Internet Evidence Finder Standard Edition 4.2

Internet Evidence Finder Standard Edition 4.2 comes to users as an impressive and useful application which can search a hard drive or files for Internet related artifacts. It is a data recovery tool that is geared towards digital forensics examiners but is designed to be straightforward and simple to use.

IEF v4 searches the selected drive, folder (and sub-folders, optionally), or file (memory dumps, pagefile.sys, hiberfil.sys, etc) for Internet artifacts. A case folder is created containing the recovered artifacts and the results are viewed through the IEF v4 Report Viewer where reports can be created and data exported to various formats.

IEF has gone through a great deal of revisions and transformations in its journey to Version 4. There is also now a Portable Edition of IEF v4.

Major Features:

1. New, simplified Graphical User Interface
2. 11 new searches for grand total of 30 artifacts IEF can search for (see below)
3. The file system is now also searched instead of just a sector level search
4. Can search Unallocated Clusters only, optionally including file slack space
5. On NTFS drives, the MFT (Master File Table) is searched for resident deleted files
6. All recovered data outputs to a report case folder now and viewed with the IEF Report Viewer, full report can be created or data exported to multiple formats
7. Yahoo!® Messenger existing log files are now parsed without requiring usernames
8. Yahoo!® Messenger chat log validation has been improved, with support for date ranges and message text filtering
9. The compressed data in Hiberfil.sys files is decompressed on-the-fly during searches making it easy to recover artifacts within these files
10. 5 total search functions (Quick, Full, Unallocated Only, Full – Sector level, and Files/Folders)
11. Major re-write of most old searches and program code to improve speed and stability
12. Facebook® live chat search completely rewritten to find even more chat, including damaged fragments
13. Facebook® unicode text is now converted
14. Updated MSN®/Windows Live Messenger® search re-written to find more chat, faster
15. New Portable Edition that can run on live systems
16. Portable and Standard versions can both access locked files such as the Pagefile.sys file on a live system
17. Volume Shadow Copies can be mounted and searched (Quick Search or Full – Sector Level Search) in the Portable Edition

Requirements:

• System requirements are minimal; if you have the required hardware for the operating system you are running, you can run IEF. However, a fast CPU and at least 2GB of RAM is recommended.
• The speed of the storage device being searched (or containing the files being searched) will make a large difference in speed as well. A RAID 0 or SSD set-up is recommended.