Forensic Explorer

Additional features

Comprehensive Data Access

Accesses all areas of physical or imaged media (file, text, hex level), including system files, slack space, unallocated clusters, and supports various file systems (Windows, Mac, Linux) and image formats.

Powerful Search & Indexing

Offers robust keyword searching (text, regex, hex) across entire media and email content, alongside a built-in dtSearch index capability for fast and efficient searches.

Automated Graphics Analysis (CSAM Detection)

Includes advanced image recognition and automated analysis specifically for graphics, delivering high detection accuracy with near-zero false positives, with a specialized CSAM detection add-on for law enforcement.

Live Boot Virtualization

Enables investigators to virtualize Windows and Mac forensic images or physical disks directly using VirtualBox or VMWare for live analysis of the suspect's operating environment.

Integrated Suite of Tools

Comes with standalone licenses for FEX-Triage (on-scene collection), FEX-CLI (command-line processing for automation), and Mount Image Pro (MIP) (mounting forensic images as Windows drives).

Flexible & Customizable GUI

Features a highly customizable drag-and-drop graphical user interface that supports multiple monitors and allows users to save personalized workspaces.

Powerful Scripting Capabilities

Offers an inbuilt Delphi scripting language with pre-built scripts for common tasks like metadata extraction, registry analysis, and timeline creation, enabling automation of complex investigative tasks.

Registry Analysis

Provides tools to open, examine, filter, categorize, and keyword search Windows registry hives, with options for automated analysis.

Email Support

Supports full analysis of various email formats including PST, OST, EDB, and MBOX, with integrated keyword and index search capabilities for email content.

Data Carving & Recovery

Includes an inbuilt data carving tool to recover over 300 known file types and allows for the recovery of deleted folders and partitions.

Anti-Virus & Malware Detection

Features a built-in Cisco Clam anti-virus for identifying known malicious files and supports Yara rules for identifying malware and malicious software based on customizable patterns.

Metadata Extraction & Signature Analysis

Extracts and reports file metadata (EXIF, GPS, MS Office) and automatically verifies file signatures, identifying mismatches with file extensions to detect spoofed files.

RAID Support

Allows working with physical or forensically imaged RAID media, including software and hardware RAID configurations (JBOD, RAID 0, RAID 5, RAID 6).

Shadow Copy Analysis

Easily adds and analyzes Windows shadow copy (Volume Shadow Copy Service) files to recover previous versions of data.

Hash Analysis

Supports applying hash sets (MD5, SHA1, SHA256, CRC, PhotoDNA, ProjectVic) to identify or exclude known files, and offers fuzzy and differential hashing for similarity analysis.

Network Servlet

Connects to and examines remote drives using a deployable network servlet for remote investigations.

Comprehensive Reporting

Features a custom report builder with pre-defined templates for producing detailed investigation reports.

Free Utility Tools

Offers additional free standalone tools like FEX Imager (for forensic imaging), FEX Memory Imager (for memory acquisition), and FEX Viewer (for third-party review of case files).

No Major Version Upgrade Costs

Provides access to the latest software builds without major version upgrade costs for users with valid maintenance.

Multilingual Support

Unicode compliant for searching and viewing data in native languages, and the GUI can be set to multiple languages.