About FEX CLI™
The Forensic Explorer Command Line (FEX CLI) is a forensic data processing engine used for computer forensics and electronic discovery. The FEX CLI can be run on a single workstation to an enterprise level virtual environment spawning multiple simultaneous processing instances. FEX CLI offers:
FEX CLI can automate all standard forensic processing tasks, including: signature analysis, hash verification, hash match, file carve, registry triage, metadata extraction etc.
It utilizes XML task files to customize processing. It interfaces directly with a programming language for ultimate flexibility. Data can be exported from all common forensic file formats directly to disk or to be ingested by third party e-discovery platforms. It can also export data directly into a L01 image file.
The FEX CLI can be launched from a stand-alone folder and from portable storage devices. It can be used for such purposes as forensic triage.
Contact us for more information or a demonstration for your organization.
|CLI processing speed if significantly faster that processing in GUI applications.
|Multiple Concurrent Instances:
|Initiate multiple simultaneous processing instances (requires multiple licenses).
|Case File Output:
|Creates a Forensic Explorer case file that can be opened directly with the Forensic Explorer GUI.
|The FEX CLI can be launched from a stand-alone folder and from portable storage devices.
|Batch sequence processing jobs. Compatible with both CMD and PowerShell.
|Front End Independent:
|Front end applications (Python, HTML5, etc.) can interface directly with CLI commands.
|Inbuilt Forensic Processing Tasks:
|Inbuilt functions include:
|Can be configured to process remote devices running the FEX servlet.
FEX CLI is a 64 bit application.
Minimum recommended system requirements are:
- Windows 10
- i7 or above
- 16 GB RAM
Supported File Systems
Forensic Explorer supports analysis of:
- Windows FAT12/16/32, exFAT, NTFS,
- Macintosh HFS, HFS+, APFS
- EXT 2/3/4
Unlocks the following (password or recovery key required):
- Bitlocker (Microsoft Windows)
- FileVault 2 (MAC)
Supported Bit-Image Formats
FEX-Triage supports common image and forensic image formats including:
- AD1, AFF, DD, DMG, BIN, RAW, E01, Ex01, L01, Lx01, VMD, VHD, VHDX.
Supported Email Formats
Supports analysis of PST, OST, EDB and MBOX mail formats.
Email messages are exported in .msg format.
FEX Triage scripts are written in Delphi Pascal.
Processing profiles are created in .TXML (XML) format. Profiles use TCommandTasks to initiate processing, which includes the ability to call and run scripts and filters. Common TCommandTasks are:
|Cache graphics in case.
|Cache video in case.
|Sets the data store (e.g. Email).
|Expands compound files.
|Exports a list of files as CSV.
|Exports files to disk.
|Exports files to L01.
|Runs a filter script.
|Performs a hash match.
|Runs command tasks in parallel.
|Creates a report in PDF, RTF, HTML.
|Runs a script.
|Locates a file system (e.g. NTFS).
|Locates a Master Boot Record.
|Carve for files.
Case Use Examples
A law enforcement agency has a backlog of 100 forensic image files on their server.
- 6 FEX CLI licenses is configured to sequentially process job folders on the server. A search profile is selected for each type of job (e.g. drugs, fraud, child protection, etc.), triggered by folder name.
- Processing tasks include registry triage, keyword search, carving, artifact analysis, galley cache, video keyframe extraction, hash match etc. Files of interest are bookmarked. Reports are created and exported to disk. Key files are written and exported to L01.
- If average case processing time is 2 hours, the total processing time for all cases is less than 48 hours.
- Each case officer receives a folder of reports and files to review.
- Cases needing more detailed forensic examination are quickly identified. The pre-processed CLI case is available as the starting point for the forensic examiner.
A company is subpoenaed for all email correspondence between two parties. Email exists in PST, OST, EDB, Mbox format.
- FEX CLI searches the network store to collect email files for processing.
- Email files are examined and messages from the the two parties are collected.
- Messages are exported directly to .L01 format.
Purchase & Licensing FAQs
A FEX CLI license is a fixed term license and will expire at the term date (typically 1 year).
A FEX CLI license can be renewed at a maintenance rate. A grace period of 6 months will apply to an expired license, after which time the maintenance rate will no longer apply.
Wibu CodeMeter Activation Dongle (Wibu Dongle)
The software is activated by a license on a Wibu Dongle. A Wibu Dongle can hold one or more licenses. It can be:
- Connected locally (i.e. plugged into the computer in use); or
- Connected to a remote computer and accessed over a network.
Wibu Dongle licenses are managed using the GetData License Manager software (download here). The License Manger is used to:
- View license information.
- Add a license to a Wibu Dongle.
- Rename a dongle.
- Apply firmware updates.
A lite version of Wibu CodeMeter software is installed with GetData products. A full version of CodeMeter User Runtime for Windows is available from the Wibu website. It can be used to:
- Configure a computer and dongle to be used as a license server;
- Configure a computer to be used as a network client;
- Rename a dongle, apply firmware updates, and other maintenance functions.
Learn more about license management here.
Wibu Dongles are shipped worldwide by FEDEX. Web tracking information is provided for each shipment. Courier delivery costs are included in the checkout process.