SiQuest's flagship product is the Internet Examiner® Toolkit (IXTKTM) which was designed as a complete solution for the discovery, collection, analysis and reporting of Internet based evidence obtained from computers, hard drives, live memory dumps, the Internet, and mobile devices.
IXTK is the first forensic tool to incorporate "live" Internet investigative functionality with special features for real-time collection of evidence. It is also the first tool to implement configurable Language Themes with support for 17 different languages
IXTK recovers Internet browser artifacts; chat, email and instant messages; pictures; movies; and other information relating to social networking, peer-to-peer (file sharing) programs and cloud based services. Popular brands or vendor names supported include but are not limited to Internet Explorer, Google Chrome, Firefox, Safari, Opera, Facebook, Skype, Twitter, Kik and YouTube. IXTK also natively mounts and searches common forensic disk image formats (e.g., E01, Ex01, L01, Lx01, AFF and Raw/DD). In addition, powerful GREP Expression and keyword searching capabilities with clean carving options make it possible to find virtually any type of artifact
IXTK was originally created with the intention of supporting worldwide government and law enforcement agencies in their fight against crimes against children (e.g., child pornography, child luring), as well as, criminal offenses involving Internet related activities. Two things IXTK does particularly well is categorize picture evidence and analyze video files with individual frame extraction for early assessment review.
Today, IXTK also services private industry where matters involve corporate litigation, corporate security, due diligence, trademark and copyright infringements, theft of data, and violation of accepted use policies.
Product Features for Internet Examiner Toolkit
The following is list of features available.
|Built-in mounting capabilities for common disk image file types (.Ex01, .E01, .Lx01, .L01, .AFF, Raw, SMART). Ability to mount as drive letter in Windows is planned for release later this year.|
|Transparency. Users know how things are being searched, where they are being searched, and what is being searched for. This is reflected in verbose metadata collected for each artifact and detailed search and event logging.|
|Ability to identify and search various file systems (FAT12, FAT16, FAT32, NTFS, HFS+) with support for exFAT and EXT4 coming soon.|
|Includes an extensible and proprietary Artifact Framework to make it possible to adapt to increasing changes in internet artifacts. This framework also makes it possible for users to add their own custom artifacts.|
|Includes 4 integrated tools: Internet Examiner, Internet Extractor, NetX Discovery and NetX Live. Together, they form the first complete, multilingual solution for the identification, collection, analysis and reporting of internet artifacts and internet based evidence. Incorporates the ability to discover and collect live, online internet content.|
|Include user interface Language Themes with support for 17 different langues (Arabic, Chinese Simplified, Chinese Traditional, Dutch, English, Finnish, French, German, Greek, Italian, Japanese, Korean, Polish, Russian, Spanish, Swedish, Turkish).|
|Artifact and Keyword searches support multi-language CodePages.|
|Supports discovery and collection of artifacts for browser activity, email and chat communications, multimedia files, social networking, file sharing using Peer-To-Peer, and live online content.|
|Parses internet content for the most common browsers, namely Internet Explorer, Firefox, Google Chrome, Opera and Safari. These include but are not limited to cache, history, cookies, bookmarks and downloads.|
|Common structured files such as internet history and browser cache files are automatically decoded and parsed.|
|Internet Examiner provides multiple views for record evidence (Text, HTML, Hex, Database, Picture, Video)|
|View picture evidence as thumbnails using the built-in Gallery viewer. Any found Exif metadata is associated with each thumbnail and included in reports.|
|Built-in video player with options for playback, pause, stop, step by frame, time index seek, and frame extraction. Supports multiple file formats: 3GP, 3G2, AVI, FLV, SWF, WMV, MOV, MP4, MPEG, VOB). No separate codecs required.|
|Option to search more quickly using multi-threading. This feature is designed to take advantage of modern hyper-threaded CPUs and increased RAM capacities.|
|Built-in physical Disk Viewer lets you open any fixed or mounted disk and view its contents sector by sector. Includes the option to extract ranges of sectors as evidence and add it directly to the case.|
|Fully-featured integrated Hex Viewer with options to decode ranges of bytes into various data types using the built-in Decoder. Create child records seamlessly from swept (highlighted) bytes.|
|Organize and categorize evidence using nested Bookmark folders. Supports unlimited Parent/Child folders.|
|Create case workflow and organize key pieces of evidence using the Evidentiary Value Scoring (EVS) System. EVS implements a 0-5 number system to weigh (valuate) and sort evidence.|
|Decrypt-once support for Hiberfil.sys files. Compressed and encrypted page blocks are properly decoded on the first pass. Results are cached locally to speed up recurring searches of the same file and correct Page Block re-ordering is implemented properly.|
|Built-in Dictionary function scans all case evidence and generates lists of keywords found and groups them alphabetically. Supports discovery of mispelled words and is compatible with all Latin-based languages content. Now you can know what you don’t know!|
|Snip, Snapshot and Capture are three cool ways to record live online internet investigations. In respective order, you can create a partial or full page picture of the current browsed web page, or you can download the page’s entire contents directly into your case! This latter option includes picture files, web editing files (e.g., CSS/JS), as well as ANY download linked files on the page (e.g., .ZIP, .PDF).|
|Import extrinsic evidence into your case using integrated Notes and featuring voice recognition dictation (no voice training required). Includes multilingual dictionary option for in-place grammar and spelling corrections.|
|Create and manage complex, hierarchical keyword libraries with support for Regular (GREP) Expression and multiple language Code Pages. Keywords are used for searching case evidence and quarantining malignant or non-pertinent data.|
|Built-in Database Explorer lets you open and examine ANY SQLite database file in its native format. Exposes database schema properties and lists all Tables in the database. Records can be tagged, searched (using GREP) and exported to Excel or to another new SQLite database for further (refined) analysis. A wonderful tool for examining mobile device databases!|
|Voice Recognition has been implemented for voice dictation of notes and the synopsis (preamble) section of reports. Requires no prior voice training. Includes spell checking for English, Dutch, French, German, Protuguese and Spanish languages.|