Forums
Main Category
General (Technical,...
Simple case review ...
 
Notifications
Clear all

Simple case review software

 
General (Technical, Procedural, Software, Hardware etc.)
Last Post by farmerdude 15 years ago
4 Posts
4 Users
0 Reactions
636 Views
RSS
 ThePM
(@thepm)
Reputable Member
Joined: 17 years ago
Posts: 254
Topic starter 03/11/2010 8:49 pm  

I'm looking for a case review software that could allow non-tech investigators to view the data that has been seized themselves so that they can move forward in their investigation. So, it needs to be a simple software that would allow the following

- Able to process E01 and/or DD image files.
- Allows display of Graphics Video/ Office documents / PDF / emails (DBX, EML, EDB, PST, etc.)
- Keyword searching
- Tagging or bookmarking and commenting

Also, it would ideally (but not mandatory)

- Be a web-based platform
- Be available as a virtual appliance (VMWare or other)

What we don't need is the more advanced forensic stuff like HEX viewing, scripting, data carving, meta carving, unallocated space/file slack processing, etc.

I know that AccessData's FTK Lab solution allows most of the above, but it's price (around 100K to suit our needs) is too high right now and the required architecture is too complex.

Also, I've seen that Access Data / CT Summation have the CaseVault product which also has a FTK Lab-like web GUI. Has anyone used it? Is it as expensive as FTK Lab?

Does anoyone know any other good forensic/eDiscovery tool that could help me do what I need to do?

Thanks.


   
Quote
bshavers
 bshavers
(@bshavers)
Estimable Member
Joined: 20 years ago
Posts: 211
04/11/2010 3:08 am  

Some options;

X-Ways Investigator (http//www.x-ways.net/investigator/index-m.html) which is half the price of X-Ways Forensics, can read forensic images, conduct searches, includes a file viewer, can tag and comment on files, has skin tone detection and quite a bit more. It's a downsized version of X-Ways Forensics, with a simpler GUI interface for what you may be looking for with your investigators.

FTK Imager (free) can mount images as drive letters and any number of tools can be used by investigators, such as the NirSoft.net tools (free), can be used. No tagging of files really, but nothing wrong with taking notes…

Field Search (http//www.justnet.org/Pages/fieldsearch.aspx) if you are a government agency. It's free and easy to use. For looking at images, FTK Imager can mount an image as a drive letter and your investigators can use Field Search to preview it.

Any of these can be put into a virtual appliance but instead of creating an appliance, perhaps it'd be easier to burn bootable CDs with WinPE/FE (http//technet.microsoft.com/en-us/library/cc766093(WS.10).aspx | http//winfe.wordpress.com) with the pre-installed forensic/ediscovery software on the disc. Investigators can boot their machine to the disc, and review the evidence in clean environments.

I think once you start looking into web-based platforms, the dollar amount will start to rise quickly. Bells and whistles are expensive…


   
ReplyQuote
 BitHead
(@bithead)
Noble Member
Joined: 20 years ago
Posts: 1206
04/11/2010 6:42 am  

If you are using FTK 1.x, have you looked into Case Reviewer mode? And if you are using FTK3 you can control access through permissions.


   
ReplyQuote
 farmerdude
(@farmerdude)
Estimable Member
Joined: 20 years ago
Posts: 242
05/11/2010 6:16 pm  

Contact ASR Data. They've developed a solution that you might find useful and practical for your needs. I don't think it is listed on their web site but I've seen it and utilized it. A server / client architecture, and the client is any web browser. It's very cool and in my opinion targeted toward allowing access to data in an easy to navigate interface for users who are not tech savvy.

Cheers!

farmerdude

www.onlineforensictraining.com

www.forensicbootcd.com


   
ReplyQuote
Forum Jump:
  Previous Topic
Next Topic  
Share: