1 Requirement Analysis
Nowadays, Computers are widely used in all aspects of life. By using it, we communicate with others, browse Internet and process daily work. A computer stores a lot of information of the user. When a criminal activity, a violence or terrorism incident occurs, we can get valuable information or intelligence by extracting data of the related computer. Therefore, more and more attention has been paid to the computer forensics in obtaining clues of case, and discovering digital evidence. What’s more, digital evidence gradually becomes a new type of litigation evidence. Consequently, a professional, integrated and authenticated computer forensics system is becoming urgently necessary.
2 System Introduction
CFS (Computer Forensic System) is an integrated and comprehensive solution for computer forensics. With high performance devices and sufficient accessories, you can use CFS on the field or in a lab. Moreover, it is fast, portable and intuitive. CFS is a trusted platform for law enforcement agencies, military, intelligence agencies and e-discovery investigators all over the world.
3 System Functions
3.1 Disk Diagnostics & Firmware Recovery
- Scan the source disk in advance, rapidly check it within 5 seconds, avoiding the risk of damaging storage stack
- Fast recovery from common firmware problems and hidden sectors; unlock ATA encryption
- Firmware senior recovery, including read-write of firmware, heat exchange, firmware relocation, repair to slow reaction of hard disk, loading boot sector of firmware, and others
- Detecting physically bad track of hard disk, which will be troublesome for data extraction in normal condition
- One-key decryption of the encrypted firmware area of a hard drive (ATA)
3.2 Data Recovery
Comprehensively recover the data in the case of mistaken deletion, mistaken cloning, erroneous formatting, false partitions, virus, firmware damage, unstable disk head, and bad sectors.
- Fully support systems in NTFS, FAT16/32, exFAT, EXT2/3/4, HFS+ and HFSx, etc.
- Support characteristics scanning of custom files; support layer scanning and lost partitions scanning
- Support hexadecimal view of PC, laptop, hard disk, USB, SD card, TF card, voice recorder, surveillance recorder, image file and other kinds of storage devices
- Support RAID recovery, including RAID0, RAID1, RAID5, RAID6, RAID5e, RAID5ee, and HP dual cycle, allowing the options of auto/manual analysis
- Support lost partition scanning, and custom partition scanning based on partition type and size
- Support breakpoint restoring, which skips the recovered files to save the recovery time.
3.3 Data Acquisition
- Support high-speed Image Module applicable for normal HDD, USB Flash, CF cards and TF cards, etc.
- Support imaging of bad sectors.
- Support reading data by forward/backward means or reading repeatedly in order to extract more data.
- Embedded script to finish certain task.
- Support keywords to search the target.
3.4 Data Analysis
- Quickly search & locate anti-forensic software and encrypted files
- Special files detection, like the encrypted files, suspicious files
- Computer system analysis : extracting computer name, OS name, registered owners and other information
- Traces analysis: system trace analysis, surfing trace analysis, instant communication application trace analysis, email trace analysis, logs trace analysis and others
- User traces analysis: get access to logs of USB device connection and applications, last opened files, recycle bin, etc.
- Live forensic function enables investigators to gather dynamic information of running tasks.
3.5 System Emulation
- Support emulation from hard disk and image.
- Fully automatic dynamic emulation.
- Emulate the operating system of server or PC to investigate malware, database, Internet traces, and recently opened documents, etc.
- Support operating systems: Windows 2000/2003XP/Vista/ 7/8, MAC OS X 10.x, Linux (Ubuntu 13.10).
- Password bypassing for Windows and MAC OS.
3.6 Generate Report
All the procedures are in sound manner from the angle of digital forensic, and stated in the report
3.7 System Optional Accessories
||Hard Drive Duplicator
||Hard-disk disassembly device and suites
||Reduce the errors occurred during the process of disassembling disk body
||Provides IDE,SATA,SAS,USB,1394 interface write protection
||Remove data on different medium, including all types of HDD,USB thumb drive, storage cards, etc.
||high Speed Password Crack Platform
||For more than 280 kinds of commonly used encryption files
||Smart Storage of Digital Evidence
||HDD storage management system and all the devices are controlled by PC
4. System Application
- For the law enforcement, military department, intelligence bureau, digital forensics personnel
- Law enforcement investigate the criminal cases，collecting digital evidence and submitting to the court
- Field where violence and terrorism incident occurred, or lab scenario
5. System Advantages
- Provide solution customization
- High recognition of products in the solution
- Powerful and Easy to use
- Quickly and thoroughly examine all data to find actionable insights
- Refer to forensics process and standard, maintain digital evidentiary integrity at every step, get legal digital evidence
- Excellent compatibility, easy to extend
6. Flexible Platforms
- Principle and advanced technical training
- Product application practice
- Issue the certification of original manufacturers after our professional training, a qualification with global recognition