The Internet Evidence Finder (IEF) ищет на выбранном диске, в папках (и подпапках, по желанию), либо файлах (дампы памяти, pagefile.sys, hiberfil.sys и т.п.) интернет-историю Вашего общения в различных чатах, клиентах, программах мгновенного обмена сообщениями. Создает отчет, содержащий результаты поиска. Список поддерживаемых программ огромен и представлен ниже.


The Internet Evidence Finder (IEF) searches the selected drive, folder (and sub-folders, optionally), or file (memory dumps, pagefile.sys, hiberfil.sys, etc) for Internet artifacts.

It can currently find:
» Facebook® live chat messages
» Facebook® page fragments
» MSN/Windows Live Messenger® chat
» Yahoo!® chat
» Yahoo!® Webmail chat
» GoogleTalk® chat
» Gmail® email
» Limewire® ver 5.2.8 – 5.5.8 Search History
» Limewire.props files
» IE8 InPrivate/Recovery URLs
» Yahoo!® Messenger Group Chat
» Yahoo!® Webmail email
» Hotmail® Webmail email
» AOL® Instant Messenger chat logs
» Messenger Plus!® chat logs
» MySpace® chat
» Bebo® chat
» Non-encrypted Yahoo!® Messenger chat
» Facebook® Email “Snippets”

Depending on the items selected, IEF creates a report containing the search results or creates individual files containing the data found.

Facebook® Chat Messages
If this item is checked, IEF will search for messages sent and received using the Facebook® live chat feature. Facebook® Live Chat can be found in live memory, pagefile.sys/hiberfil.sys files, and on the hard drive in allocated and unallocated space. Information found with the message can include the Facebook® profile ID used to send/receive the message, the from/to names and ID’s, and the date/time (in UTC) that the message was sent. However, not all messages found include all this data. An HTML file is also saved to the ‘Facebook Live Chat’ folder to assist in looking up Facebook ID’s. Located messages are exported into a CSV or TSV file format in the ‘Facebook Live Chat Report’ folder.

Facebook® Page Fragments
If this item is checked, IEF will search for any Facebook® related web pages, including but not limited to the Inbox page, emails, photo galleries, groups, and so on. Most recovered items will be fragments and not the complete page, but attempts are made to recover the entire page and filter out false positives. A header is added to the fragment to aid in viewing the page. Facebook® page fragments can be found in live memory, pagefile.sys/hiberfil.sys files, and on the hard drive. Items found in this category are exported to files in the ‘Facebook pages’ folder with an .htm extension. An ‘index.htm’ file is also created in that folder; it lists source / output files along with hyperlinks to the output files.

MSN®/Windows Live Messenger Chat Messages
If this item is checked, IEF will search for chat messages sent/received using Windows Live Messenger®. Windows Live Messenger/MSN chat log files and chat fragments are found in live memory dumps, the pagefile.sys/hiberfil.sys files, and on the hard drive in allocated and unallocated space. Information found with the messages varies. If a Windows Live Messenger chat log file is found, a MessageLog.xsl file is created to aid in viewing the log file(s). Located messages are exported into text files (MSN protocol fragments), HTML files (incomplete logs), or XML files (complete logs) in the ‘Windows Live Messenger chat’ folder. An ‘index.htm’ file is also created in that folder; it lists source / output files along with hyperlinks to the output files. An option is available that will save all located chat log messages into one CSV or TSV report file. (Note: The Windows Live Messenger® search option is backwards compatible with MSN Messenger®, and these two program names are used interchangeably in IEF.)

Yahoo!® Chat Messages
If this item is checked, IEF will search for chat messages sent and received using Yahoo!® Messenger. This search option will recover chat logs found in live memory dumps, the pagefile.sys/hiberfil.sys files and allocated/unallocated space on a hard drive. The Yahoo!® Messenger local username must be provided to decrypt the messages (e.g. if the login email address used is [email protected], the username would usually be ‘chippy’). The remote username is not stored in the logs and is not recoverable. If multiple accounts are used on the same computer, you can provide IEF with all the usernames and a report file will be created for each one. A number of false positives are unavoidable, especially when multiple account logs are on the system as there is no way to determine if a log was decrypted successfully or not. Located chat messages are exported into a CSV or TSV file in the ‘Yahoo chat’ folder.

GoogleTalk® Chat Messages
If this item is checked, IEF will search for messages sent or received using GoogleTalk® live chat. These messages are left behind in live memory, pagefile.sys/hiberfil.sys files, and possibly on the hard drive. Information found with the message can include the message ID, the Sender/Recipient email addresses, and the sender/recipient’s ID. Dates and times are not available to recover at this time. This search option may also recover chat left behind from other chat programs that utilize the ‘Jabber’ chat protocol (the sender/recipient ID will be your clue, containing an abbreviated name of the client used by that person). Located messages are exported into a CSV or TSV file format in the ‘GoogleTalk’ folder.

Yahoo!® Webmail Chat Messages
If this item is checked, IEF will search for messages sent or received using the live webmail chat found in Yahoo!® Webmail. These messages are left behind in live memory, pagefile.sys/hiberfil.sys files, and possibly on the hard drive. Information found with the message can include the Status number, the version number and vendor ID, the session ID, and the Sender/Recipient usernames. Dates and times are not available to recover at this time. Located messages are exported into a CSV or TSV file format in the ‘Yahoo Webmail Chat’ folder.

Gmail® Email
If this item is checked, IEF will search for Gmail® email fragments left behind in live memory. The fragments may be also found in the pagefile.sys/hiberfil.sys files and possibly the hard drive. Information found will vary and no proper format has been determined at this time. IEF will do its best to clean up the located fragment and convert encodings into a more readable format. Some fragments will be of the folder view with the sender name/address, subject, and first segment of the body of the email. Located Gmail® fragments are exported into a text file format (.txt) in the ‘Gmail’ folder. An ‘index.htm’ file is also created in that folder; it lists source / output files along with hyperlinks to the output files.

Limewire® Search History
If this item is checked, IEF will look for search keywords left behind in live memory by Limewire® (tested with Limewire® v5.2.8 – 5.5.8). They are also found in the pagefile.sys/hiberfil.sys files and possibly unallocated space on the hard drive. Search keywords/terms that are recovered have an associated number indicating how many search results were returned for that search term at the time the keyword was left in memory. The recovered search terms are search keywords that were entered by the local user. Other search keywords that were passed through the client (“Incoming Searches”) from other clients on the P2P network are not recovered. Located search keywords are exported into a CSV or TSV file format in the ‘Limewire Search History’ folder.

Limewire.props files
If this item is checked, IEF will look for fragments of Limewire.props files. Fragments of these files are found in live memory, the pagefile.sys/hiberfil.sys files and on the hard drive in allocated and unallocated space. These files contain configuration data for the Limewire® peer to peer file sharing client and can include geolocations, recent downloads, and many other useful items. Located file fragments are exported into .txt (text) files in the ‘Limewire.props files’ folder. An ‘index.htm’ file is also created in that folder; it lists source / output files along with hyperlinks to the output files.

IE8 InPrivate/Recovery URLs
If this item is checked, IEF will look for URLs visited during InPrivate browsing in IE8 and URLs saved in Internet Explorer recovery files. These URLs are left behind in live memory, the pagefile.sys/hiberfil.sys files and on the hard drive in unallocated space. At this time, there is no known method of distinguishing between these two types of URL artifacts. Also found with the URLs is a page title or description, but this is not always present. Located URLs and titles/descriptions are exported into a CSV or TSV file format in the ‘IE8 InPrivate and Recovery URLs’ folder.

Yahoo!® Messenger Group Chat
If this item is checked, IEF will look for messages sent or received in Yahoo!® Messenger Group chat rooms. These chat messages are left behind in live memory, the pagefile.sys/hiberfil.sys files and possibly on the hard drive. Information found within these fragments can include the date/time, the username that sent the message, and the message itself. The name of the Yahoo! Messenger group that the message is sent within is not available to recover. Located messages are exported into a CSV or TSV file format in the ‘Yahoo Messenger Group Chat’ folder.

Yahoo!® Webmail email
If this item is checked, IEF will search for Yahoo!® webmail left behind in live memory, pagefile.sys/hiberfil.sys files, and on the hard drive in allocated and unallocated space. Multiple types of Yahoo!® webmail interfaces are supported, including ‘Classic view’ and the New Yahoo! Webmail view. Recovered email messages, email compose pages, and folder views are located and saved to .htm (HTML) files in the ‘Yahool webmail’ folder. An ‘index.htm’ file is also created in that folder; it lists source / output files along with hyperlinks to the output files.

Hotmail® Webmail email
If this item is checked, IEF will search for Hotmail® webmail left behind in live memory, pagefile.sys/hiberfil.sys files, and on the hard drive in allocated and unallocated space. Recovered email messages, contact listings, and folder views are located and saved to .htm (HTML) and .txt (text) files in the ‘Hotmail webmail’ folder. An ‘index.htm’ file is also created in that folder; it lists source / output files along with hyperlinks to the output files.

AOL® Instant Messenger chat logs
If this item is checked, IEF will search for AOL® Instant Messenger (AIM) chat logs. These logs are left behind in live memory, pagefile.sys/hiberfil.sys files, and on the hard drive in allocated and unallocated space. Each log recovered is saved to an individual HTML (.htm) file. A ’styles.css’ style sheet file is created to aid in viewing these logs. Located logs are saved in the ‘AIM chat’ folder. An ‘index.htm’ file is also created in that folder; it lists source / output files along with hyperlinks to the output files.

Messenger Plus!® chat logs
If this item is checked, IEF will search for Messenger Plus!® chat logs. Messenger Plus! is an add-on for Windows Live Messenger/MSN Messenger that adds a number of features to the chat program. These chat logs are left behind in live memory, pagefile.sys/hiberfil.sys files, and on the hard drive in allocated and unallocated space. Located chat logs are saved into individual HTML (.htm) files in the ‘Messenger Plus! chat’ folder. An ‘index.htm’ file is also created in that folder; it lists source / output files along with hyperlinks to the output files.

MySpace® chat
If this item is checked, IEF will look for messages sent or received in MySpace® live chat. These chat messages are left behind in live memory, the pagefile.sys/hiberfil.sys files and possibly on the hard drive. Information found within these fragments can include the status of the message, the date/time, the sender ID, target ID, and the message itself. An HTML file is created to assist in looking up the MySpace ID’s. Some user info is also recoverable, such as the real name/username associated to a MySpace ID, image URL, and other information. This information is saved to a ‘User Info’ file in the ‘MySpace chat’ folder. Located messages are also exported into a CSV or TSV file format in the ‘MySpace chat’ folder.

Bebo® chat
If this item is checked, IEF will look for messages sent or received in Bebo® live chat. These chat messages are left behind in live memory, the pagefile.sys/hiberfil.sys files and possibly on the hard drive. Information found within these fragments can include the status of the message, the date/time, the sender username, target username, and the message itself. Located messages are exported into a CSV or TSV file format in the ‘Bebo chat’ folder.

Non-encrypted Yahoo!® Messenger chat
If this item is checked, IEF will search for non-encrypted chat messages left behind by Yahoo!® Messenger. These messages are artifacts from the actual Yahoo!® Messenger chat window and are found in memory dumps and the pagefile/hiberfil.sys files. No username(s) are required to recover these messages. Messages of this type include the sending user name, the date/time (local time, not UTC), and the message itself. The recipient is not found in these fragments but can usually be ascertained by viewing the chat conversation. Located messages are saved to a CSV or TSV file format in the ‘Yahoo chat – Non-encrypted’ folder.

Facebook® Email “Snippets”
If this item is checked, IEF will search for Facebook® email “snippets” (previews of a full email message) left behind in live memory, pagefile.sys/hiberfil.sys files, and on the hard drive in unallocated space. This artifact is left behind when a user is viewing their Inbox or Sent Messages folder in their Facebook® account. It can include the Subject line, Original Author user ID, Recent Authors user IDs (the participants of the email conversation), Time Last Updated (the last time a message was posted in the thread), thread ID (ID# of the message in the user’s mailbox), and the “snippet” itself. Located “snippets” are exported into a CSV or TSV file in the ‘Facebook Email Snippets’ folder.
Limitations
» The file offset/physical sector location will point to where the search hit occurred. Due to the varied formats and data processing/additions/deductions for presentation purposes, this may not always be the exact start of the exported data, but provides the general area in the file or on the disk that the item was located.
Requirements

IEF has been tested on Windows XP, Windows Vista, Windows XP 64-bit, Windows Server 2008 64-bit, and Windows 7 (32-bit and 64-bit). It should run fine on Windows 2000/2003 Server but will NOT run on Windows 9x.

» Version 3.5.1 updates:
» Bug fixed that stopped IEF in some cases from loading when in demo mode.

Оф.сайт / Homepage: http://www.jadsoftware.com/go/?page_id=141
ОС: Windows XP and Windows Vista/7
Язык / Language: Английский (English)
Размер / Size: 1.90 Mb

JADsoftware.Internet.Evidence.Finder.v3.5.1-Lz0:


Скачать/Download - FileFactory

Зеркало/Mirror - DepositFiles

Зеркало/Mirror - Hotfile.com

Зеркало/Mirror - Uploadbox.com

Пароль/Password: www.2baksa.net

Уважаемые пользователи nowa.cc и 2baksa.ws. У нас сложилось тяжёлое финансовое положение. Мы работаем для вас вот уже более 15 лет и сейчас вынуждены просить о помощи. Окажите посильную поддержку проектам. Мы очень надеемся на вас. Реквизиты для переводов ниже. WMZ: 826074280762 WME: 804621616710 4100117770549562 Спасибо за поддержку!

Внимание! Всегда проверяйте анти-вирусом файлы, полученные по ссылкам в комментариях! Attention! Always check files you download from links in comments with your anti-virus software!

Для добавления комментариев необходимо зарегистрироваться на сайте