Arsenal Recon Launches New Digital Forensics Tools
New Tools Recover More Information From Electronic Evidence Than Previously Possible
By: Arsenal Recon
BOSTON - Aug. 9, 2018 - PRLog -- Arsenal Recon, digital forensics experts building powerful tools to improve the analysis of electronic evidence, launched two new tools today. The new tools, HiveRecon and HbinRecon, allow digital forensics practitioners to recover more Microsoft Windows Registry data from hibernation and crash dump files than previously possible.
What is HiveRecon?
HiveRecon extracts Registry hives from hibernation and crash dump files, often extracting hives when other solutions have completely failed and extracting healthier (more intact) hives when other solutions have appeared to run successfully.
What is HbinRecon?
HbinRecon extracts Registry hive bins (hbins) from any input and decodes the data they contain. Hive bins are essentially the building blocks of Registry hives. HbinRecon is a surgical tool which is extremely useful in both testing and verification related to Registry data as well as uncovering valuable data not accessible using other methods.
Why did Arsenal build these new tools?
According to Arsenal President Mark Spencer, "We are a first and foremost a consulting company, answering crucial questions with authority by aggressively analyzing electronic evidence. We only engage in software development when we determine that existing tools and techniques are failing to expose valuable information in our cases. We built HiveRecon because we realized existing solutions were failing to extract vast volumes of Windows Registry data from hibernation and crash dump files. The status quo was not acceptable, particularly in high-profile and high-stakes cases. We hope our customers are excited by the new functionality we are providing and take a new look at some of their cold cases."
Why should digital forensics practitioners use HiveRecon and HbinRecon?
Digital forensics practitioners interested in the maximum exploitation of electronic evidence will be particularly interested in HiveRecon, as it has been designed to recover vast volumes of Registry data that has not been possible previously. In some cases a single Registry key will help answer crucial questions, so the ability to recover what could be thousands (or more) of unique Registry keys from hibernation and crash dump files may be shocking, but welcome, news to digital forensics practitioners.
Where can you get HiveRecon and HbinRecon?
Arsenal is in the process of making both tools available to established customers with active software subscriptions. HiveRecon and HbinRecon will be available soon to new customers as well.
Where can digital forensics practitioners learn more about HiveRecon and HbinRecon?
In addition to visiting the Arsenal Recon website to learn more about these new tools, Arsenal's Mark Spencer will be discussing relevant research and development during his presentation "Advancements in Windows Hibernation Forensics" at the High Technology Crime Investigation Association's (HTCIA) International Conference & Training Expo in Washington, DC August 19-22 and the Federal Law Enforcement Training Centers Cybercrime and Technical Investigations Conference in Glynco, Georgia September 5-7.
About Arsenal Recon
Our team is led by Mark Spencer, whose philosophy is "Don't settle for the easy way, strive for the right way." We are passionate about computer forensics and dedicated to the preservation and analysis of electronic evidence using the most powerful technologies available. In our quest to dig deeper, we grew tired of waiting for solutions to meet our needs - so we began building our own.