FSUITE forensic software was specifically written for forensic examinations and is currently being used by hundreds of forensic examiners world wide.  These utilities are DOS based.  See why below.  FSUITE consists of 5 utilities: 

WIPER - a forensic wiping utility 

LISTDRV - Lists the contents of an entire drive 

CHKSUM - 64 bit checksum utility 

FREESECS - copies unallocated space to files for examination 

DISKDUPE - a diskette duplication utility 

NEW- Windows NT/2000/XP Utilities 
   
WIPER - a disk utility that will completely erase all information on a logical or physical drive by overwriting each and every byte with a character which is user selectable. The program is written entirely in assembly language and therefore is small and fast. It uses the BIOS disk services, even for the logical drives, thus will wipe a drive regardless of the operating system format. The user may select a one-pass wipe, using the default character of 00 or a character entered by the user, or a "secure", seven-pass wipe.  The "secure" wipe uses alternating ones and zeros for six passes, then finishes the process with a pass using the user-selected character or zero, leaving a completely blank drive, except for the low level formatting information.  The speed is about 3 to 4 minutes per GB per pass for a hard drive.  

LISTDRV – an assembly language utility that examines a logical drive, or several logical drives on a physical drive, for FAT12, FAT16, or FAT32 files.  As they are found, they are saved to a comma-delimited and quotation mark-delimited file prepared for importation into a database program or a spreadsheet program such as EXCEL, for any desired manipulation.  

LISTDRV will also list deleted files if desired. The listing includes the complete path, the long file name, if present, the alias or short file name, and the other date, time, size, and location information. If removable media is used to save the listing file, LISTDRV will span multiple disks.  
        
CHKSUM - an assembly language disk utility that calculates a 64-bit checksum for a physical or logical disk drive.  
        
FREESECS - an assembly language disk utility which searches a specified logical drive for the unallocated or free space, and saves the information contained in unallocated space to one or more files.  FREESECS can additionally search any physical drive (regardless of the operating system) and save all the information contained on all sectors to one or more files. 
        
DISKDUPE– an assembly language utility that makes an exact forensic copies of floppy diskettes.   

NEW - WIPER, CHKSUM, and FREESECS are DOS-based utilities, but they bypass the operating system and can work on any media format type at a physical level. They can run from a DOS box in Windows 9X, by exiting Windows to a DOS prompt, or by running after booting with a DOS boot disk to a real mode DOS prompt. FREESECS and LISTDRV are being modified to recognize the NTFS file system used by Windows NT, 2000, and XP. WIPER and CHKSUM need only minor modifications for NTFS capability, and DISKDUPE needs no modification since it only works on FAT12 floppy diskettes. A new utility, as yet unnamed, that will make forensic copies of hard drives, is under construction.  

FSUITE Forensic Software Pricing: 

WIPER - $19.95 

FREESECS - $19.95 

LISTDRV - $19.95 

CHKSUM - $19.95 

DISKDUPE - 19.95  

 If you wish to purchase the entire FSUITE of 5 forensic utilities, the price is $79.95.  If you require more information about our software products, email Key Computer Service.   

We accept Visa, Mastercard, American Express, Purchase Order or a Check.  You can call us or pay online for our utilities.  The forensic utilities will be emailed to you immediately upon receipt of payment or approval of the credit card transaction. 

Why are these and many other forensic utilities DOS based? 

When conducting a forensic examination, the examiner must have total control over what the operating system is doing when the original media is accessed.  Any alteration to the original media is not acceptable during a forensic examination.  Direct access of the original media during a forensic examination is normally done at a low level, frequently at a DOS level.  This is because all versions of Windows, even Windows 95 and Windows 98, will attempt to or will directly write to any other fixed drive media on a computer during the normal Windows boot process.  These writes occur even if the original media is located as a second, third or other drive on the computer.  

Most forensic examiners use a modified 32 bit FAT operating system "real mode" boot disk.  During our course, we show you how to make some modifications to the IO.SYS file on the Windows 98 boot diskette to prevent Drive Space from loading compressed drives and to prevent some other operating system writes to the original media.  The ME and later versions of DOS do not allow that level of control.   Therefore, the Windows ME, Windows 2000, Windows NT or Windows XP versions of DOS should not be used.  Our utilities are designed to operate in a "real mode" DOS environment to prevent these inadvertent writes to the original media.  

 

Contact us at

(305)453-7862

or