Designed for forensic examiners and trained investigators in law enforcement & government, as well as IT security personnel in corporations who are conducting full forensic examinations of Windows and Mac computers.

• Windows and Mac OSX file system support
• Primarily used in a forensic lab environment
• Native image support for E01, Ex01, L01, Lx01, AD1, dd and dmg format
• Search live and deleted artifacts on hard drive and live RAM captures

Powerful Search Capabilities: Search 260+ Windows and Mac Internet artifacts and recover more data from more locations.

• Recover data from social networking communications, instant messenger chats, cloud-based artifacts, P2P file sharing apps, mobile backups, webmail, web browser history, pictures and videos
• Proprietary carving technique recovers more data from unallocated space & RAM
• Searches entire logical or physical drives: E01, Ex01, L01, Lx01, AD1, dd and dmg images
• Searches Files including the pagefile.sys, hiberfil.sys, and more
• Volume shadow and zip archives copies can be analyzed as standalone sources of evidence
• Ability to search multiple drives, images, file & folders in a single search
• The Artifacts Supported page has all the specific details for Windows and Mac artifact support

Find Evidence Quickly: Get immediate search results so you can start working with the data right away.

• Use “Quick Search” preset to see what’s there and focus the investigation
• Review results in real-time without having to wait for search to complete
• Target search by artifact type, keyword and location on hard drive
• Multi-threaded support for multi-core processors improving search speed

Standardized Reporting: Flexible reporting and categorization to narrow down evidence quickly.

• Rebuild web pages in their original format on the date they were visited
• Parsed search queries for user keyword searches on major search engines
• Web history categorization - dating, cloud, classified, chat and social media sites, malware sites, pornographic sites, or create your own custom categories
• Search, filter, and bookmark important evidence
• Export report in html, pdf, excel, csv, and tab-delimited formats
• Share “Portable Case Folder” with other investigators and stakeholders
• View results in a visual graphical timeline format
• Display chat searches visually like they would appear in the original application

Trusted By Industry Leaders: Used by leading law enforcement, government, and businesses around the globe.

• Developed by a former police officer & forensic examiner
• Validated by DOD Cyber Crime Center
• Validated by the National Institute of Justice
• Trusted by thousands of organizations in over 90 countries

Adheres to Industry Standards: Maintain the integrity of the case and chain of custody.

• Integrity of file metadata maintained- no data is altered
• IEF provides the file offset/physical location of data to manually verify all results
• Be confident in the results when testifying in court

Simple to Use: Get to key evidence with only 3 clicks of the mouse.

• Single search for over 250 Internet artifacts, no need to run multiple scripts
• Start working on your case immediately; no complicated setup
• Just “set it” and “forget it” while you work on other things
• No extensive training needed

Visualization

• With IEF Timeline, view evidence in a graphical chronological timeline
• Use drill downs to isolate webmail, chat messages, social media browser history and more during a specific time-frame
• Use IEF Timeline to zero-in on specific dates in time, or spikes in a suspect’s online activity
• Timeline supports .tln and log2timeline.csv files
• Plot geo-tagged artifacts on World Map tool in IEF Report Viewer (or export to KML file for analysis with Google Earth)

Analyze Recovered Pictures: IEF includes features intended to assist law enforcement with identification and categorization of pictures recovered by an IEF search.

• Refine search results by skin tone & body part detection
• Hashing of Recovered Pictures – PhotoDNA, MD5 and SHA-1 hashes are provided for picture files recovered by IEF
• Access to the PhotoDNA feature is available at no additional cost for qualified Law Enforcement Customers. Request PhotoDNA Access
• Import Project Vic or custom hash databases to automate the identification and categorization of picture files
• Export pictures from the IEF report viewer for customers using third party picture analysis software (for example C4All)

Comparison Chart