File Investigator and File Finder

Ever wish there was a better way to find files than the built in Windows search? Well, I have, not to mention, doing computer forensics it is often nice to have a piece of software to identify a file type or double check another piece of software.

Doing data recovery, you have a client that is often only interesting and in finding and recovering their 50 page Word document they were working on when their computer crashed.

Well, for the situation File Investigator (http://www.robware.com/fifilefind.htm) by RobWare is a great tool. They are nice folks and very responsive.

This program identifies files by their content rather than just the extension at the end. The software also returns also returns a lot of additional file information. In also runs very fast.

If you do data recovery, computer forensics, or are just a power user that does a lot of searching; I recommend this software.Here is some more information about the program, straight from their site:

The File Investigator Engine is the core program that identifies a file by its content rather than filename extension. You might assume that it has to be slow if it opens every file, but it is almost as fast as any other program that just reads the disk directory. MS Windows and most applications only look at a file’s extension when identifying or loading it. If the file has the wrong extension or the application doesn’t recognize the extension, then you are out of luck. Unless you have an application that uses the File Investigator Engine.

Stages that we use to identify each file:

1. Match Legal Database(s) Hash Codes (optional)
2. Match File Header/Magic #
3. Match Inter-File Pattern/Signature/Magic #
4. Match Byte Value Distribution Pattern
5. Interpret & Validate Identification
6. Match Hash Codes (Our hash DB, then the Legal DB(s))
7. Floating Header Match (Secondary)
8. Match Hash Codes (Secondary, Legal DB(s) only)
9. Match File Extension
10. Read Metadata

This engine also extracts valuable information out of many different types of files. Information like: image resolutions, sound file sampling rates, document titles, and much more. It then adds general information about that particular file type/format.

We provide Software Development Kits for Windows, UNIX & Linux programmers to take advantage of the File Investigator Engine. There are also a couple of consumer applications available.

There are many uses for this type of software.

* Identify a file that a friend or colleague gave you that Windows doesn’t recognize.
* Quickly look at a file’s details when searching for a specific file, without having to wait for an edit program to open and load each file.
* List the details for many files all on one screen. Then it is easy to zero in on a file that you were looking for.
* Organize your files by their qualities or types rather than just their file names.
* Scan files for viruses intelligently, by first identifying what type of file(s) you are scanning.
* Search confiscated hard drive(s) for Computer Forensics legal evidence.
* Verify that the file your software product is about to load is in a supported format.

PureText

Have you ever wanted to copy a word document or a webpage to save the information for later use or integrate it somewhere else?  If you have, you have probably been frustrated at grabbing all the pictures and links when you tried.

Well, Steve Miller has a great little program to help out with this problem.  It is called PureText It is a small .exe program that basically strips most pictures and formatting out before executing the paste command.  Great time saver.  As a matter I used it to grab his description of what the software does to paste it into the bottom of this article.

This can be of use in computer forensics investigations.  There may be times when you want to convey the text content of a page to your end-user without giving them the pictures on the page (sometimes they could even be illegal to transmit, i.e. child porn).  This is a great little tool for that.

Boot Utility to Delete Hard Disk Drives

I recently learned of a great SourceForge project.  Most of us know, it is dangerous to throw out or donate that old computer without “deleting” that old data off the hard drive.   If you just use an ordinary delete command, you are not actually removing the file.  The file index system is just marking that file space a available for use. 

Now days, there are  data recovery options that are available to anyone with a moderate level of computer skills.  It is not just cops and data recovery companies that can get at your private data.   There are plenty of criminals and unscrupulous individuals that have learned how to make use of your data.

 Thankfully, there is now a project on SourceForge that can help.  DBAN   DBAN is short for Darik’s Boot and Nuke.  This software will allow you to create a boot disk that can be used to wipe your entire hard drive.

 I have not personally verified the effectiveness of the software, but it looks like a really good product.  Especially considering the price, FREE.

Be aware that this will not stop the National Security Agency from recovering the data, but it will stop your common criminal and neighborhood computer geek.

 By the way… don’t throw away that old computer.  There are many non-profits that fix up old computers and give them to families that need them.  Make use of this free tool to clean the computer, and give it to people that will be grateful to have it.

Phone: (615) 208-6565 1633 W. Main St, Suite 902, Lebanon, TN