July 21, 2005
$604 for full standard version
- Ease of Use:
- Value for Money:
- Overall Rating:
Quick searching and modular architecture.
A limited set of modules.
Looks promising but needs more modules.
This tool is designed to help search file systems during forensic examinations. It collects information and meta data associated with files, and offers strong searching and indexing capabilities, although limited to Windows file systems.
Forager is more of an architecture than a finished work. The software is modular: its concept of filestores is abstract, with "stores" being a filesystem, a zip file, an Exchange message store or anything else. File meta data is read by plug-in modules which understand the data buried in, say, a Word document or JPG file.
On paper, we like the concept, but it kept feeling like a work in progress. The documentation describes the architecture as an interface to these file stores, but the only data stores available are the local file system and Forager's own indices created from searches.
The online help (the only documentation we received) is itself incomplete – some sections indicate they are in development, while others send you off to read separate PDFs. Modules for MP3, Word, Excel, OLE, and JPG files are available, as well as one retrieving the basic filesystem data.
From within a spartan but clean interface it is quick and easy to start a new case, scan file systems and build indices. Searching is oriented around file names and properties, and can restrict by any arbitrary complexity using regular expressions applied to either names or any known property.
It is very fast, with search results over thousands of files delivered in a few seconds (once the initial index is built). Searches and indices can be built on each other, so you can create custom sets of files quickly and easily. And with the search results, file data can be shown in a basic report, or more complex reports generated with combinations of meta data fields.
One important item to take into account is that the software, using the OS filesystem, changes the last access time stamp on the file, so it should only be used on a mirror of the files to be examined. And because it accesses files through the standard Windows filesystem, it can only access proper files, not deleted files or data concealed in slack space or fake bad sectors.
The architecture of Forager appears sound, and looks like a flexible, extensible system with real potential. But the limitations we found on the version tested here meant it showed its potential, rather than really delivered on it.
SC Webcasts UK
Information Security Manager
Infosec People - Hammersmith, West London
Junior Penetration Tester, Hertfordshire, to £35k + benefits
Infosec People - England, Hertfordshire
Cyber Security Architect
CYBER EXECS - London (Greater)
SOC Analyst, Aldershot, £47-56k + package
Infosec People - Hampshire, England, Aldershot
Senior Security Engineer
Loveworklife Recruitment - United Kingdom
Sign up to our newsletters
SC Magazine UK Articles
- Tesco Bank allegedly ignored warnings of hack from Visa
- Investigatory Powers and Digital Economy Bills could threaten economy
- Updated: A million German routers knocked offline by failed Mirai botnet attack
- Gooligan ad fraud malware infects 1.3M Android users, installs over 2M unwanted apps
- Microsoft update left Azure Linux virtual machines open to hacking
- SC Awards Europe 2016 winners announcements!
- ISIS radicalises 'lone wolves' through strong social media presence
- Updated: How will Brexit affect the cyber-security industry in UK and Europe?
- ICYMI: CEO Sacked; MS Zero-day; Passwords dropped; Ransomware wild, charging hack
- 9.2 million medical records for sale on darkweb
- ICYMI: Tesco warned; IP Bill threatens economy; German routers offline; Azure trojan; Gooligan fraud
- Data centres are on the move - where will they end up?
- 90% of ITDMs believe IAM is crucial to digital transformation success
- Research: Hacked companies could see customer exodus if breached
- Misconfigured drive exposes locations of explosives used by oil industry