Computer Forensics & Security Software Tools
NTI's forensic software tools are used in security reviews, internal audits and computer related investigations. Some of the tools are also used to identify and eliminate sensitive data leakage in classified government agencies. They are sold separately and they are also bundled in suites of software. Some of the software tools have been tested and certified by the U. S. Department of Defense and several of the tools are mentioned in some of the top computer forensics and computer security publications and text books, e.g., Computer Forensics, Incident Response Essentials, by Kruse and Heiser, Computer Forensics, Computer Crime Scene Investigations, by John R. Vacca, and Cybersecurity Operations Handbook by Dr. John W. Rittinghouse and Dr. William M. Hancock. Site licenses and quantity prices are available. As always, NTI continues to provide deep discounts for law enforcement agencies to help stretch limited law enforcement budgets. Government clients can click here for information about GSA purchases.
Individual Software Tools:
- AnaDisk - A highly specialized floppy diskette analysis tool for use in security reviews and to identify data storage pattern anomalies, e.g., the Hansen epionage case involved floppy diskettes with unique formatting.
- CopyQM - A Floppy diskette duplication utility which is used to mass produce floppy diskettes for use in computer evidence processing and in the creation of security audit diskettes in classified government agencies.
- CrcMD5 - A file level hashing utility that is used in computer evidence processing.
- DiskScrub - A security utility that is used to securely destroy computer data on a computer hard disk drive. It meets U. S. DoD security standards.
- DiskSig Pro - A multi-purpose hashing utility that expands the capabilities of the original DiskSig utility.
- FileList Pro - A mult-purpose disk cataloging utiltiy for use with all Microsoft operating systems. This tool can also be used in the evaluation of timelines of activity and computer usage in investigations. File Convert Pro - A data conversion tool which is used to decompress the files created by the FileList Pro utility.
- FileCNVT - A utility that is used to decompress files created with the original FileList program. Please note that FileList has been upgraded and replaced with FileList Pro which is listed above. The files created by FileList and FileList Pro are not compatible because FileList Pro provides much more information about files.
- Filter_G - A patented forensic data filter that is used to identify patterns of English language grammar and sentence structure in ambient data sources.
- Filter_I - A forensic data filtering tool that is used to document findings in ambient data sources.
- Filter_N - A forensic filter used in the identification of relevant number formats. This tool is helpful in identity theft related investigations.
- FNames - A patented forensic data filter that automatically identifies English, European and Arabic names of individuals. This tool is invaluable in intelligence gathering missions and in identity theft cases.
- GetFree - A forensic ambient data collection tool which is used in security reviews and computer related investigations to capture data and file fragments associated with previously deleted files.
- GetGIF - A forensic data filter that automatically identifies and accurately reconstructs GIF file formats from computer data sources. This tool is donated free of charge to law enforcement computer crime specialists to assist in investigations involving the illegal distribution of child pornography.
- GetNames - A patented forensic data filtering tool that automatically identifies English given names of individuals stored on computer media. This tool is donated free of charge to law enforcement computer crime specialists to assist in fraud investigations.
- GetHTML - A forensic data filtering tool that is used to identify and extract HTML documents stored in ambient data and/or computer media. This tool is donated free of charge to law enforcement computer crime specialists to assist in Internet related investigations.
- GetSlack - A forensic ambient data collection tool which is used in security reviews and computer related investigations to capture data stored in the file slack associated with all of the files on a target computer hard disk drive.
- Graphics File Extractor - A forensic data filter that automatically identifies and accurately reconstructs BMP, GIF and JPG file formats from computer data sources. This tool is particularly helpful in identity theft cases and cases involving pornography.
- HexSearch - A forensic binary data search tool that is used to identify targeted graphics file content and/or foreign language words and phrases stored in the form of computer data.
- NTA Stealth - A patented computer forensic lead identification tool which is used to quickly determine the past Internet-based computer usage of a specific computer system. This tool provides significant benefits for probation and parole officers in the monitoring of computer usage by convicted sex offenders and military computer specialists who process computers in the field.
- NTA Viewer - A powerful analysis tool for use with the original Net Threat Analyzer (NTA) and the new NTA Stealth programs. This tool is used to quickly analyze the output created by those tools and it can be used to make comparisons of Internet-based computer usage on the same computer from one day to another.
- NTI Secure ToolKit - A secure alternative to PGP. This file encryption software is ideal for corporate and non-classified government use. It relies upon the U. S. NIST tested and approved AES encryption algorithm. **New**
- M-Sweep XP - A unique data security scrub utility which securely eliminates data from file slack, unallocated space (erased files) and the Windows swap/page file on DOS, Windows, Windows 95, Windows 98, Windows NT, Windows 2000, and Windows XP computer systems. It meets U. S. DoD security standards. This program does not remove all files and structures from the drive, please see DiskScrub for that capability.
- SafeBack 3.0 - The "industry standard" evidence grade hard disk drive bit stream backup software for use in the processing of computer evidence. **New Version 3.0**
- TextSearch Plus - A computer forensics Text Search utility which is used in security reviews and computer related investigations on DOS, Windows, Windows 95 and Windows 98 based computer systems to locate targeted key words, strings of text and graphic files.
- TextSearch NT - A computer forensics Text Search utility which is used in security reviews and computer related investigations on FAT 32, Windows NT, Windows 2000 and Windows XP based computer systems to locate targeted key words, strings of text and graphic files.