Endpoint digital forensics system - eDetector
Remote intelligent forensics system to deal with abundant devices. Preserve evidence fast and completely

Endpoint digital forensics system - eDetector

  • Support Windows system above XP, collecting key digital artifacts
  • Large scale search of any suspicioius and deleted files
  • Detect operating memory programs, further provide memory analysis and collection

eDetector is an endpoint digital evidence collection system. It aims to execute artifacts collection and program analysis with minimal influence to the target's operation while it's turned on. The artifacts collected range from server history, recently opened files, USB usage history, program execution artifacts, etc. Along with the file $MFT and keyword search, the IR team can identify suspicious sources and preserve related evidence for further analysis.

eDetector could also detect program's behavior artifacts in the memory, including code injection, hidden programs, core interception, connecting history, etc. Through behavioral analysis, eDetector is able to warn and draw up program connections, spotifying hidden threats in time for the users to respond to different kinds of attacks.

Description
  • Central management supports 7 and above Windows system, can be installed on 32 and 64-bit platforms, Mandarin user interface provided.
  • For agent point, the installation supports following systems: Windows XP、Windows 7、Windows 8、Windows 8.1、Windows 10、Windows Server 2003、Windows Server 2008、Windows Server 2012、Windows Server 2016, can also be installed on 32 and 64-bit platforms.
  • After agent installation, systemadmin has authorization to perform memory analysis and collect evidence on the hosts.
  • Able to create tree digram of operating programs, demonstrating the loaded modules and DLL lists. eDetector could also dump the operating programs of the hosts.
  • Collect initiating service, self-initiation service and scheduling.
  • Able to detect digital signature verification, showing related information and non-signed files.
  • Able to provide the file list of hosts, providing live search.
  • Timeline analysis provides visualization of data and a quick overview.
  • Collect about 20 artifacts as crucial digital evidence.
  • Include progree list, easy to monitor the mission progress and schedule.
  • Detect and anlyze all operating programs and loaded modules, sending warning through emails.
  • For problematic programs, eDetector is able to generate connections to help identify malware source.
  • Use connection behaviors to mark IP address on the world map.