Security - Forensic Tools (4)

Windows File Analyzer decodes and analyzes to provide cached information for forensic analysis. Includes a tabbed interface with a multiple-document window and horizontal/vertical/cascade view settings. Analysis results can be printed in user-friendly form. The program includes a variety of analysis tools useful for seeing how much information your computer leaves behind that could represent a privacy risk or for trying to detect nefarious activity.

Features include thumbnail viewers available for Windows XP, ACDSee, Google Picasa, FastStone Viewer, and HP Digital Imaging files, displaying content with stored data and image preview. A Prefetch Analyzer looks at recent programs run and stored in the Prefetch folder while the Shortcut Analyzer for all shortcut files in specified folder and data stored in them. An Index.DAT Analyzer looks at Internet Explorer cookies, temporary files or history while a Recycle Bin decoding tool displays Info2 files that hold recycle bin content (Win2k and XP only).

A PDF-format help file is available from the author website.

JumpListsView displays the information stored by the 'Jump Lists' feature available when you right-click on something in the task bar in Windows 7 - 10. For every record found, data available includes the filename that the user opened, the date/time, the ID of the application, the size/time/attributes of the file on the time that the file was opened etc.

You can also export the Jump Lists records to csv/tab-delimited/xml/html file.

BinText is a file text scanner / extractor that helps find character strings buried in binary files. The program can extract text from any kind of file and display plain ASCII text, Unicode (double byte ANSI) text, as well as Resource strings. Additional useful information for each item is included in the "Advanced" mode. Uniquely, the program will show both the file offset and the memory offset of each string found.

Although primarily targeted for programmers, it can be used by anyone interested in ferreting out character strings buried within binary files.

Note: Although updated versions of the program exist, the 3.00 version is listed for reasons described in forums.