Proof Finder Expands Functionality, Adds Mac OS and Linux Versions

Proof Finder is an advanced investigation and eDiscovery software tool that Nuix released in 2011 as a philanthropic project. Proof Finder gives customers the power to undertake small digital discovery and investigations, and quickly find evidence of issues such as fraud, inappropriate behavior and images, and intellectual property leaks.

Proof Finder is priced at $100 per year, with 100% of the proceeds from sales going to Room to Read. Room to Read is a global non-profit organization transforming the lives of children across Asia and Africa by focusing on literacy and gender equality in education.

Nuix today announced it has raised more than $250,000 for Room to Read through sales of Proof Finder. To celebrate this achievement, Nuix has expanded the functionality of Proof Finder and launched Mac OS and Linux versions of the product.“Giving back to communities in need has always been important to Nuix,” said Eddie Sheehy, CEO of Nuix. “We love that Room to Read work closely with local communities and governments to help primary school children develop literacy skills, and support girls to succeed in school and beyond.”

The latest release of Proof Finder draws powerful new functionality from Nuix’s eDiscovery and Investigator products including enhanced email threading, text summarization, automated search-and-tag operations, a map view, configuration profiles, and the ability to include or exclude files from processing by file type. It can draw from new data sources including Dropbox, Amazon S3 storage buckets, and Microsoft SQL Server databases.

Get The Latest DFIR News!

Top DFIR articles in your inbox every month.


Unsubscribe any time. We respect your privacy - read our privacy policy.

Proof Finder is now available for Mac OS and Linux (Red Hat, CentOS, Debian, and Ubuntu).

Using the funds raised from Proof Finder, Room to Read has recently helped a community in Vietnam build a new library at a primary school. Proof Finder sales have also helped Room to Read and local communities establish two school libraries in India; build schools in Laos, Nepal, and Sri Lanka; publish 9,000 local-language children’s books; and provide support for girls to complete a year of secondary education in India.

“We are so pleased with the progress Nuix has made through the popularity of Proof Finder and its entrepreneurial model,” said John Wood, Founder of Room to Read. “Every Proof Finder license sold makes a tangible contribution toward improving opportunities and quality of life for children in the developing world.”

You can find out more and purchase a Proof Finder license and contribute to Room to Read here.

Leave a Comment

Latest Videos

Quantifying Data Volatility for IoT Forensics With Examples From Contiki OS

Forensic Focus 22nd June 2022 5:00 am

File timestamps are used by forensics practitioners as a fundamental artifact. For example, the creation of user files can show traces of user activity, while system files, like configuration and log files, typically reveal when a program was run. 

Despite timestamps being ubiquitous, the understanding of their exact meaning is mostly overlooked in favor of fully-automated, correlation-based approaches. Existing work for practitioners aims at understanding Windows and is not directly applicable to Unix-like systems. 

In this paper, we review how each layer of the software stack (kernel, file system, libraries, application) influences MACB timestamps on Unix systems such as Linux, OpenBSD, FreeBSD and macOS.

We examine how POSIX specifies the timestamp behavior and propose a framework for automatically profiling OS kernels, user mode libraries and applications, including compliance checks against POSIX.

Our implementation covers four different operating systems, the GIO and Qt library, as well as several user mode applications and is released as open-source.

Based on 187 compliance tests and automated profiling covering common file operations, we found multiple unexpected and non-compliant behaviors, both on common operations and in edge cases.

Furthermore, we provide tables summarizing timestamp behavior aimed to be used by practitioners as a quick-reference.

Learn more: https://dfrws.org/presentation/a-systematic-approach-to-understanding-macb-timestamps-on-unixlike-systems/

File timestamps are used by forensics practitioners as a fundamental artifact. For example, the creation of user files can show traces of user activity, while system files, like configuration and log files, typically reveal when a program was run.

Despite timestamps being ubiquitous, the understanding of their exact meaning is mostly overlooked in favor of fully-automated, correlation-based approaches. Existing work for practitioners aims at understanding Windows and is not directly applicable to Unix-like systems.

In this paper, we review how each layer of the software stack (kernel, file system, libraries, application) influences MACB timestamps on Unix systems such as Linux, OpenBSD, FreeBSD and macOS.

We examine how POSIX specifies the timestamp behavior and propose a framework for automatically profiling OS kernels, user mode libraries and applications, including compliance checks against POSIX.

Our implementation covers four different operating systems, the GIO and Qt library, as well as several user mode applications and is released as open-source.

Based on 187 compliance tests and automated profiling covering common file operations, we found multiple unexpected and non-compliant behaviors, both on common operations and in edge cases.

Furthermore, we provide tables summarizing timestamp behavior aimed to be used by practitioners as a quick-reference.

Learn more: https://dfrws.org/presentation/a-systematic-approach-to-understanding-macb-timestamps-on-unixlike-systems/

YouTube Video UCQajlJPesqmyWJDN52AZI4Q_i0zd7HtluzY

A Systematic Approach to Understanding MACB Timestamps on Unixlike Systems

Forensic Focus 21st June 2022 5:00 am

This error message is only visible to WordPress admins

Important: No API Key Entered.

Many features are not available without adding an API Key. Please go to the YouTube Feed settings page to add an API key after following these instructions.

Latest Articles

Share to...