Internet Examiner ToolKit.. IXTK - SiQuest users?

How do you get the demo? It looks like a usefull tool, a lot of resemblance towords IEF.

You can get a 30 Day demo..Just download the Tool and when it prompts for the Registration after install..there is a Request 30 Day Demo..and they will send you the Key.
It really reminds me of (and pardon the irony) the Netanalysis Interface. VERY DETAILED INFO produced..almost to a fault. I always found NetAnalysis to be very noisy for the end user… Lots of info but you really Really have to dig into the Manual to get anything out of it. I think IEF has spoiled me and made my brain turn to mush..just spoon feeding me the info in a minimal data type format.

Rob

IXTK is the evolution of their old flagship product, CacheBack. You can google some old press about CacheBack and NetAnalysis having been used in a murder trial and discrepancies between user results for web page views regarding chloroform.

After that CB released and update and moved to the infancy of Internet Examiner which was a redesign to replace CB. Internet Examiner was good but slow and buggy. This product looks promising and far more lucrative at the reduced price point; however, I have no direct hands on with this versioning.

I am also curious to hear about users experiences.

Hello,

My response below is not a sales pitch, but rather a detailed answer to address the various questions and uncertainties about our software that have been raised on this forum over the last 3 years.

First, let me say that the issues raised at the Casey Anthony trial were completely preventable by select individuals on the side of the prosecution. Had certain key facts not been suppressed from me or the court from the onset of the investigation and throughout the trial, then the forensic industry and the public at large would have an entirely different opinion. I'm not here to reopen that debate. Armchair critics will continue to exist out there. Hopefully people can learn to turn a deaf ear to basely comments from this small group of individuals and make an informed opinion on their own. My door is always open if you want to hear it from the horse's mouth. But I'm not here to talk about dead stories. Let's move on.

Now, let start by telling you that our new product IXTK is NOT CacheBack in any way whatsoever. There is not a single line of code from that earlier tool – not one!. Internet Examiner Toolkit (IXTK) is a complete and total 3-Year redesign using only modern day technologies. We've been in the shadows all this time designing something incredibly different.

We've implemented a scalable SQLite database back end for case processing. True multi-threading, super fast C/C++ low end libraries for disk level searching, and modern .NET Framework and C# for the user interface. It's also the first and only forensic tool available today with "live online" Internet investigation capabilities built-in. Oh, and yes, we also find Internet artifacts )

In 2012, Internet Examiner 3 was still built on Visual Basic, 32-bit and linear processing. There was no such thing as multi-threading. This was the very same technology that a well-talked-about 'other product' was built on. From 2012 to summer 2014, I pretty much closed the doors to start from scratch. I wanted to build a new toolkit that could scale for years to come and address the ever constant changing number of Internet artifacts. In our absence, obviously other products garnered a lot of attention during this time. Hopefully today we can give people something new to look at.

Was CacheBack slow? Yes absolutely. Is was slow technology - period! Internet Examiner Version 3 was slow too (based on the same technology) but not as slow when we moved from an Access database to an SQLite database. A case file could take up to 1 or 2 minutes to open. This was due to how we populated the Filter tree in v3. Today, is takes only 6-7 seconds to create a case file. Where importing and parsing cache in v3 might have taken 25 minutes, could only take 60 seconds today!

Without this coming off as a sales pitch, what I can tell everyone is that IXTK is new swiss army knife of Internet forensics. If you are wanting to compare IXTK to IEF, you should be basing the comparison on more than just "how many artifacts does it support?". We stopped answering this question a while ago for the simple reason that we do things differently. Our focus was not just on finding stuff such as fragments or snippets. Our focus was on helping with the investigation, with the workflow, with the reporting. Any artifact we support has been well defined and provides as much 'clean' data as possible but more importantly, has decent metadata . If you want to know how many artifacts IXTK supports? Well technically the number is limitless! That's because of the Keyword Artifacts and Clean Carving options. But we don't make that the focal point for comparison. Not only would it come off as outrageous, but it would be unfair.

With each new update, we are adding more and more artifact support, especially for social media and mobile devices (Android and iPhone). Eventually, most forensic tools will be supporting the SAME CORE ARTIFACTS to some degree or another. It happened with the Browsers a few years ago and it is soon to happen with everything else. 2015 is the year that IXTK equalizes that discrepancy. Are we doing to support artifact Walabazoo from Krinkletoo Application? If you haven't heard of it, we're likely not going to build in support for it. We're interested in providing artifact support for artifacts you are likely to encounter. Instead of asking "how many artifacts does IXTK support"? Start asking the question "What can IXTK do to help me with my investigation?" That's really the more important question.

Someone mentioned "Looks like Net Analysis". That is the farthest from the truth! The actual inspiration for the IXTK user interface came from my likes and dislikes of products like EnCase v5 and v6, having been a long time user. I also like features from other BIGger tools like FTK, X-Ways and even Microsoft Outlook and Windows Explorer. But for the record, Net Analysis offered us NO inspiration whatsoever in the design of IXTK. None.

For those of you want more details about what the IXTK can do, please contact me off list via our website.

If you are interested in knowing how IXTK is performing in the industry today, SC Magazine recently voted SiQuest Industry Innovator 2014. Here's a link to their article SC Magazine Article

Thanks.

John Bradley
CEO | Chief Technical Officer
SiQuest

Hello,

My response below is not a sales pitch, but rather …

Thank you for pointing this out ) , there would have been otherwise the possibility to misunderstand it.

Nice career BTW, from loyal user to CEO of the company in a few years roll
http//www.forensicfocus.com/Forums/viewtopic/p=6521545/#6521545

Hi there,

As a loyal user of the software, here's what I can tell you from personal experience…

jaclaz

I used CB and then IXTK up until about 18 months ago then I switched to Magnet IEF.

My personal opinion and what was borne out with my experience using IXTK was that it promised a lot on paper and failed to deliver on use. While there was lots of information recovered it was delivered in a very technical and often haphazard way which required many hours work to decipher and ultimately I ended up spending more time reworking the data into usable reports for my clients, who are at the end of the day paying the bill and non technical people.

The support was fantastic and I had no issue with the company itself, they certainly bent over backwards to help me work through any issues I encountered, but for me ultimately I was spending too much time trying to decipher the results.

IEF was a no brainer for me to switch to. Very fast, results easy to understand and reporting looks good. They have some work to do so the reports and results can be filtered and tailored more effectively but at the moment IEF is my tool of choice for anything internet related. It has the added bonus of dealing with mobile downloads from UFED very nicely as well.

Not saying I wouldn't revisit IXTK at some point but IEF would really have to drop the ball before I'd be making any changes in my lab.

Respectfully speaking, Internet Examiner Toolkit (IXTK) did not exist 18 months ago. Therefore, your comments are in relation to an old piece of software. And like many people should agree, technology changes dramatically in short periods of time. You can't even compare the two. They are totally different.

18 months ago, we had "Internet Examiner" Version 3. This was a "new face" imposed overtop of an old technology. It was an offering to our earlier CacheBack customers that would showcase what the future of our software would look like. It was meant to only extend the life of the old technology long enough until our IXTK was complete. Internet Examiner, 18 months ago, was in its 3rd generation built on old technology, just like some of our competitors products once were. It was slow and we were smack in the middle of a 3 year total re-design in what is now, today, called Internet Examiner Toolkit.

We released IXTK in May 2014 which is NOT the same tool at all. It was 3 years in development. Over the last few months, we've made even greater improvements. In January 2015, we are adding FaceDNA Biometric Facial Recognition within the same MSRP. Earlier this year we made it possible to capture and download YouTube videos LIVE as well as from Unallocated Space. Do any of your other tools do that? These are the types of features that we are interested in offering end users.

One of the biggest design changes in IXTK has been the creation of an Artifact Framework. This will allow us to create profiles to expedite the discovery of artifacts and keep pace with new Internet artifacts. Users won't need to learn scripting languages and depend on tools like EnCase. Users will be able to create their own profiles. Now that IXTK is released and has had a few months of tweaking, we only now need to add additional profiles for the likes of P2P, Snapchat, WhatsApp, etc. In a few short months, the list of "artifacts supported" will not longer be as much of a debate.

IXTK is not a push button tool per se. It's the only forensic tool available today that provides conventional 'deadbox' analysis WITH LIVE (real-time) Internet investigation and capture capabilities. We are not trying to do the SAME things as our competitors. We are offering different things alongside conventional analysis requirements (e.g., browser history, chat, etc).

It's quite ok if you are a fan of IEF or Cellebrite's UFED or other tools. I admire what both companies have accomplished. In fact, I admire what most of all the other tools out there offer. There are many tools that do things similarly and there are tools that do things differently. Some people have 1 tool for one task, and another tool for another task. Some people have different tools for "cross-validation" purposes. Some people don't care about validation and for them, that's their choice.

To be clear, SiQuest isn't trying to go toe to toe and feature to feature with any other specific product out there. While we offer similar features that users come to expect from a forensic tool (e.g., browser history, chat, etc), we are more interested in being different and innovative. We endeavor to make our software "transparent" in the discovery process with built-in validation. This is primarily why our user interface is so detailed.

As for the comment by "jaclaz" about my recent promotion, I will take that as a compliment despite the intended undertone. Times change and people change. In the forum of public opinion, there will always be allegiances, some that have vested interests with select vendors and some that will unfortunately hide behind a moniker for no other reason than to offer snide comments. This was my initial experience at Forensic Focus when I joined many years ago. It seemed rather unfair and one-sided at times. My coming forward today is to be transparent and honest. But thank you for pointing out my past contributions to the forum. If I was really intent on hiding, I would have re-registered.

I am here representing our interests in making the digital forensic space a better place. We have things to offer (products, answers to questions) and we do our best and that's all we can do. My intention in responding to select posts is merely to clarify false assumptions and false statements about who we are and our products. I am NOT here to put down other tools or criticize them.

Everyone is entitled to their opinion and I totally respect that. I've met Jad and Adam and I've also met the guys at Cellebrite and they each offer great tools.

At this point, all I can say is that SiQuest is looking to give back to the industry. If you would permit me the opportunity to join in on conversations, I will do my best to answer any questions. I may no longer be a sworn member working in the trenches, but I still like to help out when the chance permits itself.

We released IXTK in May 2014 which is NOT the same tool at all. It was 3 years in development. Over the last few months, we've made even greater improvements. In January 2015, we are adding FaceDNA Biometric Facial Recognition within the same MSRP. Earlier this year we made it possible to capture and download YouTube videos LIVE as well as from Unallocated Space. Do any of your other tools do that? These are the types of features that we are interested in offering end users.

One of the biggest design changes in IXTK has been the creation of an Artifact Framework. This will allow us to create profiles to expedite the discovery of artifacts and keep pace with new Internet artifacts. Users won't need to learn scripting languages and depend on tools like EnCase. Users will be able to create their own profiles. Now that IXTK is released and has had a few months of tweaking, we only now need to add additional profiles for the likes of P2P, Snapchat, WhatsApp, etc. In a few short months, the list of "artifacts supported" will not longer be as much of a debate.

IXTK is not a push button tool per se. It's the only forensic tool available today that provides conventional 'deadbox' analysis WITH LIVE (real-time) Internet investigation and capture capabilities. We are not trying to do the SAME things as our competitors. We are offering different things alongside conventional analysis requirements (e.g., browser history, chat, etc).

Well, this starts to sound like a sales pitch wink

As for the comment by "jaclaz" about my recent promotion, I will take that as a compliment despite the intended undertone. Times change and people change. In the forum of public opinion, there will always be allegiances, some that have vested interests with select vendors and some that will unfortunately hide behind a moniker for no other reason than to offer snide comments. This was my initial experience at Forensic Focus when I joined many years ago. It seemed rather unfair and one-sided at times. My coming forward today is to be transparent and honest. But thank you for pointing out my past contributions to the forum. If I was really intent on hiding, I would have re-registered.

Sure ) , and I personally appreciate how now you fully qualified yourself.

Still, and with all due respect, it seems to me that since your one and only post on the forum in the last 6 (six) years was the previously referenced one
http//www.forensicfocus.com/Forums/viewtopic/t=2291/
http//www.forensicfocus.com/Forums/viewtopic/p=6521545/#6521545
that the suspect expressed by a few members about it being a form of astroturfing
http//www.forensicfocus.com/Forums/viewtopic/p=6521565/#6521565
http//www.forensicfocus.com/Forums/viewtopic/t=2291/postdays=0/postorder=asc/start=7/
was not completely void of some basis.

jaclaz

I've never met you 😯

Although I'm happy if you want to fly me over to Canada for a look at the new improved tool P

Downloading the new trial version now for a more recent experience. Happy to post back here and eat my words if the new version impresses.