Alright i think i need to explain some things here just to make sure that people do understand what this software is about.
Because when the new version is going to be released there will be enough people testing and playing around with this.
However for most people 80% of the functions go WAY beyond the scope of their knowledge and ability.
This software is user friendly to a point, as the result produced by this software is by no means user friendly.
The main program is a eye candy GUI with real time file /process monitoring and easy to use application that fetches ALL data as required by the "end" user and as defined by its search algorithm.
It fetches data from places where normal software just do not come...
The amount of data that is being collected is truly amazing and extremely detailed both RAW as polished data.
To give a example: It fetches RAW data about process X and executable X from over 20 different places.
This includes: User level, Admin Level, Authority Level, Protected Core Level, Kernel level and some other places which i am not going to name.
Now a file that has been injected, infected, corrupted and so on can be changed and made look valid in various places as todays cybercrime tools can manipulate the OS in such way that you can make it believe that ihackedyou.exe would be a hot blond.
Do NOT underestimate malware and hackers they can make windows sing the latest song of James Blunt if they wanted to.
Just by adding, changing, injecting and so on the files needed, and nothing you can do about it...
However there are places on the pc where windows with all its logging capacity will stash and hide info.
Usually for law enforcement, performance data gathering and for other reasons... what people fail to realize is that stupid windows does actually see everything and logs at least 99.9% where your performance logs and such can only see 30%.
My program can see the full 100% of every bit of data since the very first day the computer did go live.
Yes it can even look into the remnant files on your deleted partition...And yes it can recover virtually everything, regardless who is responsible for deleting it.
On a clients computer i recovered data from over 5 years ago on the pc.
Sure the data is not usable by you, its just data.
However to a forensic specialist like me or people from my team this is a road map to what happened and how it did happen and when and even in some cases by who.
So to you its all mumbo jumbo, to me its a track record where on the end of the line awaits a conclusion which will lead me to a job well done...
And yes i agree that the logs are by no means eye candy in terms of structure as they are for the most part RAW.
And yes there is a reason for it.
Windows itself would stop my program dead in its tracks if it knew what my program actually does, because the functions i am using are virtually not documented, windows handbook does not say: Process X is the key to a build in journal that law enforcement can read out to see if you downloaded dirty pictures...
Really?
No i do not think so.
Yet many of the functions access service level and authority level sources, and they cannot be corrupted, as data is not rewritten.
For example:
yesterday file X is called: process.exe
today file x is called: process-hacked.exe
tomorrow file x is called: Bigfattrojan.exe
Normally a OS just rewrites the name and everything else and keeps minor logs about the event.
But services and authority level actually do not rewrite data, but it adds a new entree next to the existing data.
Which means you can see every change, access and other events about File X Process.exe
Now i understand that there are rootkits like cryptologger and other nasty ones and there is nothing my program can do against malware and such, it has not been written to avoid and block things... even tho is does have incredible AV capabilities due to the nature of the logs after all you can by hand follow every move and change a file made so yes Crypto and others can be detected IF one knows what to look for within the logs. Umbra has pointed out in his review that my program is NOT a anti malware but it certainly does detect it, well windows does my program only interrogates windows lol (Water boarding: Talk bitch TALK to FMA <evilgrins>.... *^%*%^^& what was that windows? lmao
But again thats a nice side bonus as the program itself was never written with that in mind.
People need to understand this is AFTER the crime software, this is software that its going to be used by high level technicians and savvy admins SO YOU as the average Joe would not be able to make heads or tails from it and thats ok.
I just give you a fair warning so you guys know what its all about so you can choose:
1 Fancy looking logs but less accurate data (Pick windows logs).
2 If you want real data use my program... but its not fancy and the logs are RAW and not sugar coated.
Forensic software does not play nice... and so are hackers.
So leave your comments, questions and idea's
I will be happy to reply to your questions.
Cheers
