Forensicswiki.org has moved to this site, forensicswiki.xyz. For information, please join the Google Group forensicswiki-reborn
BitFlare is a Software-as-a-Service offering from SunBlock Systems that allows non-experts to perform computer forensics, electronic evidence discovery, and data preservation. The software loads its own operating system on to a suspect computer, essentially utilizing the suspect machine itself a forensic platform.
BitFlare allows users to view and filter visible and deleted file entries of various common metadata such as timestamps, file names, file paths, and file sizes. In addition, a user can filter files by supersets of broad file categories such as Microsoft Office, MRU file links, and Image and Video files.
Keyword searches can be run across visible and deleted files as well as across slack, unallocated, and unpartitioned space across the hard drive. Keyword searching supports full PCRE regular expressions and case sensitivity.
Relevant files and keyword fragment extraction is facilitated through Evidence Discovery Packs. Files are saved in their native format.
BitFlare supports hard drive preservation. Users can save encrypted forensic copies of the hard drive to externally connected devices. Encrypted images can be sent to SunBlock Systems for decryption, third party validation, and analysis.
The BitFlare CD is freely available from the BitFlare website. There is no upfront licensing cost for BitFlare. Hard drive preservation, file sorting, and keyword searches are undertaken without cost.
A user must purchase an Evidence Discovery Pack from the BitFlare website in order to extract files or keyword fragments. Each EDP is configured by the user, identifying data for extraction on a particular computer. The BitFlare software executes purchased EDPs, extracting and documenting relevant evidence.
While hard drive preservation is available without a fee, SunBlock Systems may charge a fee to unencrypt a forensic copy preserved by BitFlare.
Computers deemed to have no relevant information incur no cost under this model.