National Cyber Security Investigations (NCSI) can find and analyzes more than 800 types of forensically important artifacts in any imaginable data sources: physical and logical drives, disk images, cloud, mobile device backups, virtual machines, memory dumps, and many others.

  • Mobile and Computer device examination.Supporting all major desktop and mobile operating systems. It can parse real and logical drives and drive images, virtual machines, mobile device backups, UFED and OFB images, JTAG and chip-off dumps.

  • Smart and Comprehensive Analysis.  NCSI  looks everywhere on the device completely automatically and can successfully identify over 800 types of digital artifacts. Convenient Evidence Search feature helps to narrow down the findings using filters, pre-defined search, or other options.

  • Powerful Carving. Data carving allows to locate evidence that was deleted, destroyed, or never stored on the hard drive at all (page file, hibernation file, RAM contents). Besides, advanced carving mode called NCSICarving is available, making it possible to reconstruct fragmented chunks into contiguous pieces of information that would otherwise not be accessible at all.

  • Native SQLite Parsing. Recovers corrupted and incomplete SQLite databases, restores deleted records and cleared history files. Processes freelists, write-ahead logs and journal files, and SQLite unallocated space.

  • Live RAM Analysis. NCSI Evidence Center can extract potentially crucial information from volatile memory, such as: in-private browsing and cleared browser histories, online chats and social networks, cloud service usage history, and much more.

  • Handy Built-in Tools. PList, Registry, and SQLite viewers allow you to work more thoroughly with particular types of data and find even more evidence than automatic search was able to discover.

  • Low-level Investigations. Our technology is equipped with File System Explorer, Hex Viewer, and Type Converter,  will allow us to perform deep examination of the contents of files and folders on the device.

The following types of data sources are supported:

Computer

  • Operating systems: Windows (all versions, including Windows 10), macOS, Unix-based systems (Linux, FreeBSD, etc.)
  • Storage devices: hard drives and removable media
  • Disk images: EnCase, L01/Lx01, FTK, DD, SMART, X-Ways, Atola, DMG
  • Virtual machines: VMWare, Virtual PC, VirtualBox, XenServer
  • Memory: RAM dumps, Hibernation files, Page files
  • File systems: FAT, exFAT, NTFS, APFS, HFS, HFS+, ext2, ext3, ext4, YAFFS, YAFFS2

Mobile

  • Operating systems: iOS (iPhone/iPad), Android, Windows Phone 8/8.1, Blackberry
  • Data sources: Mobile backups, UFED and OFB images, chip-off dumps, JTAG dumps

Cloud

  • Google Clouds: Google Drive, Google Plus, GMail, Google Timeline
  • EMail: Yahoo, Hotmail, Opera, Yandex, Mac.com and 25 more webmail clouds
  • Instagram
  • WhatsApp Google

The following types of artifacts can be extracted and analyzed:

Pictures and Videos

  • Supported picture formats:3FR, ARW, BAY, BMP, BMQ, CAP, CINE, CR2, CRW, CS1, CUT, DC2, DCR, DDS, DIB, DNG, DRF, DSC, EMF, ERF, EXIF, EXR, FAX, FFF, G3, GIF, HDR, HEIC, IA, ICO, IFF, IIQ, J2C, J2K, JFIF, JNG, JP2, JPE, JPEG, JPG, K25, KC2, KDC, KOA, LBM, MDC, MEF, MNG, MOS, MRV, NEF, NRW, ORF, PBM, PCD, PCT, PCX, PEF, PFM, PGM, PIC, PICT, PNG, PNM, PPM, PSD, PTX, PXN, QTK, RAF, RAS, RAW, RDC, RLE, RPBM, RPGM, RPPM, RW2, RWZ, SGI, SR2, SRF, STI, TGA, TIF, TIFF, WBM, WBMP, WMF, XBM, XPM.
  • Picture analysis allows detection of texts, faces, and skin tone. Detection of photo manipulation (forgery) is available with Forgery Detection plugin (extra module)
  • The following formats can be carved: GIF, JPEG/JPG, PNG, BMP, WMF
  • Supported video formats: 3GP, 3G2, ASF, AVI, DIVX, DRC, F4A, F4B, F4P, F4V, FLV, IFO, M2V, M4P, M4V, MK3D, MKA, MKS, MP2, MP4, MKV, MOV, MPE, MPEG, MPG, MPV, NSV, OGG, OGV, QT, RM, RMV8, SVI, TS, VOB, WEBM, WMV
  • Key frame analysis available for 3GP, 3G2, AVI, MP4, MPEG, MPG, WMV, MOV videos

Email Clients

  • Outlook 2013, 2010, 2007 and older, Outlook Express
  • Apple Mail
  • Android Mail
  • Blackberry Mail
  • Mail 163
  • Gmail, Hotmail, Yahoo Mail
  • Windows Live Mail
  • Mozilla Thunderbird
  • The Bat
  • Mail.ru, Yandex Mail
  • MIME, EML, MBOX, MSG Emails

Browsers

  • Adobe Flash
  • Baidu Browser
  • Chrome
  • Edge
  • Firefox
  • Internet Explorer
  • Maxthon 5
  • Opera
  • Qihoo 360
  • QQ Browser
  • Safari
  • Sogou Explorer

Mobile Applications

  • Android:

    Standard Apps

    • Calendar
    • Calls
    • Contacts
    • Installed Applications
    • SMS

    Browsers

    • Baidu
    • Chrome
    • Default Browser App
    • Dolphin
    • Downloads
    • Firefox
    • Maxthon
    • Mercury
    • Opera

    Messengers

    • AIM
    • Badoo
    • BBM
    • Brosix
    • ChatON
    • CommFort
    • eBuddy XMS
    • Facebook Messenger
    • FireChat
    • Fring
    • Google+
    • Grindr
    • Growlr
    • Hangouts
    • HeyTell
    • ICQ
    • Im+
    • IMO
    • Instagram Direct
    • KakaoTalk
    • KateMobile
    • Kik
    • Line
    • Mail.ru Agent
    • MeetMe
    • Meow Chat
    • NextPlus
    • Odnoklassniki/OK
    • ooVoo
    • Paltalk
    • Signal
    • Skype
    • Slack
    • Snapchat
    • Tango
    • Telegram
    • Text Plus
    • Textie
    • TextMe
    • Touch
    • Tumblr
    • Twitter
    • Viber
    • Vipole
    • Vkontakte/VK
    • Voxer
    • Wamba
    • WeChat
    • WhatsApp
    • Xabber
    • Yahoo Messenger
    • YouMagic

    Other Apps

    • Any.do
    • Evernote
    • Foursquare
    • Gettaxi
    • Instagram
    • LinkedIn
    • Pinterest
    • Pokemon GO
    • Richnote
    • Sina Weibo
    • Swarm
    • Tinder
    • Uber
    • Whisper
    • YandexTaxi
    • Zalo
    • Zello

    Payment Systems

    • Android Bitcoin Wallet
    • Bitcoin Armory Wallet
    • Bitcoin Core Wallet
    • Jaxx
    • Qiwi Wallet

  • iOS:

    Standard Apps

    • Calendar
    • Calls
    • Contacts
    • Installed applications
    • Notes
    • SMS
    • Voice mail

    Browsers

    • Chrome
    • Dolphin
    • Firefox
    • Maxthon
    • Mercury
    • Opera
    • Safari

    Messengers

    • Brosix
    • ChatOn
    • eBuddy XMS
    • Facebook Messenger
    • FireChat
    • Fring
    • Grindr
    • Growlr
    • HeyTell
    • ICQ
    • Im+
    • IMO
    • KakaoTalk
    • Kik
    • Line
    • MeetMe
    • Meow Chat
    • NextPlus
    • Odnoklassniki/OK
    • ooVoo
    • Paltalk
    • Recents
    • Skype
    • Tango
    • Text Plus
    • Textie
    • TextMe
    • Touch
    • Tumblr
    • Twitter
    • Viber
    • Vipole
    • WeChat
    • WhatsApp
    • Yahoo Messenger

    Other Apps

    • Any.do
    • Evernote
    • Gettaxi
    • LiveMe
    • Pokemon GO
    • Richnote
    • Snapchat
    • Tinder
    • Uber
    • Whisper
    • Zello

  • Blackberry:

    Standard Apps

    • Calendar
    • Calls
    • Contacts
    • Notes
    • SMS
    • Voice Mail

Instant Messengers

 

  • &RQ
  • Adium
  • AIM
  • AIM Express
  • aMSN
  • Badoo
  • Brosix
  • BBM
  • ChatOn
  • Chatzilla
  • CommFort
  • Contacts
  • Digbsy
  • eBuddy XMS
  • eM Client
  • Emesene
  • Empathy
  • Facebook Messenger
  • Fire
  • FireChat
  • Fring
  • Gadu-Gadu
  • Gajim
  • Gigatribe
  • Google+
  • Google Hello
  • Google Talk
  • Grindr
  • Growlr
  • GTalk
  • Hangouts
  • Hey Tell
  • Hotmail
  • iChat
  • ICQ
  • Im+
  • IMO
  • InstantBird
  • Ircle
  • Jclaim
  • Jitsi
  • Kadu
  • KakaoTalk
  • KateMobile
  • Kik
  • KMess
  • Kopete
  • Line
  • Mail.ru Agent
  • Meebo
  • MeetMe
  • MeowChat
  • Mercury
  • MessageMe
  • Messenger Plus!
  • Miranda IM
  • mIRC
  • MSN/Live Messenger
  • MySpace IM
  • Nate ON
  • NextPlus
  • Nimbuzz
  • Odnoklassniki/OK
  • ooVoo
  • Paltalk
  • Pidgin
  • Psi
  • Recents
  • QIP
  • QIP Infinum
  • QQ
  • qutIM
  • SIM
  • Skype
  • Slack
  • Snak
  • Snapchat
  • Tango
  • Team Viewer
  • Telegram
  • Text Plus
  • Textie
  • TextMe
  • Touch
  • Trillian
  • Tumblr
  • Twitter
  • Viber
  • Vipole
  • Virtus
  • Vkontakte/VK
  • Voxer
  • Wamba
  • WeChat
  • WhatsApp
  • Xabber
  • X-Chat Aqua
  • Yahoo! Messenger
  • Ya-Online
  • YouMagic

 

  • Zello

Office Documents

  • Microsoft Office: Excel (.xls, .xlsx), Word (.doc, .docx), PowerPoint (.ppt, .pptx)
  • Open Office: Documents (.odt), Spreadsheets (.ods), Presentations (.odp)
  • macOS: Keynote, Numbers, Pages
  • PDF
  • RTF

Peer-toPeer Software

  • Area Galaxy
  • eMule
  • Frostwire
  • Gigatribe
  • Shareaza
  • Torrent

Social Networks, Cloud Services and Online Games

  • Social Networks: Bebo, Facebook, Facebook Messenger, Google+, Myspace, Odnoklassniki/OK, Orkut, Twitter, VKontakte/VK
  • Cloud Services: Dropbox, Flickr, Google Drive, SkyDive, OneDrive, Yandex Disk
  • Multi-user Online Games: Karos, Lineage, World of Warcraft

Windows Registry Files

    • Accounts (user name, last login time, last failed login time, last password changed time, user RID, LM-hash, NT-hash)
    • Autorun (USBs, CDs, DVDs)
    • Common file dialogs
    • Computer name
    • Event log location
    • Internet Explorer
    • List of USB devices ever connected to the system
    • List of mounted devices
    • MS Paint
    • Network cards
    • Operating system version and installation date
    • Prefetch files
    • Program startup
    • Recently opened and saved documents for MS Office Word, Excel, PowerPoint
    • Search Assistant
    • Shellbags
    • System shutdown time
    • Timezone

 

  • Trillian
  • UserAssists
  • User name and SID
  • Windows Explorer
  • Windows Media Player
  • Wireless profiles

 

System Files and Configurations

Windows

  • Jumplists
  • Link files
  • Prefetch files
  • System event logs
  • Thumbnails
  • Windows notifications

macOS

  • Bluetooth
  • Installed applications
  • System configurations
  • Wi-Fi connections

Android, iOS

  • IP connections
  • Thumbnails
  • Wi-Fi connections

Encrypted Files and Volumes

  • Acrobat 3.0, 4.0, 5.0, 6.0, 7.0, 8.0, 9.0
  • eBook document
  • Symantec ACT! 2.0, 3.0, 4.0, 2000
  • ACT! by Sage 2005, 2006, 2007, Sage 2008, 2009
  • Apple iTunes PLIST
  • BestCrypt 6.0, 7.0, 8.0
  • FileMaker Pro 3.0, 4.0, 5.0, 6.0, 7.0, 8.x, 9.0, 10.0, 11.0
  • ICQ 2000 – 2003 (.dat), 99a (.dat)
  • ICQ Lite (.fb)
  • Lotus 1-2-3 1.1+
  • Lotus Notes 4.x, 6.x, 7.0, 8.0
  • Lotus Notes Client
  • Lotus Organizer 1.0, 2.0, 3.0, 4.0, 5.0, 6.0
  • Lotus WordPro
  • macOS Keychain
  • MS Access 2.0
  • MS Access 2.0 System Database
  • MS Access 95, 97, 2000, 2002, 2003, 2007, 2010, 2013
  • MS Access 97 System Database, 2000 System Database, 2003 System Database, 2007 System Database, 2010 System Database
  • MS Backup
  • MS Excel 4.0, 5.0, 95, 97, 2000, 2002, 2003, 2007, 2010, 2013
  • MS Pocket Excel
  • MS Mail
  • Money 99 or earlier, 2000 – 2007
  • MS OneNote 2003 Section, 2007 Section, 2010 Section
  • MS Outlook 2000 Personal Storage, 2003 Personal Storage, 2007 Personal Storage, 2010 Personal Storage
  • MS Outlook 2000 Form Template, 2003 Form Template, 2007 Form Template, 2010 Form Template
  • MS PowerPoint 2002, 2003, 2007, 2010, 2013
  • MS Project 95, 98, 2000, 2002, 2003, 2007
  • MS Schedule Schedule+ 1.0, 7.x
  • MS SQL 2000, 2005, 2008
  • MS Word 1.0, 2.0, 3.0, 4.0, 5.0, 6.0, 95, 97, 2000, 2002, 2003, 2007, 2010, 2013
  • MYOB earlier than 2004, 2004-2009
  • Norton Backup
  • Paradox Database
  • Peachtree 2002 – 2006, 2007
  • PGP Desktop Zip
  • PGP Desktop Private Keyring
  • PGP Desktop Virtual Disk
  • PGP Desktop Self-Decrypting Archive
  • Quattro Pro 5 – 6, 7 – 8, 9 – 12, X3, X4
  • QuickBooks 3.x – 4.x, 5.x, 6.x – 8.x, 99, 2000-2012
  • Quicken 95/6.0, 98, 99, 2000, 2001, 2002, 2003, 2007-2012
  • RAR Archives
  • Remote Desktop Connection Document
  • Visual Basic for Applications Projects
  • WordPerfect 5.x, 6.0, 6.1, 7 – 12, X3, X4
  • Zip Archives
  • 7-Zip Archives