Knowledgebase
We are constantly updating our YouTube Channel with How-To videos for our customers with Paraben's E3 Software.  Check them out and subscribe! https://www.youtube.com/user/ParabenForensics  [https://www.youtube.com/user/ParabenForensics]
How to Turn ON and Collect Logs within E3 * Case * Options * Check  * Enable exteded logs * Enable logging for plug-ins * Enable serial log during mobile acquisition (IF acquiring a mobile device) * REPRODUCE THE ISSUE * Archive folder...
Acquired/imported mobile data is saved as an E3 mobile data case, which is a file with the .ds extension stored in the same folder as the Electronic Evidence Examiner case to which the data was acquired or imported. The E3 mobile data case file name has t...
ABOUT JTAG MEMORY DUMP EVIDENCE JTAG memory dump is a raw image of device physical memory created with the help of the RIFF Box (RIFF JTAG) hardware. To investigate JTAG memory dump evidence, you need to have one of the following packages: * E3: U...
ABOUT PROJECT-A-PHONE DATA EVIDENCE Project-a-Phone Data evidence contains files created by Paraben's Project-a-Phone, a special tool for taking high resolution screenshots of mobile devices. Electronic Evidence Examiner allows you to add Project-a-Phon...
A Boolean search allows the user to search for complicated expressions in text following the rules of Boolean logic. Boolean searches are applied both to Advanced searches and to Keyword searches. Searching is performed by the rules of Boolean logic app...
Yes, you can monitor more than one device.  You will need to purchases additional subscriptions to monitor more than one device (i.e.2 devices = 2 subscriptions).
No. Only messages created and calls performed after the Agent/App installation will be displayed on the web-site.
For Android OS devices, only the incoming calls from contacts blacklisted with the help of the 3rd party applications are monitored.
E3 provides several engines for detect malware or suspicious files. The first one can scan any added evidence. This is malware scan from content analysis. However, it searches for malware in Windows PE files. For example it will find unsigned files or m...
NAVIGATION: Introducing E3: DS E3 Packages E3:DS Related Tools Link2 E3:Viewer Installing and Configuring E3: DS Computer System Requirements Installing Electronic Evidence Examiner Mobile Driver Pack Installation E3:DS License Activati...
NAVIGATION: Introducing E3: P2C E3:P2C Related Tools DP2C P2X Pro Installing and Configuring E3:P2C Computer System Requirements Installing Electronic Evidence Examiner E3:P2C License Activation Internet Licensing Direct Machine Licensi...
NAVIGATION: Introducing E3:UNIVERSAL E3:UNIVERSAL Related Tools DP2C P2X Pro Link2 E3:Viewer Installing and Configuring E3: UNIVERSAL Computer System Requirements Installing Electronic Evidence Examiner Mobile Driver Pack Installation ...
iOS Device Firmware Logical Support Physical Support 1.x x x 2.x x x 3.x x x 4.x x x 5.x x x 6.x x x 7.x x x 7.1 x x 7.1.1 x x 8.0.x x x 8.1.x x x 8.2.x x x 8.3 x x 8.4 ...
ANDROID DEVICE FIRMWARE LOGICAL SUPPORT PHYSICAL SUPPORT Cupcake (1.5) X X Doughnut (1.6) X X Éclair (2.0-2.1) X X Froyo (2.2-2.3) X X Gingerbread (2.3-2.3.7) X X Honeycomb (3.0-3.2.6) X - Ice Cream Sandwich (4.0-...
NAVIGATION: Introducing E3:VIEWER E3 Packages E3:VIEWER Related Tools P2X Pro Installing and Configuring E3: VIEWER Computer System Requirements Installing Electronic Evidence Examiner E3:VIEWER License Activation Direct Machine Licensing...
The following are available packages of the E3 platform. * FEATURES E3:UNIVERSAL  E3:P2C E3:DS E3:NEMX  E3:EMX E3:INTERNET/CHAT MOBILE/SMARTPHONE FORENSICS Logical imaging + - + - - - Physical imaging + - + - - ...
ABOUT E3:DS E3:DS is a package for mobile forensic analysis. While keeping all the functionality available in Paraben's DS, E3:DS offers you a lot more - new supported types of data, advanced data analysis options, and a number of other new features inte...
ABOUT ELECTRONIC EVIDENCE EXAMINER E3:UNIVERSAL Electronic Evidence Examiner (E3) is a comprehensive analysis tool combining plug-ins for computer forensic and mobile forensic analysis. You can purchase either a full version of Electronic Evidence Examin...
ABOUT ELECTRONIC EVIDENCE EXAMINER E3:P2C Electronic Evidence Examiner is a comprehensive analysis tool combining plug-ins for computer forensic and mobile forensic analysis. You can purchase either a full version of Electronic Evidence Examiner (E3:Univ...
iOS/iPhone support is coming soon. We have decided to change our methods for working with these devices to match changes that have happened to the operating system/firmware. We hope to offer a new HAWK agent for iOS in the coming months.
To change target device you need to remove Agent from the web site and from the device. After that you will be able to install and activate Agent again to a new device. To remove Agent from the web site please follow the step-by-step instruction below:: ...
HAWK is a parental control system and was not created to be a spy-ware tool.  Therefore, we do not provide any tools for hiding the app/agent.
If an Agent is installed on a device, you will see it as HAWK in the list of applications installed on a device.
You can differentiate such devices by viewing device information, such as phone number or IMEI. You can then define different names for devices on the Device Info tab of the Monitored Devices page.
There are two options to get access to cloud data: * Using user credentials if we know them. * Using authentication data file. This files is being generated for Android devices during logical acquisition and during import of encrypted iOS backup for...
It depends on the user activity. Generally, such features as GPS tracking and MMS messages (2.5 MB per message maximum) consume the most volume of traffic.
TO PREPARE AN ADVANCED ANDROID LG DEVICE FOR ACQUISITION: 1. Put the device into Firmware Update mode. 2. Make sure that the required drivers are installed (the required drivers are included in the Electronic Evidence Examiner Driver Pack). 3. Open Device...
Electronic Evidence Examiner allows you to add to a case and investigate different types of evidence from an investigated computer. The possibility to add evidences comes with the following packages: * E3: UNIVERSAL (logical/physical drivers, folder...
To create a new case: * In the Case menu, select Create New Case or select Create New Case on the Welcome screen of Electronic Evidence Examiner. (You can add an evidence before creating a new case, the New Case wizard will create the case automatical...
Electronic Evidence Examiner allows you to open cases in *.e3 format as well as cases in old *.p2c format. To open an existing case, do the following: * In the Case menu, select Open Case.Cases created or opened in Electronic Evidence Examiner of ne...
1. Install E3 DP. 2. Go to Windows Control Panel and open Device Manager. 3. In the Device Manager locate your Android device. Then right-click on it and select "Update Driver Software". 4. Select "Browse my computer for driver software" in opened win...
* You will need to first login to our registration site: http://register.paraben.com [http://register.paraben.com]. You will see the Dongle Manager option on the left hand side. * You will need to click on the link and it will bring you to the Dongle ...
Please make sure you have allowed the installation from unknown sources on your device. To allow the installation from unknown sources, do the following: * For Android OS 4.x and higher, select Settings > Security > Unknown Sources. * For Android OS...
Have you had a chance to compare data on the device and on the Hawk website? Check the following, if the data on the device and on the site is different: * The device has Internet connection; * The Agent is still on the device; * The Agent on the ...
If during the installation of an Agent you activated a device administrator, you will need to disable a device administrator. To disable a device administrator, do the following: * In the device Settings, select Security > Device administrators * In...
We do not have the ability to tell you who installed HAWK on your phone. It is designed as a parental monitoring tool. There are a few fail safes that whomever has installed it can do when you take it off so you want to make sure you do the following. Bac...
Currently, HAWK Monitoring System supports Android 7.0 devices. We have checked on our side on the device Samsung S7, S8 with Android 7.0, we do receive the data from the device (including SMS, MMS, call history and locations) on our web-site hawk-monit...
You can download the Agent to the device directly using mobile browser. This is the recommended way of Agent downloading.
An Agent sends data regardless of its state. To stop the sending of data, you need to uninstall an Agent.
To appear in the list, the device must be connected to Internet to allow an Agent to connect to the HAWK Mobile Monitor web-site. Also make sure the Agent is installed: there must be a HAWK application in the list of installed applications on the device.
The free 7 day trial period is available only to users who register to the service for the first time. If you have already registered to HAWK Mobile Monitor in the past, you will need to buy a subscription [https://www.hawk-monitoring.com/User/Billing/Bil...
The file may contain no coordinates. If the file was downloaded from the GPS History tab of the Device Monitoring page, try downloading it again and check that the GPS history data is displayed in the grid before starting the download.
We can only offer refunds if you purchased HAWK through our website: https://www.hawk-monitoring.com [https://www.hawk-monitoring.com].  If you did not purchase through our website, but through a reseller (i.e. SpyTech, etc.) you will need to contact thei...
If you want to disable uninstallation of HAWK on your Target device, you should perform the following to your Samsung device: * Go to Settings - Security - Device Administrators; * Check that HAWK has admin rights the device (the HAWK should be check...
Check if HAWK Agent has all permissions enabled on the target device. To check that please do the following: * On the Android device open the Settings menu. * Select the Applications option. * Select HAWK application. * Open the Permissions opti...
* Register an account on https://www.hawk-monitoring.com/Public/ and confirm registration by using a link which was sent to your e-mail. * Log in to the HAWK web site and go to Account/Promo Codes page. * Insert your Promo Code in the field on the P...
ABOUT NIST HASH DATABASE To expedite working with Electronic Evidence Examiner, you can use the Common Files (NIST) database: This database is created on the base of information provided on the NIST site. The Common Hash (NIST) database is an optimized v...
If you want to uninstall the HAWK agent, please follow the instructions: * Uncheck HAWK in Device Settings -> Security & Screen Lock -> Device Administrators * Go to Settings -> Apps -> HAWK and press Uninstall.
Electronic Evidence Examiner allows you to open binary files within added evidence using external viewers. You can open a binary file in an external viewer from the DATA VIEW pane or SORTED FILES VIEWER. You can also view e-mail attachments using external...
When you add any type of evidence to your workspace, evidence is not physically added to your case file; rather, a link to the physical location of your evidence is created. Therefore, you must keep the physical evidence in the same location each time you...
Electronic Evidence Examiner allows you to save a case to an archive in the ZIP format. The case is saved along with its keyword indexing database and evidences stored in the same folder. TO SAVE A CASE TO AN ARCHIVE: * Open an existing case or crea...
The HAWK Mobile Monitor Server uses the standard MMS message size limit in 2.5 MB. If an MMS message attachment is more than 2.5 MB, it will not be received by the Server.
Sometimes GPS history shows not the exact location of a device, but rather a location of a Wi-Fi spot which was used to send the monitored data. Please also check the Accuracy column in the GPS history, which indicates how accurate the recorded coordinate...
Please check that the device GPS tracking, or location services, is enabled on the monitored device.
Please check the following: * The device has no Internet connection * The Agent on the device is activated * There is no anti-virus software or firewall installed on a device * If you still do not receive any monitored data, please, contact our ...
The Agent has its own storage of monitored data. The storage size is limited to 10 MB. If there is no Internet connection on the device and the limit is exceeded, the storage data is erased and the device starts monitoring data anew.
The time displayed in the Device Date/Time column is displayed according to the current device time zone. If the time zone was changed, the time displayed in the column will change as well.
If the Deactivate button is not present on the tab, it means that the 30 days period, during which an Agent cannot be deactivated, has not passed yet. Please wait till the 30 days period comes to an end.
* You will want to update your dongle anytime a new version of the software is released. * Software locked to a dongle must be updated through dongle manager in order for the software to run as a full version. * You will need to download the softwar...
Evidence structure can be viewed in the CASE CONTENT PANE. Evidence content can be viewed in the DATA VIEW PANE. Content of email messages can be viewed in the special EMAIL DATA PANE. Content of chat databases can be viewed in the special RTF VIEWER. Con...
There are advanced, keyword search and sorted files search. Advanced search is a common search engine with powerful customization. It helps to customize a lot of options to get the most accurate results. For example user can search for HEX or text, use ...
It works for system drive or dumps with system drives. It searches for supported email databases, chat databases, registry information, browser data, recently used files and documents folder.
We parse DJI GO drones data from iOS devices, Fitbit data from Androids. We can acquire smart watches based on Samsung Tizen, Google Wear or Android. Also, we will support Alexa Cloud.
Forensic container is specially designed secure database. Data in forensic containers is encrypted and locked by password. Only E3 and Evidence Reviewed can provide access to data in the database. DP2C and FF sticks collects data to forensic containers. A...
Smartphones are the same PCs in a small body. This means that they have their own OS. Each OS has some version and build number. Each new version vendors provide some new functions, patches, API changes and so on. Therefore, we can get different errors on...
iOS is one of the most highly protected file system. Most of iOS devices file system is not available for users or through Apple API. It is a big problem for forensics as we also can’t get all data from a device. However, some users wants to have full acc...
Rooting is a process of getting root permissions for an Android device. After that we can get access to all file system data using Android SDK functions. Android must be loaded, and USB-debugging must be enabled and device unlocked. In case with bootloade...
Usually, we get data in its raw format as dumps or databases. So it is not really easy and not comfortable for users to work with such data. For example they need to know where a system stores useful data. It is a big problem to find it within all system ...
Most popular articles 
 
Newest articles