Atola Technology

Atola Insight Forensic 4.10 – Search of forensic artifacts in the course of imaging

On December 5 Atola Technology releases Atola Insight Forensic 4.10.

The key feature is the search of artifacts capability while imaging a source evidence media. It allows to search the source drive for credit cards, emails, URLs, IPs, GPS coordinates, phone numbers, keywords etc. in the course of imaging. This feature will help forensic specialists expedite investigation in urgent cases or when dealing with a damaged drive that takes hours to image.

The full list of Atola Insight Forensic 4.10 changes can be found here: Atola Insight Forensic Changelog.

Imaging settings now have a new Artifacts tab where different types of artifacts can be selected and lists of keywords or regular expressions can be uploaded.

For each of the artifacts, we have not simply applied well-known algorithms (e.g. Luhn formula used to validate credit card numbers). We have developed our own smart filters to eliminate false results (e.g. if there are two slashes near the number that has preliminarily been identified as a credit card number, that will eliminate it from the search results, as it is likely to be a part of a URL).

We have added a new Artifacts tab in the bottom part of Insight’s imaging window: the numbers of the found artifacts and the corresponding diagram change on the go.

The list of found artifacts is opened by a click on any of the categories or the diagram itself.

In the table, each artifact’s Value is shown in the context (including 20 bytes before and 20 bytes after the artifact), the LBA and the offset are also displayed in the table to help locate the artifact.

There are many options to help find, sort, filter and view the artifacts: it is possible to view one or a few categories of artifacts in one list, use the search bar to find a specific value, filter results for unique values by clicking the Show only unique artifacts link.

The latter option is quite valuable as it helps identify the values most frequently occurring on the drive. It often accelerates the whole process of specific artifact search.

For more information about the Artifacts feature please read our next week’s blog post or follow this link to our manual:
http://atola.com/products/insight/manual

Where to buy

If you still do not have an Atola Insight Forensic and would like to place an order, this can be done directly via Atola Technology, or from a distributor near you:

http://atola.com/wheretobuy/

Please contact our Atola Technology sales to receive more specific information:

P.S. Dear customers, we appreciate your feedback and will take it into account when making changes to the product. Therefore, please feel free to write your thoughts or ideas as comments below.

Atola Insight Forensic - All-in-one forensic data recovery tool. In-depth disk diagnostics, disk duplication and wiping, firmware and file recovery.
No Comments

No comments. Be the first.

Leave a comment