Software

The field of computer security is rapidly evolving. To remain relevant, Digital Forensics Solutions has to constantly adapt to new technology to meet the demands of our clients. In some cases no commercially available software is available to meet our analysis and investigation needs. When we encounter these problems we have the expertise to develop customs software solutions.

We have developed and currently maintain two open source projects that have expericied wide use within the digital forensics and security communities.

1) Registry Decoder - http://www.digitalforensicssolutions.com/registrydecoder/

The Microsoft Windows registry contains a wealth of forensically interesting evidence. To automate the acquisition and analysis of this data, we applied for and received funding from the National Institute of Justice in order to develop a tool capable of these tasks. Registry Decoder is able to acquire the active and historical registry files (System Restore and Volume Shadow Service) from running machines, which was previously undoable, as well as perform analysis on these files. The offline analysis allows investigators to browse registry hives, search across evidence within the case, run plugins against specific sets of data within the registry, view differences of multiple registry hives, and automatically report evidence found.  For more information, please see the above link.

2) Scalpel - http://www.digitalforensicssolutions.com/Scalpel/

Recovery of deleted data and file fragments is important step of many forensics investigators. Scalpel is a tool capable of performing highly efficient file carving and searching of binary data. To obtain maximum performance, Scalpel is capable of using all processors available on the host system as well as the CUDA GPU libraries to greatly enhance performance.