Forensic Explorer

Accesses all areas of physical or imaged media (file, text, hex level), including system files, slack space, unallocated clusters, and supports various file systems (Windows, Mac, Linux) and image formats.

Offers robust keyword searching (text, regex, hex) across entire media and email content, alongside a built-in dtSearch index capability for fast and efficient searches.

Includes advanced image recognition and automated analysis specifically for graphics, delivering high detection accuracy with near-zero false positives, with a specialized CSAM detection add-on for law enforcement.

Enables investigators to virtualize Windows and Mac forensic images or physical disks directly using VirtualBox or VMWare for live analysis of the suspect's operating environment.

Comes with standalone licenses for FEX-Triage (on-scene collection), FEX-CLI (command-line processing for automation), and Mount Image Pro (MIP) (mounting forensic images as Windows drives).

Features a highly customizable drag-and-drop graphical user interface that supports multiple monitors and allows users to save personalized workspaces.

Offers an inbuilt Delphi scripting language with pre-built scripts for common tasks like metadata extraction, registry analysis, and timeline creation, enabling automation of complex investigative tasks.

Provides tools to open, examine, filter, categorize, and keyword search Windows registry hives, with options for automated analysis.

Supports full analysis of various email formats including PST, OST, EDB, and MBOX, with integrated keyword and index search capabilities for email content.

Includes an inbuilt data carving tool to recover over 300 known file types and allows for the recovery of deleted folders and partitions.

Features a built-in Cisco Clam anti-virus for identifying known malicious files and supports Yara rules for identifying malware and malicious software based on customizable patterns.

Extracts and reports file metadata (EXIF, GPS, MS Office) and automatically verifies file signatures, identifying mismatches with file extensions to detect spoofed files.

Allows working with physical or forensically imaged RAID media, including software and hardware RAID configurations (JBOD, RAID 0, RAID 5, RAID 6).

Easily adds and analyzes Windows shadow copy (Volume Shadow Copy Service) files to recover previous versions of data.

Supports applying hash sets (MD5, SHA1, SHA256, CRC, PhotoDNA, ProjectVic) to identify or exclude known files, and offers fuzzy and differential hashing for similarity analysis.

Connects to and examines remote drives using a deployable network servlet for remote investigations.

Features a custom report builder with pre-defined templates for producing detailed investigation reports.

Offers additional free standalone tools like FEX Imager (for forensic imaging), FEX Memory Imager (for memory acquisition), and FEX Viewer (for third-party review of case files).

Provides access to the latest software builds without major version upgrade costs for users with valid maintenance.

Unicode compliant for searching and viewing data in native languages, and the GUI can be set to multiple languages.