A process sandbox helps to manage and limit access permissions a process has to your data. Use it to safely test new software for usability, safely study behavior of known spyware and malware, or browse the web from a sandboxed browser to completely shield your computer and network from Internet Bad Things. ### Features * Secure Web Browsing: Run... More information

A process sandbox helps to manage and limit access permissions a process has to your data. Use it to safely test new software for usability, safely study behavior of known spyware and malware, or browse the web from a sandboxed browser to completely shield your computer and network from Internet Bad Things. ### Features * Secure Web Browsing: Run... More information

A process sandbox helps to manage and limit access permissions a process has to your data. Use it to safely test new software for usability, safely study behavior of known spyware and malware, or browse the web from a sandboxed browser to completely shield your computer and network from Internet Bad Things. ### Features * Secure Web Browsing: Run... More information

A process sandbox helps to manage and limit access permissions a process has to your data. Use it to safely test new software for usability, safely study behavior of known spyware and malware, or browse the web from a sandboxed browser to completely shield your computer and network from Internet Bad Things. ### Features * Secure Web Browsing: Run... More information

Installs tools for lnk files, jump lists, Registry hives, hashing, and much more

Installs tools for lnk files, jump lists, Registry hives, hashing, and much more

Allows for instant filtering, searching, sorting, grouping, and contains a details view that makes reviewing complex entries much easier

Allows for instant filtering, searching, sorting, grouping, and contains a details view that makes reviewing complex entries much easier

Supports recovery of deleted keys and values, multi hive support, the fastest searching, viewing slack space, plugin support, and much more

Supports recovery of deleted keys and values, multi hive support, the fastest searching, viewing slack space, plugin support, and much more

Comprehensive support for all known shell item types, exporting, filtering, sorting, file system detecion, and more!

Comprehensive support for all known shell item types, exporting, filtering, sorting, file system detecion, and more!

AppCompatCache parser used to show evidence of execution

AppCompatCache parser used to show evidence of execution

LECmd supports all lnk file structures and exports to a wide variety of formats

Adds geolocation information to IIS logs and extracts all unique IP addresses from said logs to a file

Adds geolocation information to IIS logs and extracts all unique IP addresses from said logs to a file

One click installation and updating of all X-Ways software including Forensics, Imager, and Investigator. Can also build portable installations, and validate installs

One click installation and updating of all X-Ways software including Forensics, Imager, and Investigator. Can also build portable installations, and validate installs

JumpList Explorer parses and allows for exporting details from custom and automatic destination jumplists. Allows for dumping all lnk files from jumplists, and more

JumpList Explorer parses and allows for exporting details from custom and automatic destination jumplists. Allows for dumping all lnk files from jumplists, and more

Fully parses Windows prefetch files (XP-Windows 10) and allows for exporting in a wide variety of formats, keyword hits in contents, etc. Windows 10 prefetch support requires running on Windows 8 or later

Amcache parser with advanced features such as whitelisting, data reduction, and various export formats

Amcache parser with advanced features such as whitelisting, data reduction, and various export formats

Contains built in regex for searching for common things like URLs, emails, IPs, and more. Very fast and works against files of any size

Contains built in regex for searching for common things like URLs, emails, IPs, and more. Very fast and works against files of any size

The Sleuth Kit: Forensics Tools

The Sleuth Kit: Forensics Tools

TimeApp is useful for testing when interacting with a system to have a record of when something happened. Recording the screen with TimeApp running allows for going back through a video to compare the actual time with various artifacts in the Registry and elsewhere

TimeApp is useful for testing when interacting with a system to have a record of when something happened. Recording the screen with TimeApp running allows for going back through a video to compare the actual time with various artifacts in the Registry and elsewhere