delve

Delve is a simple, easy-to-use, intuitive GUI program designed to access data in a forensically sound manner. Delve is a tabbed program, allowing you to move to the tabs which interest you depending upon the target and your case. I have included snapshots of Delve so that you can see what it can do for you and how easy it is to preview, identify, and analyze data using Delve and THE FARMER'S BOOT CD.

Devices - The Devices tab shows the recognized file systems and provides the mechanism for mounting them read-only. Additionally, you may pull meta-data about the file system, authenticate the file system, and obtain deleted file information for supported file system types.

Pagefile - The Pagefile tab allows you to dump e-mail addresses and Internet URLs from the Windows pagefile.sys file.

Windows Logs - The Windows Logs tab is used to locate log files of interest, display them to you in a listing, and allow you to read their contents.

Web History - The Web History tab is used to locate Internet cache files for the Firefox, Opera, and Internet Explorer web browsers, and then parse them to display the cookie and history information.

Catalog - The Catalog tab is used to catalog the target. Determine the file types of interest and then let Delve identify them. The display window allows you to view the content for the most popular and common file types.

Linux Logs - The Linux Logs tab is used to locate log files of interest, display them to you in a listing, and allow you to read their contents.

Date Converter - The Date Converter tab allows you to input a time and date and convert it to other formats.

Graphics Viewer - The Graphics Viewer tab opens a graphics viewer against the target file system, displaying the graphics files.

Misc. Menu - The Misc. Menu has a number of miscellaneous tools, including: drive information, system BIOS, system hardware, and a RAID scanner.

Downloads