BlackLight 可以快速分析電腦儲存區和移動設備。它揭示了用戶的行為，現在甚至包括對內存圖像的分析。BlackLight允許輕鬆搜索，過濾和篩選大型數據集。它可以在邏輯上獲得Android和iPhone / iPad設備，在Windows和Mac OS X上運行，並且可以在一個界面內分析來自所有四個主要平台的數據。它只是智能，全面分析的最佳選擇。
EASILY UNCOVER USER ACTIONS
BlackLight’s Actionable Intel view allows examiners to view various data points that can be attributed to a user's actions. Traces of potentially important user activity from many disparate locations are organized for practical, efficient examination. Elements include:
Windows Registry artifacts - recently executed files and programs, link files, jumplists, Prefetch and Superfetch data
Device connection data for all devices previously connected to the system, including USB device connection dates/times and the associated user account
iOS device backups
Recent file downloads
Trash (for Mac OS X volumes) and Recycle Bin (for Windows volumes)
Current and deleted user account info
ANALYZE WINDOWS MEMORY FILES
Analyzes several types of memory files, including raw dumps, Hibernation files (Windows Vista to Windows 10), pagefile.sys, and crash dumps (full, from Windows Vista or 7)
Performs file carving and bulk extraction content searches (for numerous items such as URLs, addresses, phone numbers, etc.)
Features a Memory subview for analyzing processes, libraries, sockets, handles, and drivers
Processes memory files many times faster than traditional open-source forensic tools
FILE FILTER VIEW
EFFICIENTLY SIFT THROUGH LARGE DATA SETS
BlackLight's signature File Filter view includes examiner-defined filter options to quickly pinpoint relevant data within large data sets. Filter criteria include:
File name, kind, size, or extension
Date created, modified, or accessed
Picture metadata attributes, including GPS coordinates and camera (iPhone/iPad device) type
Positive and negative hash set filtering
Examiners may apply any number of filters or inverse filters to quickly isolate important data from system files or base application files. BlackLight comes with several pre-set file filters, including those that filter by file type, file attribute, geolocation coordinates, and source device type.
FIND THE PICTURE AND VIDEO EVIDENCE YOU NEED
BlackLight's Media view has built-in support for all commonly used picture and video file types, and it includes several helpful and examiner-oriented analysis features, such as:
Built-in GPS Mapping:
All media files containing GPS data will be identified with a placemark badge
Examiners can view media geolocation data on a Mercator map (offline) or using Google Maps (online) directly from the built-in GPS view
Proprietary Skin Tone Analysis Algorithm:
Sort picture and video files by the skin tone percentag...
busTRACE 是廣泛的bus(匯流排)與device(裝置)的分析工具，主要使用在系統OEMs，周邊OEMs、軟體開發商、USB 開發商和儲存裝置開發商，全世界用戶都可廣泛使用。
busTRACE Start Menu
►Select from a list of available busTRACE applications
Capture I/O Activity
►Capture I/O activity on local or remote computers
►Allow remote busTRACE users to capture I/O activity
Generate I/O Activity
►Send a single CDB to a storage device
►Send a sequence of CDBs to a storage device
►Perform a read/write/compare stress test
►View ATA/ATAPI Identify information
►Check for device and I/O subsystem defects
►busTRACE Storage Manager
►NUMA Node Performance Tester
►CD/DVD Exclusive Access Status
Simulate Device Faults
►Simulate a failure on one or more specified devices
►View Device Command Descriptor Blocks
►View Device Sense Codes
Capture I/O Activity
Generate I/O Activity
檢查設備和I / O子系統錯誤測試
CD/DVD Exclusive 登入情形
Simulate Device Faults
View Device Command Descriptor Blocks 瀏覽設備命令列符號
View Device Sense Codes 瀏覽設備檢測代碼
Docklight 是一種序列埠通訊協議的檢測、分析和模擬工具。讓你可以監控兩個序列埠裝置的通訊，或是檢測單一個序列埠裝置的通訊。Docklight 廣泛的被使用在各種工業環境中，包括自動化控制、通訊、汽車、設備製造商和embedded／消費產品上。Docklight可以在Windows 10, 8, 7, Vista或Windows XP作業系統運作。
延伸的Docklight Scripting軟體提供了一個易於使用的程式語言和一個內建的編輯器來創建並運行自動化檢測工作。Docklight Scripting還具有連網功能，允許TCP或UDP連線。
Docklight RS232 Terminal / RS232 Monitor
Simulating serial protocols - Docklight can send out user-defined sequences according to the protocol used and it can react to incoming sequences. This makes it possible to simulate the behavior of a serial communication device, which is particularly useful for generating test conditions that are hard to reproduce with the original device (e.g. problem conditions).
Logging RS232 data - All serial communication data can be logged using two different file formats: use plain text format for fast logging and storing huge amounts of data. Or create a HTML file with styled text that lets you easily distinguish between incoming and outgoing data or additional information.
Detecting specific data sequences - In many test cases you will need to check for a specific sequence within the RS232 data that indicates a problem condition. Docklight manages a list of such data sequences for you and is able to perform user-defined actions after detecting a sequence, e.g. taking a snapshot of all communication data before and after the error message was received.
Responding to incoming data - Docklight lets you specify user-defined answers to the different communication sequences received. This allows you to build a basic simulator for your serial device within a few minutes. It can also help you to trace a certain error by sending out a diagnostics command after receiving the error message.
Docklight will work with the COM communication ports provided by your Windows operating system. Physically, these ports will be RS232 SUB D9 interfaces in many cases. However, it is also possible to use Docklight for other communication standards such as RS485 and RS422, which have a different electrical design to RS232 but follow the RS232 communication mechanism.
Docklight has been successfully tested with a vast range of serial devices and drivers. This includes many popular USB-to-RS232 converters, Virtual Null Modem drivers like com0com, Bluetooth serial port and modem drivers, Arduino serial ports, and many other Embedded hardware devices that appear as a COM port in the Windows Device Manager.
Windows 10, Windows 8, Windows 7
Minimum one COM port available. Two COM ports for monitoring communication between two serial devices
For RS232 monitoring using Docklight Tap or Docklight Tap Pro: one USB port
DymaxIO 是快速數據軟體。它是最具成本效益、最易和不可或缺的解決方案,可提高輸送量並加快 I/O 性能,因此系統和應用程式以最高速度運行。DymaxIO 利用 AI(人工智慧)來檢測和部署適用於精確單個系統的適當性能增強技術,以便組織可以在硬體上不超支的情況下提高性能。
Condusiv 保證您將比使用 DymaxIO 的系統獲得更好的性能。如果你想要快速的數據,你想要DymaxIO。無需新硬體,無需重新啟動
I/O Inefficiencies that Rob Performance
There are 2 severe I/O inefficiencies that cause performance and reliability problems.
First, is caused by the behavior of the Windows file system. It will tend to break up writes into separate storage I/Os and send each I/O packet down to the storage layer separately and this causes I/O characteristics that are much smaller, more fractured, more random than they need to be.
Second is storage IO contention, also known as the I/O Blender Effect, which happens when you have multiple systems all sharing the same storage resource, such as multiple VMs all sending small, random I/Os down through the same hypervisor.
Your performance is penalized twice by these storage I/O inefficiencies causing systems to process workloads about 50% slower than they should.
DymaxIO dynamically accelerates data for maximum I/O performance. By solving I/O inefficiencies at the source, DymaxIO
Proactive and Efficient Server Performance Optimization
DymaxIO contains thin file system drivers, that installs (no reboot required) on Windows VMs or physical servers and performs optimizations inline automatically while running transparently in the background with near-zero overhead to the server. What little CPU cycles are needed to run at lowest priority so as not to interfere with server operations in the event that CPU cycles are needed by other applications or processes.
DymaxIO contains a suite of patented technologies that optimize the Windows Storage I/O subsystem so that applications can get to and from the storage layer much faster and process a lot more data.
Some organizations may react to performance challenges by throwing expensive new hardware at the problem. Overbuying and overprovisioning for more IOPS or data throughput might mask the underlying problem for a while, but it does not solve the root cause of performance issues. The quickest, most inexpensive, and least disruptive approach to more performance is simply installing DymaxIO fast data software on all of your Windows systems and watching performance problems disappear.
Keep your Windows systems running better than new with DymaxIO fast data software
• Delivers accelerated I/O performance for Windows systems whether physical, virtual, or in the cloud...
Stratus Engineering是工程設計服務公司，專門從事電子產品和軟件嵌入式系統。提供的產品EZ-Tap™ 和 EZ-Tap Pro™ 是用於監測與記錄RS232通訊埠數據，最經濟又簡潔的方案
• Easy-to-use inline passive RS232 connection
• NO bulky cabling
• Standard DB9 connector pinout
• Camera-style "mini-B" connector
• USB access from MS Windows host computer
• Driver software for MS Windows 2000/XP/Vista/7
• FREE data monitoring application software
RS-232 Passive Tap Module
Stratus Engineering's EZ-Tap hardware module is a low-cost hardware solution that uses a traditional dual COM port approach to RS232 interface monitoring.
EZ-Tap is fully compatible with Stratus Engineering's FREE EZ-View monitoring software as well as most 3rd-party dual COM port/ serial port monitoring programs and eliminates bulky cabling typically associated with these solutions.
Baud rates up to 230400*
Purchase EZ-Tap™ Now!*For baud rates above 9600,
we recommend EZ-Tap Pro™ - below.
RS-232 Passive Tap Module
Stratus Engineering's EZ-Tap Pro hardware module RS232 sniffer is a sophisticated hardware solution that overcomes latency and time-tagging problems associated with traditional dual COM port monitoring solutions.
EZ-Tap Pro features state-of-the art electronics that provides extended functionality:
Exact hardware microsecond time tagging of all RS232 data and handshaking events
Captures and time tags state changes on all 6 RS-232 handshaking lines
Supports baud rates up to 921600 bps
Supports 3.3V/5V TTL and RS232 voltage levels
EZ-Tap Pro offers these capabilities at a fraction of the cost of the nearest competitor and is available in the same small, convenient mechanical form factor as the original EZ-Tap module.
LatencyMon 是一款專業的音頻檢測軟體，可檢測出電腦上各個驅動的狀態，特別是聲卡驅動的延遲情況，LatencyMon 檢測出電腦音頻延遲、點擊和持久性噪點的原因，了解聲卡驅動是否適配電腦。LatencyMon 還提供了ISR監視器、DPC監視器和pagefault顯示器的功能，播放音樂和玩遊戲的時候，如聲音播放出現問題的話，LatencyMon可檢測問題原因出自何處，雖不能提供解決方案，卻可以掃描出所有的音頻問題。
The audio latency problem
Windows is not a real-time operating system. All requests to the operating system are delivered on a best effort basis. There are no guarantees whatsoever that requests are delivered within a certain time frame, which are the characteristics of a real-time operating system. That is not a problem for most devices and tasks but this is bad news for audio applications (which are considered soft real-time) because they need to deliver data to the subsystem and the hardware in buffers several times per second. If one or more buffers miss their deadlines and are not delivered in time it has audible consequences which are recognized as dropouts, clicks and pops.
About DPCs and ISRs
The Windows thread dispatcher (also known as scheduler) which is part of the kernel executes threads based on a priority scheme. Threads with higher priority will be given a longer execution time (also known as quantum or time slice) than threads with a lower priority. However the kernel also knows other types of units of execution known as interrupt service routines (ISRs). Devices connected to the system may interrupt on a connected CPU and cause their interrupt service routines to execute. An interrupt can occur on the same processor that an audio program is running on. Any thread that was running on the processor on which an interrupt occurred will be temporarily halted regardless of its priority. The interrupt service routine (ISR) is executed and may schedule a DPC (Deferred Procedure Call) to offload an amount of work. The DPC will most likely run immediately on the same processor which means the audio application will halt until both the ISR and the DPC routines have finished execution. That is because ISRs and DPCs run at elevated IRQL which means they cannot become preempted by the thread dispatcher (scheduler). Therefore to guarantee responsiveness of the system, ISR and DPC routines should execute as fast as possible. Guidelines say that they should not spend more than 100 µs of execution time however this is often not reached due to hardware factors beyond the control of the driver developer. If execution time gets too high, the audio program may be unable to deliver audio buffers to the hardware in a timely manner.
About hard pagefaults
Windows uses a concept of virtual memory which relies on the page translation system provided by the CPU. Whenever a memory address is requested which is not available in physical memory (not resident), an INT 14 will occur. The OS provided INT 14 handler will decide how to proceed next. If the page in which t...
MOBILedit Forensic Express 是一款功能強大且先進的軟體，它使用戶能夠分析其行動設備，生成報告，從電話和雲端服務中提取數據，它是一個包含所有有用和必需工具和功能的一體式軟體平台
Forensic Express提供最大的功能，而價格僅為其他工具的一小部分。它可以用作實驗室中的唯一工具，也可以通過其數據兼容性來增強其他工具的功能。與Camera Ballistics集成後，它將科學地分析相機的照片來源。
Phone extractor with extremely wide range of supported phones
Password breaker with GPU acceleration and multi-threaded operation for maximum speed
iTunes backup analyzer
Android ADB backup analyzer
Applications data analyzer
Deleted data recovery
Cellebrite UFED data analyzer
Cellebrite UFED data generator
Oxygen data analyzer
Oxygen Forensic Detective
Oxygen Forensic Detective套件是一套從行動裝置中檢索眾多的應用程式數據軟體。 在應用程式中，手機取證分析軟體可查看預安裝的列表和由這些程式創建的文件與用戶應用程式。每個應用程式可以包含有價值的用戶數據，如密碼、日誌、歷史記錄、文件等。
Sony MTK Dump
Oxygen Forensic® Detective 13.3 implements a new extraction method entitled “Sony MTK Dump”. This method allows investigators to bypass the screen lock and create a full physical dump of Sony devices based on MTK chipsets with Full Disk Encryption (FDE). If Secure Startup is enabled, investigators can use the built-in brute force module to find the user passcode. Supported devices include Sony XA1, Sony L1, Sony L2, and Sony L3.
New Method for Qualcomm Devices
This update also offers a new method of extraction for Android devices based on Qualcomm chipsets. If a device is unlocked and has Security Patch Level (SPL) no later than February 2020, investigators can apply a built-in exploit to gain temporary root rights and perform a file system acquisition. This method covers multiple devices based on over 25 variations of Qualcomm chipsets running Android OS 7-9.
In version 12.5, we introduced the ability to make screenshots of Android data via our OxyAgent. Oxygen Forensic® Detective 13.3 enables video screenshots in a semi-automated or manual mode. Please note that apps preventing a screen capture (e.g., Telegram, WickreMe, VIPole) are not supported with this new upgrade to OxyAgent.
Search for Similar Faces
Oxygen Forensic® Detective provides investigators with a wide range of built-in analytical and time-saving features. With the release of Oxygen Forensic Detective version 13.3, investigators can conduct searches for specific faces in one or more extractions. To do this, open the Search section and navigate to the Face Sets tab. From there, investigators can create a unique set of reference images by uploading photos of people whom they need to identify in the extraction. Investigators can also adjust the percentage of resemblance. The higher the threshold, the more accurate the results will be. Once the search has completed, investigators will see the search results along with all detailed information (age, emotion, resemblance, etc.) within the interface.
Application Activity Analysis
Application activity analysis is often vital for malware detection. With this in mind, we have introduced a new tab, “Application activity”, in the Timeline section. It allows investigators to gain quick insights into the activity of applications extracted from Apple iOS and Android devices as well as computers.
Tinder and OkCupid Cloud Data
The updated Oxygen Forensic® Cloud Extractor brings support for two popular dating apps – Tinder and OkCupid. Authorization in the Tinder cloud is supported via phone number or Google account. If 2FA is ena...
TreeSize Professional 是一款 Windows 下强大靈活的硬碟空間管理工具。它可以幫你找出硬碟上最大的目錄以及它占用的空間。TreeSize Professional 支援空間大小、顯示、分配空間和佔用空間、文件數、3D工具條和分配圖、最近使用數據、文件作者、NTFS 壓縮率等資訊，同時支援搜尋文件。
搜尋的結果可以移動刪除或是匯出，該軟體類似瀏覽器界面，快速多線程，可以導入導出 Excel、HTML 或ASCII 文件。按用戶或擴展名分組搜索；保存為 XML 文檔；XML文檔對照等。你可以列印出詳細的報告，或是把收集到的資料匯出 MicrosoftExcelworkbook 或是 HTML, XML or text 文字檔。
TreeSize version 7 released
Scan Amazon S3 storage, Linux and Unix servers in addition to Windows and enjoy the optimized user experience!
TreeSize version 7 now provides access to your data stored in the Amazon S3 cloud object store, lets you scan it and search for specific files. In this way you can easily save costs, as every GB is finally accounted for here.
在Unix / Linux服務器上掃描和文件搜索
The SSH protocol can be used in the new released version to access Linux or Unix servers. This enables a system-wide and uniform reporting and management of storage space with TreeSize.
Using the context menu in the corresponding tabs in the main module, you can display file types and intervals of statistics about the file age in the "Details" list as columns. They can also be included in reports in Excel, PDF, HTML or text format. In this way, individual file types or age categories can be easily tracked across the entire directory hierarchy.
All columns and information supported by Windows Explorer can be displayed in the new TreeSize file search and exported in various formats: For example, the width and height of images, the number of pages of Word documents or the tags of JPG and Office files are now available as columns.
You can use the existing file type groups such as "Video Files" or "Office Files" as search criteria in the file search. These groups can now be edited in the file search settings.
In the new version, the powerful disk space manager saves not only your storage resources, but also your time - by enabling multiple user-defined searches at the same time. These can be activated and deactivated individually.
More options for "Top 100 Files"
The number of files in the Top 100 list is now configura...