Products
LimeWireTM Log Analysis Tool
The forensically sound LimeWire Log Analysis Tool (currently in BETA) automatically analyzes a variety of files residing on a hard drive where LimeWire version 4.18.8 or 5.3.x is installed (evidence files resulting from other LimeWire installations can still be manually processed by CTS engineers via an hourly consulting agreement).
In addition to others, the primary files of interest include Downloads.dat, Downloads.bak, Spam.dat, and Createtimes.cache.
By processing these files, often times a variety of case-critical information can be determined, such as:
- Universal File Name of Downloads
- Download Type
- Saved File Name
- Incomplete File Name
- Search Terms Used to Find Download
- Remote Host
- SHA1 URN
- Content Length (File Size)
- Various Other File Attributes
- SPAM Key Value Pairing of any Assigned Tokens (Users, Hosts, etc.)
- Key Value Pairing of URN (unique files and time stamps)
A forensically sound report is generated at the conclusion of each analysis regardless of whether it is performed automatically by the tool or manually by our engineers.
FoRCE: Forenisc Recovery Carving and Extraction
The carving suite, FoRCE (currently in BETA), is a breakthrough forensic data recovery and triage tool allowing even novice computer users to extract forensically sound, critical and meaningful evidence off virtually any system, drive, or digital device.
FoRCE has several unique and novel abilities when run in a dead-box* forensic environment. However, the biggest asset is in its breakthrough approach to live-box** work. The developed software, deployed on a large hard drive encased in an external USB enclosure, targets a wide user-base spanning from the “boots-on-the-ground” law enforcement and military personnel, the intelligence community, the highly trained forensic sector, and even a version designed to meet the more simplistic data recovery objectives of the general public. Deploying novel low-level “direct-disk-access” methods allows this carving tool to be run on live systems in addition to image files. This external drive can simply be plugged into any running system and executed with the click of a button. Within hours all pre-validated data; natural, deleted, corrupted, hidden, etc., is extracted and stored on the external drive. A forensic report is also automatically generated to document each file’s original location on the suspect’s hard drive and to note any and all of the minor changes that plugging a drive into a running system could have on that system, thereby preserving forensic integrity. This external drive can then be removed, plugged into any standard computer, and reviewed by even a novice user for valuable data which in some cases prevents the need for a drive to be sent off to a forensic examiner.
Not only will FoRCE revolutionize the standard forensic process, but it will be the first to bring push-button, Defense quality data recovery and evidence extraction capabilities outside of the highly technical and specialized forensic sector.
* “dead-box” forensics is performed on systems that are either discovered powered-off or are subsequently powered down so that data storage devices can be removed and copied. The original devices are then preserved and the copies are processed for evidence.
** “live-box” forensics is performed on running systems without the need to power the system down. These tools must have a minimal footprint on the running machine and are required to document any changes they make to the original system.
Additional Information
If you are interested in any of the aforementioned tools, please contact Cipher Tech Solutions via the information on the Contact Us page for additional information. Although both products are still undergoing final testing before a formal release, both solutions can be provided by our engineers through an hourly consulting agreement. In some cases we will honor BETA testing requirements.