Windows Search Index Analyzer Software
Windows Search Index Analyzer is one of the only forensic software programs that provides a user interface for finding and recording evidence from windows.edb search index files.
WSia User Interface
The user interface is a simple tabbed screen making navigation simple between the different areas of functionality. The tabs allow the viewing of tables, records and fields within the search index. The software even decodes (de-obfuscates) the data within the search index file before displaying it.
Other tabs on the software allow the user to create and work with reports, to manage search index files opened and also to view a pie chart showing how the content of the search index is made up.
For forensic investigators there are 2 tabs displaying the raw contents of the search index files before and after any necessary repair process is undertaken. The edb repairs are necessary to allow the maximum recovery of data from the search index. The software also includes a repair analysis function to help forensic investigators satisfy themselves as to the integrity of evidence.
Search Index Wordlist Find
The software is designed to make the retrieval of data from the search index simple and efficient. The software uses a multi-word find that allows users to search for target words loaded from a wordlist. When a target word is found the record tab will display the record containing the target word or term along with all other fields from that record in the search index.
Records found within the search index that are to be used as evidence can then be added to a report for later presentation to defendants, legal teams or investigators as appropriate. To ensure sensitive data is protected reports can be saved to secure password protected pdfs for distribution.
The Software
The software itself is compatible with any Windows operating system with Microsoft .NET framework 2.0 and above installed. However, it is important to check the system requirements page to ensure that you install on a system with the appropriate ESE engine for the file you need to examine.