This forensic filter utility is used to quickly make sense of non-sense in the analysis of ambient data sources, e.g., Windows swap/page files, file slack and data associated with erased files. Filter_G is a unique fuzzy logic filter that was awarded patent number 6,345,283 by the U. S. Patent Office. It is used to quickly identify patterns of English language grammar in ambient data files. Such an analysis can be helpful in making quick assessments about how a specific computer was used and the nature of prior English language communications that were involved in the past uses of a subject computer. The program can be used as a sampling tool and it is particularly useful when used to evaluate Windows swap/page files.

Be aware that the functionality of this software was contained in NTI's Filter_I prior to March, 2003. Since that time the functionality was substantially enhanced and incorporated into this program as a standalone utility. Filter_I and the related functionality is mentioned and described in the books Computer Forensics, Computer Crime Scene Investigations by John R. Vacca and Cyber Crime Investigator's Field Guide by Bruce Middleton.

FILTER_G - Primary Uses:

  • Used as an intelligence gathering tool for quick assessments of a Windows swap/page file to identify past communications on a targeted computer.

  • Used as a data sampling tool in law enforcement, military and corporate investigations.

  • Used to quickly identify patterns of English language grammar in ambient data sources.

  • Used to identify English language communications in erased file space.

FILTER_G - Program Features and Benefits:

  • DOS based for speed. The speed of operation is amazing.

  • No Software Dongle! - We know that software dongles get in the way and they restrict your ability to process several computers at the same time. That is why NTI does not use software dongles and our licensing of this software allows you to process multiple computers at the same time. NTI's goal is to make your life easier and this software was designed with ease of use in mind.

  • Automatically processes any data object, e.g., a swap file, a file constructed from combined file slack, a file constructed from combined unallocated space or a Windows swap/page file.

  • Provides output in an ASCII text format that is ready for import into any word processing application, Windows NotePad or even the DOS Edit program.

  • Can be operated in batch mode with other forensic tools and processes.

  • Operates at a high rate of speed and depending upon the CPU involved the software has the capability of processing more than 2 million bytes of data per second.

  • Capable of quickly processing ambient data files that are up to 2 gigabytes in size.

The current release is Version 1.0 and the GSA Product Number is FG1.0.
