CyberCheck Suite - Disk Forensics Tool

Brief Description

CyberCheck Suite is a comprehensive collection of disk forensics tools to perform data acquisition of digital evidence, analysis, data recovery and reporting.














CyberCheck Suite Products

i. TrueBack Digital Evidence Seizure and Acquisition Tool
Perform Seize, Acquire or seize and acquire in compliance with NIST standards. TrueBack is available for both windows and Linux operating systems.
The tool creates a report on the seizure and acquisition processes which contains details of the entire processes like hash values, exhibit details and the system details as well.

ii. CyberCheck Data Recovery & Analysis Tool
CyberCheck is a forensic data recovery and analysis tool to enable law enforcement officers to quickly and efficiently analyze digital evidence files. The tool has a very simple to use GUI which can be used by a novice user


  • Data Analysis:

  • CyberCheck can analyze TrueBack Image, Encase Image and raw disk dumps. The tool can generate a detailed report on the analysis findings which is very handy for the investigating officers to submit it before the court of law. The tool can extract unallocated and disk slack areas, perform data carving on the entire image of slack areas and provides options to do analysis based on file hashes and file's signature.

  • File System Support:
    File Systems supported by CyberCheck includes FAT12/16/32,exFAT, NTFS, Linux EXT2/3/4 FS, UFS, CDFS, Sun Solaris, Reiser FS, Unix(Free BSD) and MAC. It also supports dynamic disks and Linux RAID disks.

  • Data Recovery:
    CyberCheck can recover deleted files/folders, deleted partitions and formatted data on a partition. All of these information can be added to the report to record the findings.

  • Powerful Search Facility:
    CyberCheck provides a plethora of search options for the investigating officer to ensure that he never misses any data. It has Multiple keyword search, GREP search, file search based on hash values, Unicode search to find the data in any language and Index-based search to quickly search through the huge data space.

iii. F-DAC-Forensic Data Carving Tool
A Forensic data carving tool carves different files with optimized search engine for identifying files based on headers and footers. The tool can generate report on the carved files which is very handy while producing the evidence before the court of law.

iv. F-Ran- Forensic Registry Analysis Tool
The Forensic registry analysis tool automatically extracts crucial information from the live registry or the raw registry files found in digital evidence image files and displays it in user understandable format. It performs time conversion and translation of binary and other non-ASCII data. The tool can generate a report on extracted information along with hash values which can be printed directly from the tool.

v. F-TEx-Forensic Thumbs.db Extractor
A forensic tool to extract thumbnails images from thumbs.db of Windows 98/2000 or Windows XP operating systems. It can automatically decode the thumbnail images, enhances it & displays in a user-friendly manner

Main uses and domain

A comprehensive collection of disk forensics tools to perform data acquisition of digital evidence, analysis, data recovery and reporting

Features and Technical Specifications

i.        TrueBack Digital Evidence Seizure and Acquisition Tool

  • MD5, SHA1, SHA2 hash algorithms

  • Block hash

  • Lossless Compression of acquired image file

  • Generate detailed report of Suspect device Seizure and acquisition

  • Bootable solution in Linux on USB & CD with Disk Preview

ii.      CyberCheck Data Recovery & Analysis Tool

  • Preview support for disks and partitions

  • File Data carving from ambient space Picture, Gallery, Timeline and Text/Hex views

  • Integrated Mailbox, Internet History and Registry viewers

  • Scripting support for automated analysis

  • Anti-forensics tools and activities detections

  • Supports Analysis of Virtual Disk Images

  • VMDK and VHD Report generation.

  • Steganography file detection and extraction of hidden message

  • Unicode & Indian Language support

  • Hibernate File Analysis

  • Bit locked drive decryption

iii.    F-DAC-Forensic Data Carving Tool

  • Support for TrueBack image, Encase image and Raw DD images

  • Carve out Thumbnails from thumb cache Header/Maximum file size carving Header Embedded length carving

  • Support for JPEG, GIF, BMP, PNG, PSD, PDF, ZIP, HTML, MS Office files, Video Files (AVI,DAT,MP4,MOV, WMV & 3GP) Support for any type of files by adding header and footer

iv.     F-Ran- Forensic Registry Analysis Tool

  • Displays Most Recent Used files

  • Displays Recently accessed applications

  • List out installed Software & System's Information

  • Details of forensic values like shutdown time, auto-complete passwords & removable devices Hashing registry files

v.       F-TEx-Forensic Thumbs.db Extractor

  •     Preview thumbnail images of Thumbs.db file Extracts details such as file path, size, date of last        modification of images from thumbs.db Multiple Thumbs.db files can be loaded data acquisition of digital evidence, analysis, data recovery and reporting

Platform required(if any)

Workstation with Windows OS 7/8/10

  Download Brochure

Contact Details for Techno Commercial Information

Smt. Ananthalakshmi Ammal R

Group Head, Cyber Security Group,

CDAC Thiruvananthapuram