|
|||||
Software | Training | Services | |||
Services
About Us
Order: online
|
Designed for more speed, capacity and flexibility Maresware was originally designed (in the late 80's) to assist law enforcement personnel in the analysis and processing of computer related evidence, and for the raw processing of multi megabytes of data by both computer forensic examiners and auditors. Maresware was designed to handle extremely large amounts of data and to do so at maximum speed. Therefore, it was written in pure "C", which outperforms most other languages. Today, it can process those large amounts of giga and tera bytes of data fast and efficiently. Fortunately, or unfortunately, all of the software is command line driven. Which means it can be included in large batch files to perform repeated tasks. The unfortunate part is that it is not Windows GUI software, which means you have to refresh your typing and command prompt skills. The efficiency and speed of the software is further enhanced by the fact that each of the programs performs only one specific task. This design maximizes processing speed by reducing overhead from unnecessary programs. It also increases flexibility. Another helpful design feature is that each program's output is clear text, usually in a fixed length delimeted record which is ready for use as input to the next process. Thus you can readily build larger procedures to perform more complicated tasks. (An auditor once developed a 1000 line batch file using Maresware. Set it and forget it). The one program-one task design also makes Maresware extremely configurable to the user's needs. The philosophy is that it should be the user, not the software, that determines what, when, and how the data is processed. This gives the user ultimate control. And it also makes "outside the box" processes possible. Some examples of Maresware applications Automated file copying and deleting from multiple locations with multiple names: Another inventive person had over 8,000 files that needed to be copied from a source location to a destination while maintaining the tree structure. The problem was that these files were all in different locations, and did not have common names to allow any wildcard matches. A further complication was that after the files were copied, the originals needed to be deleted. So he chose a combination of Upcopy and Rmd programs to perform a virtual hands-free operation on the 8,000 files. Locate only specific files to copy. Use diskcat, to obtain and then provide a list of "specific" files (to upcopy), or just top level folders to forensically copy from a source to a destination. All the while calculating appropriate hash values to guarantee the copy operation. X-Ways Meta-data output. Re-process the output of the X-Ways meta-data to a form that is much more spreadsheet usable. (X-ways_meta_process.exe) (re-)Process the header data within .eml files.. Use the eml_process program to find and identify more of the eml header information than is usually identified. This output is spreadsheet usable for attorney client privilege and discoverable deliveries. The software uses are only restricted by the users' creativity. Often users find ways of using the software in processes where it was not ever designed to run. Think outside the mouse box. The best way to determine which program may be of use to you, is to check out the various help files. Remember, they may be able to perform more operations than are documented. Just think outside the box. |