Acquired/imported mobile data is saved as an E3 mobile data case,
which is a file with the .ds extension stored in the same folder as
the Electronic Evidence Examiner case to which the data was acquired
or imported. The E3 mobile data case file name has t...
ABOUT JTAG MEMORY DUMP EVIDENCE
JTAG memory dump is a raw image of device physical memory created with
the help of the RIFF Box (RIFF JTAG) hardware.
To investigate JTAG memory dump evidence, you need to have one of the
following packages:
* E3: U...
ABOUT PROJECT-A-PHONE DATA EVIDENCE
Project-a-Phone Data evidence contains files created by Paraben's
Project-a-Phone, a special tool for taking high resolution screenshots
of mobile devices. Electronic Evidence Examiner allows you to add
Project-a-Phon...
A Boolean search allows the user to search for complicated expressions
in text following the rules of Boolean logic. Boolean searches are
applied both to Advanced searches and to Keyword searches.
Searching is performed by the rules of Boolean logic app...
NAVIGATION:
Introducing E3: DS
E3 Packages
E3:DS Related Tools
Link2
E3:Viewer
Installing and Configuring E3: DS
Computer System Requirements
Installing Electronic Evidence Examiner
Mobile Driver Pack Installation
E3:DS License Activati...
NAVIGATION:
Introducing E3: P2C
E3:P2C Related Tools
DP2C
P2X Pro
Installing and Configuring E3:P2C
Computer System Requirements
Installing Electronic Evidence Examiner
E3:P2C License Activation
Internet Licensing
Direct Machine Licensi...
NAVIGATION:
Introducing E3:UNIVERSAL
E3:UNIVERSAL Related Tools
DP2C
P2X Pro
Link2
E3:Viewer
Installing and Configuring E3: UNIVERSAL
Computer System Requirements
Installing Electronic Evidence Examiner
Mobile Driver Pack Installation
...
NAVIGATION:
Introducing E3:VIEWER
E3 Packages
E3:VIEWER Related Tools
P2X Pro
Installing and Configuring E3: VIEWER
Computer System Requirements
Installing Electronic Evidence Examiner
E3:VIEWER License Activation
Direct Machine Licensing...
The following are available packages of the E3 platform. *
FEATURES
E3:UNIVERSAL
E3:P2C
E3:DS
E3:NEMX
E3:EMX
E3:INTERNET/CHAT
MOBILE/SMARTPHONE FORENSICS
Logical imaging
+
-
+
-
-
-
Physical imaging
+
-
+
-
-
...
ABOUT E3:DS
E3:DS is a package for mobile forensic analysis. While keeping all the
functionality available in Paraben's DS, E3:DS offers you a lot more -
new supported types of data, advanced data analysis options, and a
number of other new features inte...
ABOUT ELECTRONIC EVIDENCE EXAMINER E3:UNIVERSAL
Electronic Evidence Examiner (E3) is a comprehensive analysis tool
combining plug-ins for computer forensic and mobile forensic analysis.
You can purchase either a full version of Electronic Evidence Examin...
ABOUT ELECTRONIC EVIDENCE EXAMINER E3:P2C
Electronic Evidence Examiner is a comprehensive analysis tool
combining plug-ins for computer forensic and mobile forensic analysis.
You can purchase either a full version of Electronic Evidence Examiner
(E3:Univ...
TO PREPARE AN ADVANCED ANDROID LG DEVICE FOR ACQUISITION:
1. Put the device into Firmware Update mode.
2. Make sure that the required drivers are installed (the required
drivers are included in the Electronic Evidence Examiner Driver Pack).
3. Open Device...
Electronic Evidence Examiner allows you to add to a case and
investigate different types of evidence from an investigated computer.
The possibility to add evidences comes with the following packages:
* E3: UNIVERSAL (logical/physical drivers, folder...
To create a new case:
* In the Case menu, select Create New Case or select Create New Case
on the Welcome screen of Electronic Evidence Examiner. (You can add an
evidence before creating a new case, the New Case wizard will create
the case automatical...
Electronic Evidence Examiner allows you to open cases in *.e3 format
as well as cases in old *.p2c format.
To open an existing case, do the following:
* In the Case menu, select Open Case.Cases created or opened in
Electronic Evidence Examiner of ne...
1. Install E3 DP.
2. Go to Windows Control Panel and open Device Manager.
3. In the Device Manager locate your Android device. Then right-click
on it and select "Update Driver Software".
4. Select "Browse my computer for driver software" in opened wind...
IMPORTANT:
With the forensic process, it is important to note that, with embedded
systems such as smart devices, some data must be written to the device
in order to communicate with it. Depending on the type of device, the
data that is written will chan...
ABOUT NIST HASH DATABASE
To expedite working with Electronic Evidence Examiner, you can use the
Common Files (NIST) database: This database is created on the base of
information provided on the NIST site. The Common Hash (NIST) database
is an optimized v...
Electronic Evidence Examiner allows you to open binary files within
added evidence using external viewers. You can open a binary file in
an external viewer from the DATA VIEW pane or SORTED FILES VIEWER. You
can also view e-mail attachments using external...
When you add any type of evidence to your workspace, evidence is not
physically added to your case file; rather, a link to the physical
location of your evidence is created.
Therefore, you must keep the physical evidence in the same location
each time you...
Electronic Evidence Examiner allows you to save a case to an archive
in the ZIP format. The case is saved along with its keyword indexing
database and evidences stored in the same folder.
TO SAVE A CASE TO AN ARCHIVE:
* Open an existing case or crea...
Evidence structure can be viewed in the CASE CONTENT PANE.
Evidence content can be viewed in the DATA VIEW PANE.
Content of email messages can be viewed in the special EMAIL DATA
PANE.
Content of chat databases can be viewed in the special RTF VIEWER.
Con...
