PALADIN LTS

PALADIN LTS

The centerpiece of these tools is the PALADIN Toolbox. The PALADIN Toolbox has combined and simplified multiple forensic tasks into an easy to use GUI (graphical user interface) that requires minimal training and does not require users to utilize the command line.

The “engine” that runs the PALADIN Toolbox is a combination of applications that have been used by forensic examiners and investigators for years and have withstood scrutiny in many courts of law.

PALADIN LTS Features

• Boots most PCs and Intel Macs into a forensically sound environment.
• Supports the most popular forensic image formats – .E01, Ex01, RAW (.dd), SMART, AFF, VHD and VMDK.
• Ability to clone devices.
• Ability to convert from one forensic image to another including the VMDK format.
• Ability to create a master and an archive image or two different image formats at the same time.
• Ability to mount and image across a network.
• Disk Manager allows you to easily visualize and identify attached drives and their partitions.
• Ability to format as ExFAT, HFS+, EXT4, FAT32, and NTFS.
• Control mounting, wiping (sterilizing) and hashing with one click.
• Ability to capture and image the Unallocated Space and Free Space to a file for carving.
• Automatic logging which can be saved to any device.
• Built-in Triage which can search by file name, keywords or MIME types (file signatures).
• Over 100+ pre-compiled open-source forensic tools and applications in our Forensic Tool Chest.
• Now with Bitlocker support for Windows Vista, 7, 8, 8.1 and 10 encrypted partitions.
• Autopsy Digital Forensics Platform from Basis Technology and Brian Carrier!
• Ability to make logical images!

CARBON

THE FUTURE OF VIRTUAL FORENSICS – INSTANTLY VIRTUALIZE ANY WINDOWS COMPUTER – NO IMAGING – NO DISASSEMBLY

Other virtualization solutions exist, however, none of them are easy to configure or set up and no other solution can instantly virtualize any Windows computer while at the same time providing you instant access to a user’s desktop by bypassing the user’s login authentication!  All of this with absolutely no changes to the original evidence or data!

CARBON can be used to boot most computers to provide instant virtualization.  If there are difficulties with booting the computer CARBON can still virtualize forensic images as well as any virtual machine images with only a couple of clicks.

Compare two Virtual Snapshots with our Snapshot comparison tool.  Learn what data changed or modified between different points in time!

We didn’t stop there and included advanced and customizable data carving and file search tools.

CARBON Features:

• Ability to safely boot computers and Intel-based tablets.
• Instant Virtualization of Windows-based computers.
• Instant Windows login credentials bypass (Windows XP through Windows 10).
• Ability to preview and/or triage without making ANY changes.
• Ability to preview and/or triage computers without detection.
• Built-in write protection.
• Ability to image with the PALADIN Toolbox.
• Ability to create a video or screenshots of your virtualization for documentation.
• Ability to conduct Malware analysis within a safe environment.
• Ability to utilize proprietary tools in the native environment.
• Ability to run other live forensic triage tools without making any changes at all.
• Includes Snapshot Comparison – learn and document what was changed or modified between snapshots!
• Ability to virtualize most forensic images and virtual machine images – both common and uncommon.

Contact us to find out more at +1 302.570.0015.