GetFree - Forensic Data Capture Tool

DoD Tested and Certified!

GetFree software is used to capture all of the unallocated file space on DOS, Windows, Windows 95 and Windows 98-based computer systems. The program can be used to identify leads and evidence. It is also effectively used to validate the secure scrubbing of unallocated storage space with programs like NTI's M-Sweep ambient data deletion software.

When GetFree software is used as an investigative tool, it eliminates the need to restore potentially hundreds or thousands of files on computer hard disk drives and floppy diskettes. The software was primarily developed as a computer forensic tool for use in computer-related investigations and internal audits. However, GetFree has also proven to be an ideal tool for use in computer security risk assessments because the software automatically captures the data associated with unallocated file space. Such data can be reviewed and analyzed using other NTI forensic tools, e.g., Filter_G, NTA Stealth and Graphics Image File Extractor. The program and its uses are described in Computer Forensics, Incident Response Essentials by Warren G. Kruse II and Jay G. Heiser, Cyber Crime Investigator's Field Guide by Bruce Middleton and Cybersecurity Operations Handbook by Dr. John W. Rittinghouse and Dr. William M. Hancock.

GetFree Software - Primary Uses:

• Calculates the amount of unallocated storage space on a computer storage device.



• Automatically captures all logical unallocated storage space on one or more computer hard disk drives and floppy diskettes.



• Captures the contents of a dynamic Windows swap file for analysis with other tools.



• Used in internal audits, security reviews and computer-related investigations.



• Validates the effectiveness of computer security data scrubbers.



• Identifies classified data spills in unallocated data storage areas.



• Identifies violations of company policy through the identification of sensitive data leakage into unallocated storage space.



• Used very effectively with NTI's Image File Extractor in investigations involving computer generated graphic file images, e.g., child pornography investigations.

GetFree - Program Features and Benefits:

• DOS-based for speed and ease of use.



• No Software Dongle! - We know that software dongles get in the way and they restrict your ability to process several computers at the same time. That is why NTI does not use software dongles and our licensing of this software allows you to process multiple computers at the same time. NTI's goal is to make your life easier and this software was designed with ease of use in mind.



• Compact program size easily fits on one floppy diskette with other forensic software tools.



• Non-printable characters (ASCII values 0-31 and non ASCII values 127-255) are skipped, at the option of the user. This feature is used when the tool is used to validate the results when a security scrubber has been used to eliminate data associated with "erased files".



• Does not alter any data on the target computer and can therefore be operated covertly.



• Captures unallocated clusters marked as bad (by a user or the operating system) in the event that sensitive data is stored in sectors associated with such clusters.



• Compatible with DOS, Windows 3.x, Windows 95 and Windows 98.



• Estimates the output storage space needed for the data capture prior to use.



• Processes more than one logical drive in one work session.



• Automatically increments the output file names and prompts the user for additional removable media in the event additional storage space is needed in achieving the data capture.



• Supports 12-bit, 16-bit and 32-bit FAT types (32-bit FATs).



• If 32-bit FAT (FAT32) file systems are involved, GetFree should be run with a FAT32 aware version of DOS, e.g., DOS 7x.



• Automatically creates output files which are less that 2 gigabytes in capacity. This aids in the analysis of the output files and avoids the 2 gigabyte DOS file limitations.

The current release is Version 1.7 and the GSA Product Number is GF1.7. U. S. Government clients should click here for information about GSA purchases.