during acquisition
4. USB, serial, and Bluetooth (Limited) support
5. Deleted data recovery on all types of devices
6. Full flash download for certain models of cell phones, PDAs, and smartphones
7. Encrypted image files to guarantee image integrity
8. Data Triage.
9. Mobile Data Triage.
10. Adjustable font color and size.

JTAG plugin for analyzing JTAG dumps

Android Pie is now supported for logical acquisition in E3.

Import of device-related desktop data:

• RIM BlackBerry Backup (IPD & BBB) including BlackBerry 10
• Apple iPhone Backup (including encrypted back-ups) with parsing of iOS keychain files
• KML and GPS maps

• Cellebrite cases
• Tarantula back-ups (Chinese Phone Support)

• Facebook
• Gmail
• Google Drive
• Google Locations
• iCloud Backup
• Twitter
• Amazon Alexa

And much more!

1. The Auto-Exam option guides you through the process of evidence examination and does most things automatically without your interaction.
2. The Keyword Search plug-in creates a keywords database for keywords searches:
• Perform keywords indexing of any text data
• Quick keywords search in indexed data including multiple parameters for email evidence
3. The Malware Scan plug-in allows you to check if an executable file has the signs of malware.
4. File sorting:
   • Sort binary files by their file type
   • Sort e-mail attachments
   • Sort recovered deleted data
   • Analyze file type/file extension mismatch
5. [NEW!] Image Analyzer for sorting images by potentially illicit categories (Drugs, Gore, Porn, Swim underwear, Terrorism, and Weapons).
6. Deleted data recovery.
7. Hash database features can manage and filter out common hashes (FOCH) including import of hash values from text files to Electronic Evidence Examiner hash databases for filtering out required files.
8. SHA-256 calculation.
9. Optical character recognition for images of most popular formats.
10. Robust advanced searching and filtering options including multi-encoding support:
    • Search within e-mail attachments including search by attachments type
    • Search in deleted data, unallocated disk space, file slack, etc.
    • Multi-parameter search for each type of data.
    • Regular Expressions search.
    • Ability to search for data without searching for its contents (file name/directory names).
    • Multi-selection of search results for adding to a Search results report.