Best Digital Forensics Software in the UK

Handling more than 3,000 security incidents a year, Kroll’s digital forensics investigators are experts in understanding, analyzing and preserving data during an investigation. In the event of a security incident, Kroll’s digital forensics investigators can expertly help investigate and preserve data to help provide evidence and ensure business continuity.

Continuous Security Testing for SaaS Companies - Built by Hackers Automatically assess your security posture with continuous vulnerability assessments and on-demand pentests. Hackers don't stop testing, and neither should you. We use a hybrid approach that combines testing methodologies built by expert hackers, a real-time reporting dashboard, and continuous delivery of high-quality results. We improve the traditional pentesting lifecycle by continually providing expert advice, remediation verification, and automated security testing throughout the entire year. Our dedicated team of experts works with you to properly scope and review your applications, APIs, and networks to ensure in-depth testing coverage all year. Let us help you sleep better at night.

Don’t get caught up in tools that are unmanageable. The E3 Platform gets you processing all types of digital evidence quickly with an Easy interface, Efficient engines, and Effective workflow. E3:UNIVERSAL version that is designed to do all data types from hard drive data, smartphones, and IoT data. The need to change around your tool based on what type of digital data you have is a thing of the past. The E3 Forensic Platform seamlessly adds a large variety of evidence into a single interface to be able to search, parse, review and report on the digital data from most digital sources. Computer forensics focuses on bits and bytes of the file system that holds a large variety of different valuable pieces of data that can be the key to your investigation. From the FAT files systems of old to modern file systems like Xboxes, the E3 Forensic Platform works with the powerhouse of multi-tasking analysis engines to breakdown the data.

Zero in on relevant evidence quickly, conduct faster searches and dramatically increase analysis speed with FTK®, the purpose-built solution that interoperates with mobile device and e-discovery technology. Powerful and proven, FTK processes and indexes data upfront, eliminating wasted time waiting for searches to execute. No matter how many different data sources you’re dealing with or the amount of data you have to cull through, FTK gets you there quicker and better than anything else. FTK uses distributed processing and is the only forensics solution to fully leverage multi-thread/multi-core computers. While other forensics tools waste the potential of modern hardware solutions, FTK uses 100 percent of its hardware resources, helping investigators find relevant evidence faster. Since indexing is done up front, filtering and searching are completed more efficiently than with any other solution.

Aid4Mail is a fast, reliable, and highly accurate tool to collect, recover, search, and convert emails. It supports most mailbox file formats (e.g. PST, OST, OLM, mbox), IMAP accounts (e.g. Yahoo! Mail, AOL) and popular mail service providers (e.g. Microsoft 365, Exchange, Gmail). Aid4Mail can recover double-deleted messages and corrupted emails, and extract MIME data from certain types of unknown file formats through file carving. Aid4Mail provides a large array of tools to search and filter out unwanted emails during conversion. Save time by using native pre-acquisition filters to download a subset of your mail from Exchange, Office 365, Gmail and other webmail services. Use Aid4Mail’s integrated search engine to cull-down your email collection. Its search operators are very similar to Gmail and Office 365. Aid4Mail is used by Fortune 500 companies, government agencies and legal professionals around the world. It is made in Switzerland by perfectionists.

Managing cyber protection in a constantly evolving threat landscape is a challenge. Safeguard your data from any threat with Acronis Cyber Protect (includes all features of Acronis Cyber Backup) – the only cyber protection solution that natively integrates data protection and cybersecurity. - Eliminate gaps in your defenses with integrated backup and anti-ransomware technologies. - Safeguard every bit of data against new and evolving cyberthreats with advanced MI-based protection against malware. - Streamline endpoint protection with integrated and automated URL filtering, vulnerability assessments, patch management and more

Connect indicators from your network with nearly every active domain and IP address on the Internet. Learn how this data can inform risk assessments, help profile attackers, guide online fraud investigations, and map cyber activity to attacker infrastructure. Gain insight that is necessary to make the right decision about the risk level of threats to your organization. DomainTools Iris is a proprietary threat intelligence and investigation platform that combines enterprise-grade domain and DNS-based intelligence with an intuitive web interface.

Enterprise organizations large and small use Magnet Forensics’ solutions to close cases quickly with powerful analytics that surface intelligence & insights while also being able to leverage automation and the cloud to reduce downtime and enable remote collaboration at scale. Some of the world’s largest corporations use Magnet Forensics to investigate IP theft, fraud, employee misconduct and incident response cases such as ransomware, business email compromise and phishing attacks. The benefits of hosting your applications in the cloud ranges from cost savings to more centralized operations. Deploy AXIOM Cyber in Azure or AWS to leverage the benefits of cloud computing plus the ability to perform off-network remote collections of Mac, Windows and Linux endpoints.

Parrot is a worldwide community of developers and security specialists that work together to build a shared framework of tools to make their job easier, standardized and more reliable and secure. Parrot OS, the flagship product of Parrot Security is a GNU/Linux distribution based on Debian and designed with Security and Privacy in mind. It includes a full portable laboratory for all kinds of cyber security operations, from pentesting to digital forensics and reverse engineering, but it also includes everything needed to develop your own software or keep your data secure. Always updated, frequently released with many hardening and sandboxing options available. Everything is under your complete control. Feel free to get the system, share with anyone, read the source code and change it as you want! this system is made to respect your freedom, and it ever will be.

You significantly reduce the financial and legal risks of a security breach when you respond faster. Cado Response can automatically raise business risks and issues to an analyst, so they can escalate quickly to management and ensure you meet mandatory breach notification deadlines. Our patent pending, response platform, takes the complexity out of cloud and helps you focus on whats most important. Empower your analysts to find the true root cause of a security incident. Cado Response provides detailed detection for malicious files, suspicious events, PII, and financial information. Every file on disk and log you capture is indexed and inspected to accelerate analysis. The human-readable timeline of key events empowers analysts of all skill levels to pivot faster and dig deeper. Cloud systems disappear quickly. Automated data collection allows you to secure incident data safely before it is gone.

Part of the Tri-Suite64 software package, Video Investigator® 64 is designed to process video files and still images alike, including enhancing CCTV footage. There are a variety of methods that can be used in either scenario, which is what makes Video Investigator® 64 such a powerful video and image enhancement software package. No other software will offer the vast array of filters and features to enhance video and images like Video Investigator offers its users. Get everything other image enhancement software, video deblurring software, and video resolution enhancement software has all in one package and one software with even more features. Video Investigator is the best forensic video enhancement software available. To enhance CCTV footage it is important to be able to select and play the frame sequences that may or may not be connected on a time-line. The Movie Controller provides advanced video playback with audio support allowing the end-user to adjust which frames of video.

MailArchiva is a professional enterprise grade email archiving, e-discovery, forensics and compliance solution. Since 2006, MailArchiva has been deployed in some of the most demanding IT environments on the planet. The server designed to make the storage and retrieval of long-term email data as convenient as possible and is ideal for companies needing to satisfy e-Discovery records requests in a timely and accurate manner. MailArchiva offer tight integration (includfing full calendar, contact & folder synchronization) with a wide variety of mail services, including MS Exchange, Office 365 (Microsoft 365) and Google Suite. Among its many benefits, MailArchiva reduces the time needed to find info and satisfy discovery record requests, ensures that emails remain intact over the long term, reduces legal exposure, ensures employees are collaborating effectively, assists in compliance with archiving legislation (e.g. Sarbanes Oxley Act), reduces storage costs by up to 60%.

CloudNine is a cloud-based eDiscovery automation platform that streamlines the litigation discovery, audits, and investigations by allowing users to review, upload, and create documents in a central location. With its comprehensive suite of professional services that include discovery consulting, computer forensics, managed review, online hosting, information, governance, litigation support, and project management, CloudNine dramatically reduces the overall costs of eDiscovery processing. Law firms and corporations can save time and money by consolidating all of their data collection, processing, and review requirements by leveraging CloudNine’s self-service eDiscovery software.

Extract forensic data from computers, quicker and easier than ever. Uncover everything hidden inside a PC. Discover relevant data faster through high performance file searching and indexing. Extract passwords, decrypt files and recover deleted files quickly and automatically from Windows, Mac and Linux file systems. Identify evidence and suspicious activity through our hash matching and drive signature analysis features. Identify and analyze all files and even automatically create a timeline of all user activity. 360° Case Management Solution. Manage your entire digital investigation with OSF’s new reporting features. Build custom reports, add narratives and even attach your other tools’ reports to the OSF report. Volatility Workbench is a graphical user interface (GUI) for the Volatility tool. OSForensics courses offered to suit a diverse range of users and skill sets. Write an image concurrently to multiple USB Flash Drives.

Belkasoft X Forensic (Belkasoft Evidence Center X) is a flagship tool by Belkasoft for computer, mobile, drone, car, and cloud forensics. It can help you to acquire and analyze a wide range of mobile and computer devices, run various analytical tasks, perform case-wide searches, bookmark artifacts, and create reports. Belkasoft X Forensic acquires, examines, analyzes, and presents digital evidence from major sources—computers, mobile devices, RAM, cars, drones, and cloud services—in a forensically sound manner. If you need to share the case details with your colleagues, use a free-of-charge portable Evidence Reader. Belkasoft X Forensic works out of the box and can be easily integrated into customer workflows. The software interface is so user-friendly that you can start working with your cases right after the Belkasoft X Forensic deployment.

One intelligent platform. Unprecedented speed. Infinite scale. Singularity™ enables unfettered visibility, industry-leading detection, and autonomous response. Discover the power of AI-powered, enterprise-wide cybersecurity. The world’s leading enterprises use the Singularity platform to prevent, detect, and respond to cyber attacks at machine-speed, greater scale, and higher accuracy across endpoint, cloud, and identity. SentinelOne delivers cutting-edge security with this platform by offering protection against malware, exploits, and scripts. SentinelOne cloud-based platform has been perfected to be innovative compliant with security industry standards, and high-performance whether the work environment is Windows, Mac or Linux. Thanks to constant updating, threat hunting, and behavior AI, the platform is ready for any threat.

Fast & Affordable Forensics for Incident Response. Automated incident response software for fast, comprehensive, and easy intrusion investigations. An alert is generated from IDS or SIEM. An endpoint investigation is started from SOAR manually. Cyber Triage is deployed to the endpoint to collect data. Analyst uses Cyber Triage data to find evidence and make decisions. Manual incident response is slow, leaving the entire organization at the intruder’s mercy. By automating every phase of the endpoint forensics process, Cyber Triage ensures state-of-the-art remediation speed. Cyber threats are constantly evolving, and manual incident response can be inconsistent and incomplete. Always operating on the latest threat intelligence, Cyber Triage scours every relevant corner of a compromised endpoint. Forensic tools are often confusing, with features not needed for intrusions. Cyber Triage’s intuitive interface allows even junior staff to analyze data and assemble reports.

Passware Kit Forensic is the complete encrypted electronic evidence discovery solution that reports and decrypts all password-protected items on a computer. The software recognizes 340+ file types and works in batch mode recovering passwords. Analyzes live memory images and hibernation files and extracts encryption keys for hard disks and passwords for Windows & Mac accounts. Passware Bootable Memory Imager acquires memory of Windows, Linux, and Mac computers. Resolved navigation issues after stopping the password recovery process. Instant decryption of the latest VeraCrypt versions via memory analysis. Accelerated password recovery with multiple computers, NVIDIA and AMD GPUs, and Rainbow Tables. In addition to all the key features of a Windows version, Passware Kit Forensic for Mac provides access to APFS disks from Mac computers with Apple T2 chip.

LLIMAGER was designed to address the need for a low-cost, no-frills “live” forensic imaging solution for Mac computers, capable of capturing the entirety of a synthesized disk, including volume unallocated space, as macOS sees the disk with its partitions mounted. The application was developed to be user-friendly and easy enough for entry level digital forensics examiners. The application leverages built-in Mac utilities, providing a versatile solution compatible with a wide range of macOS versions, both past and present. This ensures that the tool remains functional across diverse system configurations and updates. FEATURES INCLUDE: Powerful and Fast "Live" imaging, CLI based Application Supports Intel, Apple Silicon, T2 Chips, and APFS File Systems. Full Acquisition Log SHA-256 or MD5 Hashed DMG Images Choice of Encrypted /Decrypted DMGs for use in commercial forensics tools Unlimited Technical Support

Collaboration and communication, meet privacy and security. While other companies attempt to prevent data exfiltration by limiting the flow of information, we use invisible personalized watermarks in documents and email messages to allow for seamless sharing that's also easily traceable. Whether information is shared via email, printout, or photo, EchoMark provides an invisible solution to find the source within minutes. Advanced features like natural language versioning and computer vision detection help further ensure tracking success. Once deployed, EchoMark will automatically watermark documents and emails according to your established parameters. If you suspect a leak has occurred or spotted a document online, upload the original document to your EchoMark dashboard. EchoMark will use computer vision to compare the leaked fragment with each marked copy of the document shared.

BloxOne Threat Defense maximizes brand protection by working with your existing defenses to protect your network and automatically extend security to your digital imperatives, including SD-WAN, IoT and the cloud. It powers security orchestration, automation and response (SOAR) solutions, slashes the time to investigate and remediate cyberthreats, optimizes the performance of the entire security ecosystem and reduces the total cost of enterprise threat defense. The solution turns the core network services you rely on to run your business into your most valuable security assets. These services, which include DNS, DHCP and IP address management (DDI), play a central role in all IP-based communications. With Infoblox, they become the foundational common denominator that enables your entire security stack to work in unison and at Internet scale to detect and anticipate threats sooner and stop them faster.

Seeing the un-seeable can be a challenge for IT. With billions of events to collect and review from a variety of sources, both on premises and in the cloud, it’s difficult to find relevant data and make sense of it. And in the event of a security breach, either internal or external, the ability to locate where the breach originated and what was accessed can make a world of difference. IT Security Search is a Google-like, IT search engine that enables IT administrators and security teams to quickly respond to security incidents and analyze event forensics. The tool’s web-based interface correlates disparate IT data from many Quest security and compliance solutions into a single console and makes it easier than ever to reduce the complexity of searching, analyzing and maintaining critical IT data scattered across information silos. Configure role-based access, enabling auditors, help desk staff, IT managers and other stakeholders to get exactly the reports they need and nothing more.

Truxton’s easy-to-use, analyst-driven interface allows you to get up to speed quickly, without mastering specialized code or techniques. With Truxton, simplicity doesn’t mean a lack of sophisticated tools. You’ll get cutting edge features like user-defined queries, entity filters, coordinated reviews, notes, and findings. The investigation dashboard provides a complete picture of the current status of each investigation. It shows the name, case number/type, investigator, and the media included in the investigation. It also provides and a host of other tools that allow you to manage, review, and export the case to other Truxton users. Wouldn’t it be nice if multiple users could work on the same case at the same time? Or if you could send out a file to an off-site Subject Matter Expert for review? Export files to another platform without wrangling a bunch of proprietary code? Truxton’s open architecture allows you to take your data into other tools for verification and reporting.

The SandBlast Threat Extraction technology is a capability of SandBlast Network and the Harmony Endpoint protection solutions. It removes exploitable content, reconstructs files to eliminate potential threats, and delivers sanitized content to users in a few seconds to maintain business flow. Reconstruct files with known safe elements in web-downloaded documents and emails. Immediate delivery of sanitized versions of potentially malicious files to maintain business flow. Access to original files after background analysis of attack attempts. SandBlast Network and Harmony Endpoint utilize Threat Extraction technology to eliminate threats and promptly deliver safe, sanitized content to its intended destination. Original files are accessible after undergoing background analysis by the Threat Emulation Engine. SandBlast Threat Extraction supports the most common document types used in organizations today.

X-Ways Forensics is an advanced work environment for computer forensic examiners and our flagship product. Runs under Windows XP/2003/Vista/2008/7/8/8.1/2012/10/2016, 32 Bit/64 Bit, standard/PE/FE. (Windows FE is described here, here and here.) Compared to its competitors, X-Ways Forensics is more efficient to use after a while, by far not as resource-hungry, often runs much faster, finds deleted files and search hits that the competitors will miss, offers many features that the others lack, as a German product is potentially more trustworthy, comes at a fraction of the cost, does not have any ridiculous hardware requirements, does not depend on setting up a complex database, etc.! X-Ways Forensics is fully portable and runs off a USB stick on any given Windows system without installation if you want. Downloads and installs within seconds (just a few MB in size, not GB). X-Ways Forensics is based on the WinHex hex and disk editor and part of an efficient workflow model.

All the functionality you need to conduct in-depth analysis and generate custom reports to reveal the truth. With advanced searching and filtering capabilities, and built-in AI media categorization, investigators easily find Internet History, Downloads, Locations, Recent searches, and more. Obtain user activity from Windows memory, and get registry artifacts including jump list, Windows 10 timeline activity, shellbags, SRUM, and more. Review device history from Windows Volume Shadow Copies. Review history in APFS Snapshots and Time Machine backups, display and search Spotlight metadata and KnowledgeC data, review network connections, recent documents, user activity, and more. Ingest data into Cellebrite Pathfinder, Berla, APOLLO and, ICAC tools such as Project Vic and PhotoDNA. Share your case findings with other stakeholders using customized reporting capabilities. The most complete workstation designed to handle the most rigorous datasets for digital intelligence and eDiscovery.

Autopsy® is the premier end-to-end open source digital forensics platform. Built by Basis Technology with the core features you expect in commercial forensic tools, Autopsy is a fast, thorough, and efficient hard drive investigation solution that evolves with your needs. Tens of thousands of law enforcement and corporate cyber investigators around the world use Autopsy. Autopsy® is a digital forensics platform and graphical interface to The Sleuth Kit® and other digital forensics tools. It is used by law enforcement, military, and corporate examiners to investigate what happened on a computer. You can even use it to recover photos from your camera's memory card. Everyone wants results yesterday. Autopsy runs background tasks in parallel using multiple cores and provides results to you as soon as they are found. It may take hours to fully search the drive, but you will know in minutes if your keywords were found in the user's home folder. See the fast results page for more details.

During that time, threats are free to spread throughout the network, causing mounting damage and increasing costs. Respond to attacks and stop the damage in minutes, with powerful delivered-email search and rapid deletion from all inboxes. Identify anomalies that may indicate threats, based on insights gathered from analysis of previously delivered email. Use intelligence gathered from previous threat responses to block future emails from malicious actors, and to identify your most vulnerable users. When email-borne attacks evade security and land in your users’ inboxes, you need to respond quickly and accurately to prevent damage and to limit the spread of the attack. Responding to attacks manually is time-consuming and inefficient, which allows threats to spread and damages to increase.

Change reporting and access logging for Active Directory (AD) and enterprise applications is cumbersome, time-consuming and, in some cases, impossible using native IT auditing tools. This often results in data breaches and insider threats that can go undetected without protections in place. Fortunately, there's Change Auditor. With Change Auditor, you get complete, real-time IT auditing, in-depth forensics and security threat monitoring on all key configuration, user and administrator changes for Microsoft Active Directory, Azure AD, Exchange, Office 365, file servers and more. Change Auditor also tracks detailed user activity for logons, authentications and other key services across enterprises to enhance threat detection and security monitoring. A central console eliminates the need and complexity for multiple IT audit solutions.

Malware analysis is an important part of preventing and detecting future cyber attacks. Using malware analysis tools, cyber security experts can analyze the attack lifecycle and glean important forensic details to enhance their threat intelligence. Malware Analysis (AX series) products provide a secure environment to test, replay, characterize, and document advanced malicious activities. Malware Analysis shows the cyber attack lifecycle, from the initial exploit and malware execution path to callback destinations and follow-on binary download attempts. Inform future prevention strategies by providing deeper insight into attacker tools and tactics. Stop the spread of attacks using auto-generated local attack profiles, instantly shared across the Trellix ecosystem. Load suspicious files or file sets through a simple interface.