Knowledgebase - Powered by Kayako Help Desk Software

Knowledgebase

(34)E3 (3)Dongle Manager (12)P2C (17)DS

Knowledgebase : E3

We are constantly updating our YouTube Channel with How-To videos for our customers with Paraben's E3 Software. Check them out and subscribe! https://www.youtube.com/user/ParabenForensics [https://www.youtube.com/user/ParabenForensics]

How To Turn ON and Collect Log Files

How to Turn ON and Collect Logs within E3 * Case * Options * Check * Enable exteded logs * Enable logging for plug-ins * Enable serial log during mobile acquisition (IF acquiring a mobile device) * REPRODUCE THE ISSUE * Archive folder...

About E3 Mobile Data Case Evidence

Acquired/imported mobile data is saved as an E3 mobile data case, which is a file with the .ds extension stored in the same folder as the Electronic Evidence Examiner case to which the data was acquired or imported. The E3 mobile data case file name has t...

Adding JTAG Memory Dump Evidence

ABOUT JTAG MEMORY DUMP EVIDENCE JTAG memory dump is a raw image of device physical memory created with the help of the RIFF Box (RIFF JTAG) hardware. To investigate JTAG memory dump evidence, you need to have one of the following packages: * E3: U...

Adding Project-a-Phone Data Evidence

ABOUT PROJECT-A-PHONE DATA EVIDENCE Project-a-Phone Data evidence contains files created by Paraben's Project-a-Phone, a special tool for taking high resolution screenshots of mobile devices. Electronic Evidence Examiner allows you to add Project-a-Phon...

Boolean Search

A Boolean search allows the user to search for complicated expressions in text following the rules of Boolean logic. Boolean searches are applied both to Advanced searches and to Keyword searches. Searching is performed by the rules of Boolean logic app...

E3 DS Aurora 1.0 Getting Started

NAVIGATION: Introducing E3: DS E3 Packages E3:DS Related Tools Link2 E3:Viewer Installing and Configuring E3: DS Computer System Requirements Installing Electronic Evidence Examiner Mobile Driver Pack Installation E3:DS License Activati...

E3 P2C Aurora 1.0 Getting Started

NAVIGATION: Introducing E3: P2C E3:P2C Related Tools DP2C P2X Pro Installing and Configuring E3:P2C Computer System Requirements Installing Electronic Evidence Examiner E3:P2C License Activation Internet Licensing Direct Machine Licensi...

E3 UNIVERSAL Aurora 1.0 Getting Started

NAVIGATION: Introducing E3:UNIVERSAL E3:UNIVERSAL Related Tools DP2C P2X Pro Link2 E3:Viewer Installing and Configuring E3: UNIVERSAL Computer System Requirements Installing Electronic Evidence Examiner Mobile Driver Pack Installation ...

E3 v.1.3 Supported iOS Device Firmware

iOS Device Firmware Logical Support Physical Support 1.x x x 2.x x x 3.x x x 4.x x x 5.x x x 6.x x x 7.x x x 7.1 x x 7.1.1 x x 8.0.x x x 8.1.x x x 8.2.x x x 8.3 x x 8.4 ...

E3 v1.3 Supported Android Firmware

ANDROID DEVICE FIRMWARE LOGICAL SUPPORT PHYSICAL SUPPORT Cupcake (1.5) X X Doughnut (1.6) X X Éclair (2.0-2.1) X X Froyo (2.2-2.3) X X Gingerbread (2.3-2.3.7) X X Honeycomb (3.0-3.2.6) X - Ice Cream Sandwich (4.0-...

E3 VIEWER Aurora 1.0 Getting Started

NAVIGATION: Introducing E3:VIEWER E3 Packages E3:VIEWER Related Tools P2X Pro Installing and Configuring E3: VIEWER Computer System Requirements Installing Electronic Evidence Examiner E3:VIEWER License Activation Direct Machine Licensing...

Electronic Evidence Examiner Platform Packages

The following are available packages of the E3 platform. * FEATURES E3:UNIVERSAL E3:P2C E3:DS E3:NEMX E3:EMX E3:INTERNET/CHAT MOBILE/SMARTPHONE FORENSICS Logical imaging + - + - - - Physical imaging + - + - - ...

Guidelines for Upgrading Paraben’s DS to E3:DS

ABOUT E3:DS E3:DS is a package for mobile forensic analysis. While keeping all the functionality available in Paraben's DS, E3:DS offers you a lot more - new supported types of data, advanced data analysis options, and a number of other new features inte...

Guidelines for Upgrading Paraben’s P2C and DS to E3:Universal

ABOUT ELECTRONIC EVIDENCE EXAMINER E3:UNIVERSAL Electronic Evidence Examiner (E3) is a comprehensive analysis tool combining plug-ins for computer forensic and mobile forensic analysis. You can purchase either a full version of Electronic Evidence Examin...

Guidelines for Upgrading Paraben’s P2C to E3:P2C

ABOUT ELECTRONIC EVIDENCE EXAMINER E3:P2C Electronic Evidence Examiner is a comprehensive analysis tool combining plug-ins for computer forensic and mobile forensic analysis. You can purchase either a full version of Electronic Evidence Examiner (E3:Univ...

How does the cloud function work in the E3 Platform?

There are two options to get access to cloud data: * Using user credentials if we know them. * Using authentication data file. This files is being generated for Android devices during logical acquisition and during import of encrypted iOS backup for...

How to acquire locked LG Android Devices

TO PREPARE AN ADVANCED ANDROID LG DEVICE FOR ACQUISITION: 1. Put the device into Firmware Update mode. 2. Make sure that the required drivers are installed (the required drivers are included in the Electronic Evidence Examiner Driver Pack). 3. Open Device...

How to Add Data to Case

Electronic Evidence Examiner allows you to add to a case and investigate different types of evidence from an investigated computer. The possibility to add evidences comes with the following packages: * E3: UNIVERSAL (logical/physical drivers, folder...

How to Create New Case

To create a new case: * In the Case menu, select Create New Case or select Create New Case on the Welcome screen of Electronic Evidence Examiner. (You can add an evidence before creating a new case, the New Case wizard will create the case automatical...

How to Open Existing Case

Electronic Evidence Examiner allows you to open cases in *.e3 format as well as cases in old *.p2c format. To open an existing case, do the following: * In the Case menu, select Open Case.Cases created or opened in Electronic Evidence Examiner of ne...

How to set Google Android ADB drivers for any device

1. Install E3 DP. 2. Go to Windows Control Panel and open Device Manager. 3. In the Device Manager locate your Android device. Then right-click on it and select "Update Driver Software". 4. Select "Browse my computer for driver software" in opened win...

How to use Samsung Bootloader (physical)

IMPORTANT: With the forensic process, it is important to note that, with embedded systems such as smart devices, some data must be written to the device in order to communicate with it. Depending on the type of device, the data that is written will chan...

Installing/Updating Common Files (NIST) Database

ABOUT NIST HASH DATABASE To expedite working with Electronic Evidence Examiner, you can use the Common Files (NIST) database: This database is created on the base of information provided on the NIST site. The Common Hash (NIST) database is an optimized v...

Opening Files via External Viewers

Electronic Evidence Examiner allows you to open binary files within added evidence using external viewers. You can open a binary file in an external viewer from the DATA VIEW pane or SORTED FILES VIEWER. You can also view e-mail attachments using external...

Reassigning Evidence (Change Source)

When you add any type of evidence to your workspace, evidence is not physically added to your case file; rather, a link to the physical location of your evidence is created. Therefore, you must keep the physical evidence in the same location each time you...

Saving Case to Archive

Electronic Evidence Examiner allows you to save a case to an archive in the ZIP format. The case is saved along with its keyword indexing database and evidences stored in the same folder. TO SAVE A CASE TO AN ARCHIVE: * Open an existing case or crea...

Viewing Evidence

Evidence structure can be viewed in the CASE CONTENT PANE. Evidence content can be viewed in the DATA VIEW PANE. Content of email messages can be viewed in the special EMAIL DATA PANE. Content of chat databases can be viewed in the special RTF VIEWER. Con...

What are the types of searches available in E3?

There are advanced, keyword search and sorted files search. Advanced search is a common search engine with powerful customization. It helps to customize a lot of options to get the most accurate results. For example user can search for HEX or text, use ...

What IoT data is supported with the Paraben tools?

We parse DJI GO drones data from iOS devices, Fitbit data from Androids. We can acquire smart watches based on Samsung Tizen, Google Wear or Android. Also, we will support Alexa Cloud.

What is a forensic container and how can it be used?

Forensic container is specially designed secure database. Data in forensic containers is encrypted and locked by password. Only E3 and Evidence Reviewed can provide access to data in the database. DP2C and FF sticks collects data to forensic containers. A...

What is the difference between a logical and physical image when ...

During logical acquisition we get logical structure and its related data, in other words we copy all available files from the file system to a case. Logical acquisition has some limitations related to a device restrictions. Usually, we can’t get all files...

What is the difference between rooting and a bootloader?

Rooting is a process of getting root permissions for an Android device. After that we can get access to all file system data using Android SDK functions. Android must be loaded, and USB-debugging must be enabled and device unlocked. In case with bootloade...

When data is referred to as parsed, what does that mean? What is ...

Usually, we get data in its raw format as dumps or databases. So it is not really easy and not comfortable for users to work with such data. For example they need to know where a system stores useful data. It is a big problem to find it within all system ...

Help Desk Software by Kayako