Introduction
Dark Data Detective is a Digital Forensics platform, used for collecting statistics, file metadata and files. Utilizing a number of different viewers, Digital Forensics Investigators and Electronic Discovery Reviewers are empowered to dig deeper than with any other tool. Dark Data is the data, hidden in files, that other tools miss. This is the tool, that belongs in your tool box, for pre-collection statistics to triage overwhelming collections, identifying unknown files and analyzing suspected Trojan Files.
There are three tiers of features in this product.
- Business (formerly FI TOOLS)
- Professional Investigator (formerly Data Profiler Portable)
- Advanced Researcher
Some features documented here are not available in all tiers. If you decide that you require a higher tier, your previous purchase can be applied to a higher tier purchase.
Quick Start
Purchase
There are secure online purchase links available at the bottom of the Dark Data Detective page. After purchasing, you will receive your registration key and download instructions via email, within 2 business days. Typically within a couple hours.
Download & Install
Once you have your registration key, you will want to download Dark Data Detective from our Downloads page. Select the EXE link, in order to install without the need to provide a Zip compatible extractor. We provide instructions for downloading, installing and entering your registration key on our Download Instructions page.
Start a Search
The first step is to select the drive and/or path that you want to target for your search. As illustrated below, we provide a Drives tree chart of the available drive volumes on your attached devices, on the left side panel. You can select the drive letter, in the Drives tree, then browse for a folder in the bottom of the Details tab on the right side panel. You can also select Search > Browse Path from the menu at the top. Your selected drive + path is also echoed on the top Target Path field of the Search tab. Once you are happy with your Target Path, then click the Start button on the bottom of the Details tab or the Search > Start menu option.
Data Sources
There are two sources of data provided on the left panel. The Drives tree tab, with potential sources to be searched, as well as the Searches list tab, with past and current searches to review.
Drives
The Drives tree is populated, with the drive volumes available to search in the connected devices, when you Start Dark Data Detective. The first entry is automatically selected, which then populates the details form the drive, on the Details tab to the right.
Searches
The Searches list is populated, with the previous searches, when you start Dark Data Detective. When you start a new search, it is also added to this list. The entries in this list are a collection of the drive’s serial number, some metadata and a dat
e code, so that you can retain multiple searches of the same drive volume. When you select one of the searches, the Details tab, Charts tab and Files tab are updated to show the results of the selected search. More columns of details will be added to this list, soon.
Tabs
The tabs, provided on the right panel, show the search settings and search results for files on the selected drives.
Details
The Details tab shows information about the selected drive, on the left half, and the selected search on the right. There are also some search settings shortcuts on the bottom. The Target Path entry, Browse Path and Start Search options can be quickly accessed from this one place. The Configure Search, Case Details and Actions & Triggers buttons are shortcuts to the pertaining other tabs for configuring those settings before starting a search.
Charts
The Charts tab shows the statistical analysis of the search results. This chart can be viewed in real time, in order to assess the evidence potential of the current search quickly. The chart can be configured to show Content Types, File Types, Platforms or Storage Methods in Files, Kilobytes or Records. The current chart can be saved as an image with the Search > Save Chart menu option. Supported image formats are Bitmap.BMP, Windows Enhanced Metafile.EMF, Graphic Image File Image.GIF, JPEG Image.JPG, Portable Network Graphic Image.PNG and Tag Image File Format Image.TIFF.
Files
The Files tab lists the files that have been found in the selected search. Above the list are drop down boxes for filtering the subset of files displayed. The Filter menu shows many filter fields that can be activated. After updating the filter(s) click on the Refresh button to resample the displayed list from the search files database. Select a file to display its details in the bottom Viewer panel.
Search
The Search tab configures the next search. Some of these settings can be a bit advanced, so there is a set of factory defaults provided. The Prioritized Folders list gives you the ability to choose some folders to search first, in order to get early results on the data that you care most about.
Case
The Case tab provides a place to enter and store the necessary details to maintain the Chain of Custody for a legal case. The Sync To button reads the computer’s current date and time.
Actions
The Actions tab starts out with the default settings necessary to collect statistics and file metadata. These actions are executed on every file that you set a trigger for. These triggers can be set to most of the filters that we use on the Files tab. The currently available Actions, that can be added, are Collect File (copy), Delete File and Wipe File with Zeros.
Viewers
When a file is selected, on the Files tab, the Viewers panel on the bottom are updated to view that file. As we add more features to these viewers, images and explanations will be added here. The current viewers are Metadata, Background, Hex, Text, Multimedia, Web, Visual, Objects and File Types. Notice that the Objects viewer includes a number of these same viewers to be applied to the individual objects within the file.